- Linux-stable-mirror - lists.linaro.org

[PATCH v2] usb: dwc3: Wait unconditionally after issuing EndXfer command

by Prashanth K

Currently all controller IP/revisions except DWC3_usb3 >= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controller revisions >= 3.10a supports GUCTL2[14: Rst_actbitlater] bit which allows polling CMDACT bit to know whether ENDXFER command is completed. Consider a case where an IN request was queued, and parallelly soft_disconnect was called (due to ffs_epfile_release). This eventually calls stop_active_transfer with IOC cleared, hence send_gadget_ep_cmd() skips waiting for CMDACT cleared during EndXfer. For DWC3 controllers with revisions >= 310a, we don't forcefully wait for 1ms either, and we proceed by unmapping the requests. If ENDXFER didn't complete by this time, it leads to SMMU faults since the controller would still be accessing those requests. Fix this by ensuring ENDXFER completion by adding 1ms delay in __dwc3_stop_active_transfer() unconditionally. Cc: <stable(a)vger.kernel.org> Fixes: b353eb6dc285 ("usb: dwc3: gadget: Skip waiting for CMDACT cleared during endxfer") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- Changes in v2: Changed the patch logic from CMDACT polling to 1ms mdelay. Updated subject and commit accordingly. Link to v1: https://lore.kernel.org/all/20240422090539.3986723-1-quic_prashk@quicinc.co… drivers/usb/dwc3/gadget.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 4df2661f6675..666eae94524f 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -1724,8 +1724,7 @@ static int __dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force, bool int dep->resource_index = 0; if (!interrupt) { - if (!DWC3_IP_IS(DWC3) || DWC3_VER_IS_PRIOR(DWC3, 310A)) - mdelay(1); + mdelay(1); dep->flags &= ~DWC3_EP_TRANSFER_STARTED; } else if (!ret) { dep->flags |= DWC3_EP_END_TRANSFER_PENDING; -- 2.25.1

1 year, 4 months

3
3
0 0

[PATCH v3 1/2] cxl/core: correct length of DPA field masks

by Shiyang Ruan

The length of Physical Address in General Media Event Record/DRAM Event Record is 64-bit, so the field mask should be defined as such length. Otherwise, this causes cxl_general_media and cxl_dram tracepoints to mask off the upper-32-bits of DPA addresses. The cxl_poison event is unaffected. If userspace was doing its own DPA-to-HPA translation this could lead to incorrect page retirement decisions, but there is no known consumer (like rasdaemon) of this event today. Fixes: d54a531a430b ("cxl/mem: Trace General Media Event Record") Cc: <stable(a)vger.kernel.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Shiyang Ruan <ruansy.fnst(a)fujitsu.com> --- drivers/cxl/core/trace.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cxl/core/trace.h b/drivers/cxl/core/trace.h index e5f13260fc52..cdfce932d5b1 100644 --- a/drivers/cxl/core/trace.h +++ b/drivers/cxl/core/trace.h @@ -253,7 +253,7 @@ TRACE_EVENT(cxl_generic_event, * DRAM Event Record * CXL rev 3.0 section 8.2.9.2.1.2; Table 8-44 */ -#define CXL_DPA_FLAGS_MASK 0x3F +#define CXL_DPA_FLAGS_MASK 0x3FULL #define CXL_DPA_MASK (~CXL_DPA_FLAGS_MASK) #define CXL_DPA_VOLATILE BIT(0) -- 2.34.1

1 year, 4 months

4
7
0 0

FAILED: patch "[PATCH] ACPI: CPPC: Fix access width used for PCC registers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f489c948028b69cea235d9c0de1cc10eeb26a172 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042905-puppy-heritage-e422@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f489c948028b ("ACPI: CPPC: Fix access width used for PCC registers") 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") 0651ab90e4ad ("ACPI: CPPC: Check _OSC for flexible address space") c42fa24b4475 ("ACPI: bus: Avoid using CPPC if not supported by firmware") 2ca8e6285250 ("Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query flag"") f684b1075128 ("ACPI: CPPC: Drop redundant local variable from cpc_read()") 5f51c7ce1dc3 ("ACPI: CPPC: Fix up I/O port access in cpc_read()") a2c8f92bea5f ("ACPI: CPPC: Implement support for SystemIO registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f489c948028b69cea235d9c0de1cc10eeb26a172 Mon Sep 17 00:00:00 2001 From: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Date: Thu, 11 Apr 2024 16:18:44 -0700 Subject: [PATCH] ACPI: CPPC: Fix access width used for PCC registers commit 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") modified cpc_read()/cpc_write() to use access_width to read CPC registers. However, for PCC registers the access width field in the ACPI register macro specifies the PCC subspace ID. For non-zero PCC subspace ID it is incorrectly treated as access width. This causes errors when reading from PCC registers in the CPPC driver. For PCC registers, base the size of read/write on the bit width field. The debug message in cpc_read()/cpc_write() is updated to print relevant information for the address space type used to read the register. Fixes: 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") Signed-off-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Tested-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 00a30ca35e78..a40b6f3946ef 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -1002,14 +1002,14 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) } *val = 0; + size = GET_BIT_WIDTH(reg); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; status = acpi_os_read_port((acpi_io_address)reg->address, - &val_u32, width); + &val_u32, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to read SystemIO port %llx\n", reg->address); @@ -1018,17 +1018,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = val_u32; return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_read_ffh(cpu, reg, val); else return acpi_os_read_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); switch (size) { case 8: @@ -1044,8 +1049,13 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = readq_relaxed(vaddr); break; default: - pr_debug("Error: Cannot read %u bit width from PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot read %u bit width from system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot read %u bit width from PCC for ss: %d\n", + size, pcc_ss_id); + } return -EFAULT; } @@ -1063,12 +1073,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; + size = GET_BIT_WIDTH(reg); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, - (u32)val, width); + (u32)val, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to write SystemIO port %llx\n", reg->address); @@ -1076,17 +1087,22 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) } return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_write_ffh(cpu, reg, val); else return acpi_os_write_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) val = MASK_VAL(reg, val); @@ -1105,8 +1121,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) writeq_relaxed(val, vaddr); break; default: - pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot write %u bit width to system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", + size, pcc_ss_id); + } ret_val = -EFAULT; break; }

1 year, 4 months

3
7
0 0

[PATCH v2 2/3] Bluetooth: qca: fix NVM configuration parsing

by Johan Hovold

The NVM configuration files used by WCN3988 and WCN3990/1/8 have two sets of configuration tags that are enclosed by a type-length header of type four which the current parser fails to account for. Instead the driver happily parses random data as if it were valid tags, something which can lead to the configuration data being corrupted if it ever encounters the words 0x0011 or 0x001b. As is clear from commit b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") the intention has always been to process the configuration data also for WCN3991 and WCN3998 which encodes the baud rate at a different offset. Fix the parser so that it can handle the WCN3xxx configuration files, which has an enclosing type-length header of type four and two sets of TLV tags enclosed by a type-length header of type two and three, respectively. Note that only the first set, which contains the tags the driver is currently looking for, will be parsed for now. With the parser fixed, the software in-band sleep bit will now be set for WCN3991 and WCN3998 (as it is for later controllers) and the default baud rate 3200000 may be updated by the driver also for WCN3xxx controllers. Notably the deep-sleep feature bit is already set by default in all configuration files in linux-firmware. Fixes: 4219d4686875 ("Bluetooth: btqca: Add wcn3990 firmware download support.") Cc: stable(a)vger.kernel.org # 4.19 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 6743b0a79d7a..f6c9f89a6311 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -281,6 +281,7 @@ static int qca_tlv_check_data(struct hci_dev *hdev, struct tlv_type_patch *tlv_patch; struct tlv_type_nvm *tlv_nvm; uint8_t nvm_baud_rate = config->user_baud_rate; + u8 type; config->dnld_mode = QCA_SKIP_EVT_NONE; config->dnld_type = QCA_SKIP_EVT_NONE; @@ -346,11 +347,30 @@ static int qca_tlv_check_data(struct hci_dev *hdev, tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); - length = (type_len >> 8) & 0x00ffffff; + length = type_len >> 8; + type = type_len & 0xff; - BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); + /* Some NVM files have more than one set of tags, only parse + * the first set when it has type 2 for now. When there is + * more than one set there is an enclosing header of type 4. + */ + if (type == 4) { + if (fw_size < 2 * sizeof(struct tlv_type_hdr)) + return -EINVAL; + + tlv++; + + type_len = le32_to_cpu(tlv->type_len); + length = type_len >> 8; + type = type_len & 0xff; + } + + BT_DBG("TLV Type\t\t : 0x%x", type); BT_DBG("Length\t\t : %d bytes", length); + if (type != 2) + break; + if (fw_size < length + (tlv->data - fw_data)) return -EINVAL; -- 2.43.2

1 year, 4 months

1
0
0 0

Re: Patch "arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block" has been added to the 4.19-stable tree

by Matthias Brugger

On 4/28/24 13:24, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block > > to the 4.19-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > arm64-dts-mediatek-mt7622-drop-reset-names-from-ther.patch > and it can be found in the queue-4.19 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 9628765c4a0eefa9474ef4a0698691a10395a469 > Author: Rafał Miłecki <rafal(a)milecki.pl> > Date: Sun Mar 17 23:10:50 2024 +0100 > > arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block > > [ Upstream commit ecb5b0034f5bcc35003b4b965cf50c6e98316e79 ] > > Binding doesn't specify "reset-names" property and Linux driver also > doesn't use it. > I think that's an open discussion item if fixes to DTS checks are valid stable backports. From my point of view there is no bug so it shouldn't be in stable. Regards, Matthias > Fix following validation error: > arch/arm64/boot/dts/mediatek/mt7622-rfb1.dtb: thermal@1100b000: Unevaluated properties are not allowed ('reset-names' was unexpected) > from schema $id: http://devicetree.org/schemas/thermal/mediatek,thermal.yaml# > > Fixes: ae457b7679c4 ("arm64: dts: mt7622: add SoC and peripheral related device nodes") > Signed-off-by: Rafał Miłecki <rafal(a)milecki.pl> > Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> > Link: https://lore.kernel.org/r/20240317221050.18595-5-zajec5@gmail.com > Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/arch/arm64/boot/dts/mediatek/mt7622.dtsi b/arch/arm64/boot/dts/mediatek/mt7622.dtsi > index 76297dac2d459..f8df34ac1e64d 100644 > --- a/arch/arm64/boot/dts/mediatek/mt7622.dtsi > +++ b/arch/arm64/boot/dts/mediatek/mt7622.dtsi > @@ -459,7 +459,6 @@ thermal: thermal@1100b000 { > <&pericfg CLK_PERI_AUXADC_PD>; > clock-names = "therm", "auxadc"; > resets = <&pericfg MT7622_PERI_THERM_SW_RST>; > - reset-names = "therm"; > mediatek,auxadc = <&auxadc>; > mediatek,apmixedsys = <&apmixedsys>; > nvmem-cells = <&thermal_calibration>;

1 year, 4 months

2
1
0 0

Re: Patch "arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"" has been added to the 4.19-stable tree

by Matthias Brugger

On 4/28/24 13:24, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" > > to the 4.19-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > arm64-dts-mediatek-mt7622-fix-ethernet-controller-co.patch > and it can be found in the queue-4.19 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit b6f34784d92ba280c8a4f42e22fee3c41cd09c3f > Author: Rafał Miłecki <rafal(a)milecki.pl> > Date: Sun Mar 17 23:10:49 2024 +0100 > > arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" > > [ Upstream commit 208add29ce5b7291f6c466e4dfd9cbf61c72888e ] > > Fix following validation error: > arch/arm64/boot/dts/mediatek/mt7622-rfb1.dtb: ethernet@1b100000: compatible: ['mediatek,mt7622-eth', 'mediatek,mt2701-eth', 'syscon'] is too long > from schema $id: http://devicetree.org/schemas/net/mediatek,net.yaml# > (and other complains about wrong clocks). > DTS validation fix, not a real bug. From my point of view it shouldn't be in stable. I won't go on in the list, I would like to hear from others how serious they see it. With my distro hat on, this kind of stable fixes are not helpfull to make a code base stable (as there is no stability issue). Matthias > Fixes: 5f599b3a0bb8 ("arm64: dts: mt7622: add ethernet device nodes") > Signed-off-by: Rafał Miłecki <rafal(a)milecki.pl> > Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> > Link: https://lore.kernel.org/r/20240317221050.18595-4-zajec5@gmail.com > Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/arch/arm64/boot/dts/mediatek/mt7622.dtsi b/arch/arm64/boot/dts/mediatek/mt7622.dtsi > index 5c12e9dad9167..76297dac2d459 100644 > --- a/arch/arm64/boot/dts/mediatek/mt7622.dtsi > +++ b/arch/arm64/boot/dts/mediatek/mt7622.dtsi > @@ -846,9 +846,7 @@ hsdma: dma-controller@1b007000 { > }; > > eth: ethernet@1b100000 { > - compatible = "mediatek,mt7622-eth", > - "mediatek,mt2701-eth", > - "syscon"; > + compatible = "mediatek,mt7622-eth"; > reg = <0 0x1b100000 0 0x20000>; > interrupts = <GIC_SPI 223 IRQ_TYPE_LEVEL_LOW>, > <GIC_SPI 224 IRQ_TYPE_LEVEL_LOW>,

1 year, 4 months

1
0
0 0

[STABLE 6.6.y] ovl: fix memory leak in ovl_parse_param()

by Jingbo Xu

From: Amir Goldstein <amir73il(a)gmail.com> commit 37f32f52643869131ec01bb69bdf9f404f6109fb upstream. On failure to parse parameters in ovl_parse_param_lowerdir(), it is necessary to update ctx->nr with the correct nr before using ovl_reset_lowerdirs() to release l->name. Reported-and-tested-by: syzbot+26eedf3631650972f17c(a)syzkaller.appspotmail.com Fixes: c835110b588a ("ovl: remove unused code in lowerdir param parsing") Co-authored-by: Edward Adam Davis <eadavis(a)qq.com> Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> Signed-off-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> --- Commit c835110b588a ("ovl: remove unused code in lowerdir param parsing") was back ported to 6.6.y as a "Stable-dep-of" of commit 2824083db76c ("ovl: Always reject mounting over case-insensitive directories"), while omitting the fix for commit c835110b588a itself. Maybe that is because by the time commit 37f32f526438 (the fix) is merged into master branch, commit c835110b588a has not been back ported to 6.6.y yet. This causes ltp test warning on vfat (EBUSY when umounting) [1]: tst_test.c:1701: TINFO: === Testing on vfat === tst_test.c:1117: TINFO: Formatting /dev/loop0 with vfat opts='' extra opts='' tst_test.c:1131: TINFO: Mounting /dev/loop0 to /tmp/ltp-XeGbUgDq5N/LTP_fankzf5WQ/mntpoint fstyp=vfat flags=0 fanotify13.c:152: TINFO: Test #0.1: FAN_REPORT_FID with mark flag: FAN_MARK_INODE fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #1.1: FAN_REPORT_FID with mark flag: FAN_MARK_INODE fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #2.1: FAN_REPORT_FID with mark flag: FAN_MARK_MOUNT fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #3.1: FAN_REPORT_FID with mark flag: FAN_MARK_MOUNT fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #4.1: FAN_REPORT_FID with mark flag: FAN_MARK_FILESYSTEM fanotify13.c:157: TCONF: overlayfs not supported on vfat fanotify13.c:152: TINFO: Test #5.1: FAN_REPORT_FID with mark flag: FAN_MARK_FILESYSTEM fanotify13.c:157: TCONF: overlayfs not supported on vfat tst_device.c:408: TINFO: umount('mntpoint') failed with EBUSY, try 1... tst_device.c:412: TINFO: Likely gvfsd-trash is probing newly mounted fs, kill it to speed up tests. tst_device.c:408: TINFO: umount('mntpoint') failed with EBUSY, try 2... tst_device.c:408: TINFO: umount('mntpoint') failed with EBUSY, try 3... tst_device.c:408: TINFO: umount('mntpoint') failed with EBUSY, try 4... Reproduce: /opt/ltp/runltp -f syscalls -s fanotify13 The original fix is applied to 6.6.y without conflict. [1] https://lists.linux.it/pipermail/ltp/2023-November/036189.html --- fs/overlayfs/params.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c index ad3593a41fb5..488f920f79d2 100644 --- a/fs/overlayfs/params.c +++ b/fs/overlayfs/params.c @@ -438,7 +438,7 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) struct ovl_fs_context *ctx = fc->fs_private; struct ovl_fs_context_layer *l; char *dup = NULL, *iter; - ssize_t nr_lower = 0, nr = 0, nr_data = 0; + ssize_t nr_lower, nr; bool data_layer = false; /* @@ -490,6 +490,7 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) iter = dup; l = ctx->lower; for (nr = 0; nr < nr_lower; nr++, l++) { + ctx->nr++; memset(l, 0, sizeof(*l)); err = ovl_mount_dir(iter, &l->path); @@ -506,10 +507,10 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) goto out_put; if (data_layer) - nr_data++; + ctx->nr_data++; /* Calling strchr() again would overrun. */ - if ((nr + 1) == nr_lower) + if (ctx->nr == nr_lower) break; err = -EINVAL; @@ -519,7 +520,7 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) * This is a regular layer so we require that * there are no data layers. */ - if ((ctx->nr_data + nr_data) > 0) { + if (ctx->nr_data > 0) { pr_err("regular lower layers cannot follow data lower layers"); goto out_put; } @@ -532,8 +533,6 @@ static int ovl_parse_param_lowerdir(const char *name, struct fs_context *fc) data_layer = true; iter++; } - ctx->nr = nr_lower; - ctx->nr_data += nr_data; kfree(dup); return 0; -- 2.19.1.6.gb485710b

1 year, 4 months

3
2
0 0

[PATCH 08/17] net: lan966x: remove debugfs directory in probe() error path

by Herve Codina

A debugfs directory entry is create early during probe(). This entry is not removed on error path leading to some "already present" issues in case of EPROBE_DEFER. Create this entry later in the probe() code to avoid the need to change many 'return' in 'goto' and add the removal in the already present error path. Fixes: 942814840127 ("net: lan966x: Add VCAP debugFS support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c index 2635ef8958c8..61d88207eed4 100644 --- a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c +++ b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c @@ -1087,8 +1087,6 @@ static int lan966x_probe(struct platform_device *pdev) platform_set_drvdata(pdev, lan966x); lan966x->dev = &pdev->dev; - lan966x->debugfs_root = debugfs_create_dir("lan966x", NULL); - if (!device_get_mac_address(&pdev->dev, mac_addr)) { ether_addr_copy(lan966x->base_mac, mac_addr); } else { @@ -1179,6 +1177,8 @@ static int lan966x_probe(struct platform_device *pdev) return dev_err_probe(&pdev->dev, -ENODEV, "no ethernet-ports child found\n"); + lan966x->debugfs_root = debugfs_create_dir("lan966x", NULL); + /* init switch */ lan966x_init(lan966x); lan966x_stats_init(lan966x); @@ -1257,6 +1257,8 @@ static int lan966x_probe(struct platform_device *pdev) destroy_workqueue(lan966x->stats_queue); mutex_destroy(&lan966x->stats_lock); + debugfs_remove_recursive(lan966x->debugfs_root); + return err; } -- 2.44.0

1 year, 4 months

2
2
0 0

Re: [PATCH 6.8 000/228] 6.8.9-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 4 months

1
0
0 0

[PATCH 5.10 000/138] 5.10.216-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.216 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.216-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.216-rc1 Guenter Roeck <linux(a)roeck-us.net> riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix TASK_SIZE on 64-bit NOMMU Baoquan He <bhe(a)redhat.com> riscv: fix VMALLOC_START definition Sean Anderson <sean.anderson(a)linux.dev> dma: xilinx_dpdma: Fix locking Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Eric Dumazet <edumazet(a)google.com> tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Sean Christopherson <seanjc(a)google.com> cpu: Re-enable CPU mitigations by default for !X86 architectures Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Christian Marangi <ansuelsmth(a)gmail.com> PM / devfreq: Fix buffer overflow in trans_stat_show Robin H. Johnson <robbat2(a)gentoo.org> tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Robin H. Johnson <robbat2(a)gentoo.org> tracing: Show size of requested perf buffer Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix a race in command alloc flow Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Jason Reeder <jreeder(a)ti.com> net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Erwan Velu <e.velu(a)criteo.com> i40e: Report MFS in decimal base instead of hex Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: honor table dormant flag from netdev release event path Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> ipv4: check for NULL idev in ip_route_use_hint() Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: remove old PASN station when adding a new one Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix clock controllers Felix Fietkau <nbd(a)nbd.name> arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch Felix Fietkau <nbd(a)nbd.name> arm64: dts: mediatek: mt7622: add support for coherent DMA Ikjoon Jang <ikjn(a)chromium.org> arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Guo Ren <guoren(a)linux.alibaba.com> riscv: Enable per-task stack canaries Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Daisuke Mizobuchi <mizo(a)atmark-techno.com> mailbox: imx: fix suspend failue Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Documentation/ABI/testing/sysfs-class-devfreq | 3 + Makefile | 4 +- arch/Kconfig | 8 ++ arch/arc/boot/dts/hsdk.dts | 1 - arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 +- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 62 ++++++--- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 +++- arch/riscv/Kconfig | 8 ++ arch/riscv/Makefile | 10 ++ arch/riscv/include/asm/pgtable.h | 4 +- arch/riscv/include/asm/stackprotector.h | 3 +- arch/riscv/kernel/asm-offsets.c | 3 + arch/riscv/kernel/process.c | 5 +- arch/x86/Kconfig | 11 +- arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- crypto/algapi.c | 1 - drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/bluetooth/btusb.c | 2 + drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/devfreq/devfreq.c | 59 +++++--- drivers/dma/idma64.c | 4 + drivers/dma/owl-dma.c | 4 +- drivers/dma/xilinx/xilinx_dpdma.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++---- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 24 ++-- drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/hid/i2c-hid/i2c-hid-core.c | 8 -- drivers/i2c/i2c-core-base.c | 12 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/iommu/intel/svm.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/mailbox/imx-mailbox.c | 8 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/misc/mei/pci-me.c | 2 +- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 +++-- drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +-- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++++++-- drivers/net/ethernet/ti/am65-cpts.c | 5 + drivers/net/geneve.c | 4 +- drivers/net/gtp.c | 3 +- drivers/net/tun.c | 18 +-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/vxlan/vxlan_core.c | 4 + .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 + drivers/nfc/trf7970a.c | 42 +++--- drivers/staging/comedi/drivers/vmk80xx.c | 35 ++--- drivers/thunderbolt/switch.c | 50 +++++-- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ drivers/vhost/vhost.c | 14 +- fs/btrfs/backref.c | 12 +- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/qgroup.c | 2 + fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/etherdevice.h | 25 ++++ include/linux/irqflags.h | 2 +- include/linux/serial_core.h | 79 +++++++++++ include/linux/trace_events.h | 2 +- include/linux/u64_stats_sync.h | 6 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 5 +- include/net/bluetooth/bluetooth.h | 9 ++ include/net/ip_tunnels.h | 33 +++++ init/main.c | 2 + kernel/bounds.c | 2 +- kernel/cpu.c | 3 +- kernel/kprobes.c | 18 ++- kernel/trace/trace_event_perf.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- lib/stackdepot.c | 4 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/sco.c | 26 ++-- net/ethernet/eth.c | 12 +- net/ipv4/inet_timewait_sock.c | 34 +++-- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 7 +- net/ipv4/udp.c | 5 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_chain_filter.c | 4 +- net/netfilter/nft_set_pipapo.c | 14 +- net/openvswitch/conntrack.c | 9 +- net/unix/af_unix.c | 4 +- net/unix/garbage.c | 35 +++-- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/timers/posix_timers.c | 2 +- 123 files changed, 1058 insertions(+), 476 deletions(-)

1 year, 4 months

2
140
0 0

[PATCH] x86/purgatory: Switch to the position-independent small code model

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> On x86, the ordinary, position dependent 'small' and 'kernel' code models only support placement of the executable in 32-bit addressable memory, due to the use of 32-bit signed immediates to generate references to global variables. For the kernel, this implies that all global variables must reside in the top 2 GiB of the kernel virtual address space, where the implicit address bits 63:32 are equal to sign bit 31. This means the kernel code model is not suitable for other bare metal executables such as the kexec purgatory, which can be placed arbitrarily in the physical address space, where its address may no longer be representable as a sign extended 32-bit quantity. For this reason, commit e16c2983fba0 ("x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors") switched to the 'large' code model, which uses 64-bit immediates for all symbol references, including function calls, in order to avoid relying on any assumptions regarding proximity of symbols in the final executable. The large code model is rarely used, clunky and the least likely to operate in a similar fashion when comparing GCC and Clang, so it is best avoided. This is especially true now that Clang 18 has started to emit executable code in two separate sections (.text and .ltext), which triggers an issue in the kexec loading code at runtime. Instead, use the position independent small code model, which makes no assumptions about placement but only about proximity, where all referenced symbols must be within -/+ 2 GiB, i.e., in range for a RIP-relative reference. Use hidden visibility to suppress the use of a GOT, which carries absolute addresses that are not covered by static ELF relocations, and is therefore incompatible with the kexec loader's relocation logic. Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: Bill Wendling <morbo(a)google.com> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Song Liu <song(a)kernel.org> Cc: Ricardo Ribalda <ribalda(a)kernel.org> Cc: Fangrui Song <maskray(a)google.com> Cc: Arthur Eubanks <aeubanks(a)google.com> Link: https://lore.kernel.org/all/20240417-x86-fix-kexec-with-llvm-18-v1-0-538312… Cc: <stable(a)vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/x86/purgatory/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index bc31863c5ee6..a18591f6e6d9 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -42,7 +42,8 @@ KCOV_INSTRUMENT := n # make up the standalone purgatory.ro PURGATORY_CFLAGS_REMOVE := -mcmodel=kernel -PURGATORY_CFLAGS := -mcmodel=large -ffreestanding -fno-zero-initialized-in-bss -g0 +PURGATORY_CFLAGS := -mcmodel=small -ffreestanding -fno-zero-initialized-in-bss -g0 +PURGATORY_CFLAGS += -fpic -fvisibility=hidden PURGATORY_CFLAGS += $(DISABLE_STACKLEAK_PLUGIN) -DDISABLE_BRANCH_PROFILING PURGATORY_CFLAGS += -fno-stack-protector -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

8
11
0 0

[PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- drivers/tty/serial/sc16is7xx.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 03cf30e20b75..dcd6c5615401 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -555,16 +555,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -574,9 +586,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -592,7 +605,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen, base-commit: 660a708098569a66a47d0abdad998e29e1259de6 -- 2.39.2

1 year, 4 months

4
7
0 0

[PATCH 1/1] slimbus: qcom-ngd-ctrl: Add timeout for wait operation

by srinivas.kandagatla＠linaro.org

From: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> In current driver qcom_slim_ngd_up_worker() indefinitely waiting for ctrl->qmi_up completion object. This is resulting in workqueue lockup on Kthread. Added wait_for_completion_interruptible_timeout to allow the thread to wait for specific timeout period and bail out instead waiting infinitely. Fixes: a899d324863a ("slimbus: qcom-ngd-ctrl: add Sub System Restart support") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> --- drivers/slimbus/qcom-ngd-ctrl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c index efeba8275a66..a09a26bf4988 100644 --- a/drivers/slimbus/qcom-ngd-ctrl.c +++ b/drivers/slimbus/qcom-ngd-ctrl.c @@ -1451,7 +1451,11 @@ static void qcom_slim_ngd_up_worker(struct work_struct *work) ctrl = container_of(work, struct qcom_slim_ngd_ctrl, ngd_up_work); /* Make sure qmi service is up before continuing */ - wait_for_completion_interruptible(&ctrl->qmi_up); + if (!wait_for_completion_interruptible_timeout(&ctrl->qmi_up, + msecs_to_jiffies(MSEC_PER_SEC))) { + dev_err(ctrl->dev, "QMI wait timeout\n"); + return; + } mutex_lock(&ctrl->ssr_lock); qcom_slim_ngd_enable(ctrl, true); -- 2.25.1

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] udp: preserve the connected status if only UDP cmsg" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 680d11f6e5427b6af1321932286722d24a8b16c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042925-enrich-charbroil-ce36@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 680d11f6e542 ("udp: preserve the connected status if only UDP cmsg") 5298953e742d ("udp6: don't make extra copies of iflow") 42dcfd850e51 ("udp6: allow SO_MARK ctrl msg to affect routing") 3df98d79215a ("lsm,selinux: pass flowi_common instead of flowi to the LSM hooks") e94ee171349d ("xfrm: Use correct address family in xfrm_state_find") 5eff06902394 ("ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg") 6abde0b24122 ("crypto/chtls: IPv6 support for inline TLS") ed52f2c608c9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680d11f6e5427b6af1321932286722d24a8b16c1 Mon Sep 17 00:00:00 2001 From: Yick Xie <yick.xie(a)gmail.com> Date: Fri, 19 Apr 2024 01:06:10 +0800 Subject: [PATCH] udp: preserve the connected status if only UDP cmsg If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg), "connected" should not be set to 0. Otherwise it stops the connected socket from using the cached route. Fixes: 2e8de8576343 ("udp: add gso segment cmsg") Signed-off-by: Yick Xie <yick.xie(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c02bf011d4a6..420905be5f30 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1123,16 +1123,17 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { err = udp_cmsg_send(sk, msg, &ipc.gso_size); - if (err > 0) + if (err > 0) { err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); + connected = 0; + } if (unlikely(err < 0)) { kfree(ipc.opt); return err; } if (ipc.opt) free = 1; - connected = 0; } if (!ipc.opt) { struct ip_options_rcu *inet_opt; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b1dd7f51249..1a4cccdd40c9 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1474,9 +1474,11 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ipc6.opt = opt; err = udp_cmsg_send(sk, msg, &ipc6.gso_size); - if (err > 0) + if (err > 0) { err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, fl6, &ipc6); + connected = false; + } if (err < 0) { fl6_sock_release(flowlabel); return err; @@ -1488,7 +1490,6 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; - connected = false; } if (!opt) { opt = txopt_get(np);

1 year, 4 months

3
4
0 0

[PATCH 1/4] slimbus: qcom-ngd-ctrl: Add timeout for wait operation

by srinivas.kandagatla＠linaro.org

From: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> In current driver qcom_slim_ngd_up_worker() indefinitely waiting for ctrl->qmi_up completion object. This is resulting in workqueue lockup on Kthread. Added wait_for_completion_interruptible_timeout to allow the thread to wait for specific timeout period and bail out instead waiting infinitely. Fixes: a899d324863a ("slimbus: qcom-ngd-ctrl: add Sub System Restart support") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> --- drivers/slimbus/qcom-ngd-ctrl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c index efeba8275a66..a09a26bf4988 100644 --- a/drivers/slimbus/qcom-ngd-ctrl.c +++ b/drivers/slimbus/qcom-ngd-ctrl.c @@ -1451,7 +1451,11 @@ static void qcom_slim_ngd_up_worker(struct work_struct *work) ctrl = container_of(work, struct qcom_slim_ngd_ctrl, ngd_up_work); /* Make sure qmi service is up before continuing */ - wait_for_completion_interruptible(&ctrl->qmi_up); + if (!wait_for_completion_interruptible_timeout(&ctrl->qmi_up, + msecs_to_jiffies(MSEC_PER_SEC))) { + dev_err(ctrl->dev, "QMI wait timeout\n"); + return; + } mutex_lock(&ctrl->ssr_lock); qcom_slim_ngd_enable(ctrl, true); -- 2.25.1

1 year, 4 months

1
0
0 0

[PATCH v5.4] dm: limit the number of targets and parameter size area

by Srish Srinivasan

From: Mikulas Patocka <mpatocka(a)redhat.com> commit bd504bcfec41a503b32054da5472904b404341a4 upstream. The kvmalloc function fails with a warning if the size is larger than INT_MAX. The warning was triggered by a syscall testing robot. In order to avoid the warning, this commit limits the number of targets to 1048576 and the size of the parameter area to 1073741824. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Signed-off-by: He Gao <hegao(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [srish: Apply to stable branch linux-5.4.y] Signed-off-by: Srish Srinivasan <srish.srinivasan(a)broadcom.com> --- drivers/md/dm-core.h | 2 ++ drivers/md/dm-ioctl.c | 3 ++- drivers/md/dm-table.c | 9 +++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h index 3fea121fc..e3c3bbe92 100644 --- a/drivers/md/dm-core.h +++ b/drivers/md/dm-core.h @@ -18,6 +18,8 @@ #include "dm.h" #define DM_RESERVED_MAX_IOS 1024 +#define DM_MAX_TARGETS 1048576 +#define DM_MAX_TARGET_PARAMS 1024 struct dm_kobject_holder { struct kobject kobj; diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 8e787677a..e89e710dd 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1760,7 +1760,8 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern if (copy_from_user(param_kernel, user, minimum_data_size)) return -EFAULT; - if (param_kernel->data_size < minimum_data_size) + if (unlikely(param_kernel->data_size < minimum_data_size) || + unlikely(param_kernel->data_size > DM_MAX_TARGETS * DM_MAX_TARGET_PARAMS)) return -EINVAL; secure_data = param_kernel->flags & DM_SECURE_DATA_FLAG; diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 8b05d938a..fcb9e2775 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -184,7 +184,12 @@ static int alloc_targets(struct dm_table *t, unsigned int num) int dm_table_create(struct dm_table **result, fmode_t mode, unsigned num_targets, struct mapped_device *md) { - struct dm_table *t = kzalloc(sizeof(*t), GFP_KERNEL); + struct dm_table *t; + + if (num_targets > DM_MAX_TARGETS) + return -EOVERFLOW; + + t = kzalloc(sizeof(*t), GFP_KERNEL); if (!t) return -ENOMEM; @@ -199,7 +204,7 @@ int dm_table_create(struct dm_table **result, fmode_t mode, if (!num_targets) { kfree(t); - return -ENOMEM; + return -EOVERFLOW; } if (alloc_targets(t, num_targets)) { -- 2.35.6

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] udp: preserve the connected status if only UDP cmsg" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 680d11f6e5427b6af1321932286722d24a8b16c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042919-strobe-squatted-ad63@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 680d11f6e542 ("udp: preserve the connected status if only UDP cmsg") 5298953e742d ("udp6: don't make extra copies of iflow") 42dcfd850e51 ("udp6: allow SO_MARK ctrl msg to affect routing") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680d11f6e5427b6af1321932286722d24a8b16c1 Mon Sep 17 00:00:00 2001 From: Yick Xie <yick.xie(a)gmail.com> Date: Fri, 19 Apr 2024 01:06:10 +0800 Subject: [PATCH] udp: preserve the connected status if only UDP cmsg If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg), "connected" should not be set to 0. Otherwise it stops the connected socket from using the cached route. Fixes: 2e8de8576343 ("udp: add gso segment cmsg") Signed-off-by: Yick Xie <yick.xie(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c02bf011d4a6..420905be5f30 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1123,16 +1123,17 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { err = udp_cmsg_send(sk, msg, &ipc.gso_size); - if (err > 0) + if (err > 0) { err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); + connected = 0; + } if (unlikely(err < 0)) { kfree(ipc.opt); return err; } if (ipc.opt) free = 1; - connected = 0; } if (!ipc.opt) { struct ip_options_rcu *inet_opt; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b1dd7f51249..1a4cccdd40c9 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1474,9 +1474,11 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ipc6.opt = opt; err = udp_cmsg_send(sk, msg, &ipc6.gso_size); - if (err > 0) + if (err > 0) { err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, fl6, &ipc6); + connected = false; + } if (err < 0) { fl6_sock_release(flowlabel); return err; @@ -1488,7 +1490,6 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; - connected = false; } if (!opt) { opt = txopt_get(np);

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] udp: preserve the connected status if only UDP cmsg" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 680d11f6e5427b6af1321932286722d24a8b16c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042919-purge-pegboard-b8f1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 680d11f6e542 ("udp: preserve the connected status if only UDP cmsg") 5298953e742d ("udp6: don't make extra copies of iflow") 42dcfd850e51 ("udp6: allow SO_MARK ctrl msg to affect routing") 3df98d79215a ("lsm,selinux: pass flowi_common instead of flowi to the LSM hooks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680d11f6e5427b6af1321932286722d24a8b16c1 Mon Sep 17 00:00:00 2001 From: Yick Xie <yick.xie(a)gmail.com> Date: Fri, 19 Apr 2024 01:06:10 +0800 Subject: [PATCH] udp: preserve the connected status if only UDP cmsg If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg), "connected" should not be set to 0. Otherwise it stops the connected socket from using the cached route. Fixes: 2e8de8576343 ("udp: add gso segment cmsg") Signed-off-by: Yick Xie <yick.xie(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c02bf011d4a6..420905be5f30 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1123,16 +1123,17 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { err = udp_cmsg_send(sk, msg, &ipc.gso_size); - if (err > 0) + if (err > 0) { err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); + connected = 0; + } if (unlikely(err < 0)) { kfree(ipc.opt); return err; } if (ipc.opt) free = 1; - connected = 0; } if (!ipc.opt) { struct ip_options_rcu *inet_opt; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b1dd7f51249..1a4cccdd40c9 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1474,9 +1474,11 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ipc6.opt = opt; err = udp_cmsg_send(sk, msg, &ipc6.gso_size); - if (err > 0) + if (err > 0) { err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, fl6, &ipc6); + connected = false; + } if (err < 0) { fl6_sock_release(flowlabel); return err; @@ -1488,7 +1490,6 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; - connected = false; } if (!opt) { opt = txopt_get(np);

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] udp: preserve the connected status if only UDP cmsg" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 680d11f6e5427b6af1321932286722d24a8b16c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042920-overcoat-cannot-efc1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 680d11f6e542 ("udp: preserve the connected status if only UDP cmsg") 5298953e742d ("udp6: don't make extra copies of iflow") 42dcfd850e51 ("udp6: allow SO_MARK ctrl msg to affect routing") 3df98d79215a ("lsm,selinux: pass flowi_common instead of flowi to the LSM hooks") e94ee171349d ("xfrm: Use correct address family in xfrm_state_find") 5eff06902394 ("ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg") 6abde0b24122 ("crypto/chtls: IPv6 support for inline TLS") ed52f2c608c9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 680d11f6e5427b6af1321932286722d24a8b16c1 Mon Sep 17 00:00:00 2001 From: Yick Xie <yick.xie(a)gmail.com> Date: Fri, 19 Apr 2024 01:06:10 +0800 Subject: [PATCH] udp: preserve the connected status if only UDP cmsg If "udp_cmsg_send()" returned 0 (i.e. only UDP cmsg), "connected" should not be set to 0. Otherwise it stops the connected socket from using the cached route. Fixes: 2e8de8576343 ("udp: add gso segment cmsg") Signed-off-by: Yick Xie <yick.xie(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Willem de Bruijn <willemb(a)google.com> Link: https://lore.kernel.org/r/20240418170610.867084-1-yick.xie@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index c02bf011d4a6..420905be5f30 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1123,16 +1123,17 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { err = udp_cmsg_send(sk, msg, &ipc.gso_size); - if (err > 0) + if (err > 0) { err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); + connected = 0; + } if (unlikely(err < 0)) { kfree(ipc.opt); return err; } if (ipc.opt) free = 1; - connected = 0; } if (!ipc.opt) { struct ip_options_rcu *inet_opt; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b1dd7f51249..1a4cccdd40c9 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1474,9 +1474,11 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) ipc6.opt = opt; err = udp_cmsg_send(sk, msg, &ipc6.gso_size); - if (err > 0) + if (err > 0) { err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, fl6, &ipc6); + connected = false; + } if (err < 0) { fl6_sock_release(flowlabel); return err; @@ -1488,7 +1490,6 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; - connected = false; } if (!opt) { opt = txopt_get(np);

1 year, 4 months

2
1
0 0

[PATCH 6.1.y 1/4] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads

by Rahul Rameshbabu

commit 475747a19316b08e856c666a20503e73d7ed67ed upstream. Omit rx_use_md_dst comment in upstream commit since macsec_ops is not documented. Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- include/net/macsec.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/net/macsec.h b/include/net/macsec.h index 65c93959c2dc..dd578d193f9a 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -302,6 +302,7 @@ struct macsec_ops { int (*mdo_get_tx_sa_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sc_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sa_stats)(struct macsec_context *ctx); + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa); -- 2.42.0

1 year, 4 months

2
4
0 0

Re: Kernel Issue: Wrong EFI Loader Signature followed by Kernel Panic

by Greg KH

On Tue, Apr 30, 2024 at 01:20:27PM +0530, Atishya Jain wrote: > XDP is used for Fast Packet Processing which is only on the RX path of the > kernel . XDP on TX path is not supported by the kernel . > Mail list for egress XDP : (Add Support of egress XDP patch ) If you rely on external changes, please work with the developers of those changes, nothing we can do about them. > So I Extracted the patch from it and first Applied on the latest Version > only but got many failed to patch messages so I looked for different > versions and 5.4 got matched almost perfectly . Again, 5.4 is VERY old, and probably is doing something wrong with the efi stuff that your system is expecting. Please try a more modern kernel version please. good luck! greg k-h

1 year, 4 months

1
0
0 0

[PATCH v2] Revert "riscv: kdump: fix crashkernel reserving problem on RISC-V"

by Mingzheng Xing

This reverts commit 1d6cd2146c2b58bc91266db1d5d6a5f9632e14c0 which was mistakenly added into v6.6.y and the commit corresponding to the 'Fixes:' tag is invalid. For more information, see link [1]. This will result in the loss of Crashkernel data in /proc/iomem, and kdump failed: ``` Memory for crashkernel is not reserved Please reserve memory by passing"crashkernel=Y@X" parameter to kernel Then try to loading kdump kernel ``` After revert, kdump works fine. Tested on QEMU riscv. Link: https://lore.kernel.org/linux-riscv/ZSiQRDGLZk7lpakE@MiWiFi-R3L-srv [1] Cc: Baoquan He <bhe(a)redhat.com> Cc: Chen Jiahao <chenjiahao16(a)huawei.com> Signed-off-by: Mingzheng Xing <xingmingzheng(a)iscas.ac.cn> --- v1 -> v2: - Changed the commit message - Added Cc: v1: https://lore.kernel.org/stable/20240416085647.14376-1-xingmingzheng@iscas.a… arch/riscv/kernel/setup.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index aac853ae4eb74..e600aab116a40 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -173,6 +173,19 @@ static void __init init_resources(void) if (ret < 0) goto error; +#ifdef CONFIG_KEXEC_CORE + if (crashk_res.start != crashk_res.end) { + ret = add_resource(&iomem_resource, &crashk_res); + if (ret < 0) + goto error; + } + if (crashk_low_res.start != crashk_low_res.end) { + ret = add_resource(&iomem_resource, &crashk_low_res); + if (ret < 0) + goto error; + } +#endif + #ifdef CONFIG_CRASH_DUMP if (elfcorehdr_size > 0) { elfcorehdr_res.start = elfcorehdr_addr; -- 2.34.1

1 year, 4 months

3
3
0 0

[PATCH 4.19 000/175] 4.19.312-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.312 release. There are 175 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.312-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.312-rc1 Geert Uytterhoeven <geert(a)linux-m68k.org> initramfs: fix populate_initrd_image() section mismatch Hangbin Liu <liuhangbin(a)gmail.com> ip_gre: do not report erspan version on GRE interface William Tu <u9012063(a)gmail.com> erspan: Check IFLA_GRE_ERSPAN_VER is set. Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Guo Mengqi <guomengqi3(a)huawei.com> drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head William Tu <u9012063(a)gmail.com> erspan: Add type I version 0 support. John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Christoph Hellwig <hch(a)lst.de> initramfs: switch initramfs unpacking to struct file based APIs Christoph Hellwig <hch(a)lst.de> fs: add a vfs_fchmod helper Christoph Hellwig <hch(a)lst.de> fs: add a vfs_fchown helper Christoph Hellwig <hch(a)lst.de> initramfs: factor out a helper to populate the initrd image Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Dave Stevenson <dave.stevenson(a)raspberrypi.org> staging: mmal-vchiq: Fix client_component for 64 bit kernel Dave Stevenson <dave.stevenson(a)raspberrypi.org> staging: mmal-vchiq: Allocate and free components as required Dave Stevenson <dave.stevenson(a)raspberrypi.org> staging: mmal-vchiq: Avoid use of bool in structures Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow timeout for anonymous sets Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Geliang Tang <geliangtang(a)gmail.com> mptcp: add sk_stop_timer_sync helper Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Christoph Niedermaier <cniedermaier(a)dh-electronics.com> drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() Thomas Gleixner <tglx(a)linutronix.de> timers: Move clearing of base::timer_running under base:: Lock Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Zhong Jinghua <zhongjinghua(a)huawei.com> loop: loop_set_status_from_info() check before assignment Siddh Raman Pant <code(a)siddh.me> loop: Check for overflow while configuring loop Martijn Coenen <maco(a)android.com> loop: Factor out configuring loop from status Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Holger Hoffstätte <holger.hoffstaette(a)googlemail.com> loop: properly observe rotational flag of underlying device Martijn Coenen <maco(a)android.com> loop: Refactor loop_set_status() size calculation Martijn Coenen <maco(a)android.com> loop: Factor out setting loop device size Martijn Coenen <maco(a)android.com> loop: Remove sector_t truncation checks Martijn Coenen <maco(a)android.com> loop: Call loop_config_discard() only after new config is applied Genjian Zhang <zhanggenjian(a)kylinos.cn> Revert "loop: Check for overflow while configuring loop" Goldwyn Rodrigues <rgoldwyn(a)suse.com> btrfs: allocate btrfs_ioctl_defrag_range_args on stack John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Liu Shixin <liushixin2(a)huawei.com> mm/memory-failure: fix an incorrect use of tail pages Yangxi Xiang <xyangxi5(a)gmail.com> vt: fix memory overlapping when deleting chars in the buffer Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Ian Abbott <abbotti(a)mev.co.uk> comedi: comedi_test: Prevent timers rescheduling during deletion Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Joe Perches <joe(a)perches.com> nilfs2: use a more common logging style Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Boris Brezillon <boris.brezillon(a)collabora.com> drm/imx: pd: Use bus format/flags provided by the bridge when available Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Song Liu <song(a)kernel.org> Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum Helge Deller <deller(a)gmx.de> parisc: Do not hardcode registers in checksum functions Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Lubomir Rintel <lkundrak(a)v3.sk> ARM: dts: mmp2-brownstone: Don't redeclare phandle references Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Anna-Maria Gleixner <anna-maria(a)linutronix.de> timers: Prepare support for PREEMPT_RT Anna-Maria Gleixner <anna-maria(a)linutronix.de> timer/trace: Improve timer tracing Anna-Maria Gleixner <anna-maria(a)linutronix.de> timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 18 +- Documentation/admin-guide/kernel-parameters.txt | 6 +- Makefile | 4 +- arch/arm/boot/dts/mmp2-brownstone.dts | 330 ++++++++++----------- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +- arch/parisc/include/asm/checksum.h | 107 +++---- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/msr-index.h | 2 + arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 117 ++++---- arch/x86/kernel/cpu/common.c | 17 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/pat.c | 50 +++- block/blk-stat.c | 2 +- drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 ++-- drivers/ata/sata_sx4.c | 6 +- drivers/base/power/wakeirq.c | 4 +- drivers/block/loop.c | 206 ++++++++----- drivers/bluetooth/btintel.c | 2 +- drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/imx/parallel-display.c | 172 +++++++++-- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- drivers/hwmon/amc6821.c | 11 + drivers/input/rmi4/rmi_driver.c | 6 +- drivers/md/dm-raid.c | 2 + drivers/md/raid5.c | 12 + drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/mmc/core/block.c | 10 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +-- drivers/net/ethernet/realtek/r8169_main.c | 9 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 ++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/pci/pci-driver.c | 23 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 ++++-- drivers/staging/comedi/drivers/comedi_test.c | 30 +- drivers/staging/speakup/synth.c | 4 +- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 52 ++-- .../vc04_services/bcm2835-camera/mmal-vchiq.h | 6 +- drivers/tty/n_gsm.c | 3 + drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/vt/vt.c | 4 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 + drivers/usb/dwc2/core_intr.c | 63 ++-- drivers/usb/dwc2/gadget.c | 4 + drivers/usb/dwc2/hcd.c | 47 ++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/vfio/platform/vfio_platform_irq.c | 5 +- drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/virtio/virtio.c | 10 +- fs/aio.c | 8 +- fs/btrfs/export.c | 9 +- fs/btrfs/ioctl.c | 25 +- fs/btrfs/send.c | 10 +- fs/btrfs/volumes.c | 12 +- fs/exec.c | 1 + fs/ext4/resize.c | 3 +- fs/fat/nfs.c | 6 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/isofs/inode.c | 18 +- fs/nilfs2/alloc.c | 38 +-- fs/nilfs2/btree.c | 51 ++-- fs/nilfs2/cpfile.c | 10 +- fs/nilfs2/dat.c | 14 +- fs/nilfs2/direct.c | 23 +- fs/nilfs2/gcinode.c | 2 +- fs/nilfs2/ifile.c | 4 +- fs/nilfs2/inode.c | 31 +- fs/nilfs2/ioctl.c | 37 ++- fs/nilfs2/mdt.c | 2 +- fs/nilfs2/namei.c | 6 +- fs/nilfs2/nilfs.h | 9 + fs/nilfs2/page.c | 11 +- fs/nilfs2/recovery.c | 32 +- fs/nilfs2/segbuf.c | 2 +- fs/nilfs2/segment.c | 38 +-- fs/nilfs2/sufile.c | 29 +- fs/nilfs2/super.c | 57 ++-- fs/nilfs2/sysfs.c | 29 +- fs/nilfs2/the_nilfs.c | 85 +++--- fs/open.c | 38 ++- fs/sysv/itree.c | 10 +- fs/ubifs/file.c | 13 +- include/linux/fs.h | 3 + include/linux/gfp.h | 9 + include/linux/sunrpc/sched.h | 2 +- include/linux/timer.h | 18 +- include/net/erspan.h | 19 +- include/net/inet_connection_sock.h | 1 + include/net/sock.h | 9 + include/soc/fsl/qman.h | 9 + include/trace/events/timer.h | 17 +- include/uapi/linux/input-event-codes.h | 1 + init/initramfs.c | 75 +++-- kernel/events/core.c | 9 + kernel/power/suspend.c | 1 + kernel/printk/printk.c | 6 + kernel/time/timer.c | 282 +++++++++++++----- mm/compaction.c | 7 +- mm/memory-failure.c | 2 +- mm/memory.c | 4 + mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/vmscan.c | 5 +- net/batman-adv/distributed-arp-table.c | 3 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/core/sock.c | 7 + net/ipv4/inet_connection_sock.c | 14 + net/ipv4/ip_gre.c | 104 +++++-- net/ipv4/tcp.c | 2 + net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/mac80211/cfg.c | 5 +- net/netfilter/nf_tables_api.c | 22 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/soc-ops.c | 2 +- tools/iio/iio_utils.c | 2 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- virt/kvm/async_pf.c | 31 +- 166 files changed, 2248 insertions(+), 1220 deletions(-)

1 year, 4 months

11
194
0 0

FAILED: patch "[PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 025a6f7448f7bb5f4fceb62498ee33d89ae266bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042918-jet-harmonica-e767@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 025a6f7448f7 ("phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6") ef643d55fdeb ("phy: qcom: qmp: split DP PHY registers to separate headers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 025a6f7448f7bb5f4fceb62498ee33d89ae266bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Mon, 8 Apr 2024 11:30:23 +0200 Subject: [PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6 Commit 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") fixed a regression introduced in 6.5 by making sure that the correct offset is used for the DP_PHY_VCO_DIV register on v3 hardware. Unfortunately, that fix instead broke DisplayPort on v5_5nm and v6 hardware as it failed to add the corresponding offsets also to those register tables. Fixes: 815891eee668 ("phy: qcom-qmp-combo: Introduce orientation variable") Fixes: 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") Cc: stable(a)vger.kernel.org # 6.5: 5abed58a8bde Cc: Stephen Boyd <swboyd(a)chromium.org> Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Stephen Boyd <swboyd(a)chromium.org> Reviewed-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Link: https://lore.kernel.org/r/20240408093023.506-1-johan+linaro@kernel.org Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c index 2a6f70b3e25f..c21cdb8dbfe7 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c @@ -153,6 +153,7 @@ static const unsigned int qmp_v5_5nm_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V5_COM_BIAS_EN_CLKBUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V5_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V5_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V5_5NM_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V5_5NM_TX_TX_DRV_LVL, @@ -177,6 +178,7 @@ static const unsigned int qmp_v6_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V6_COM_PLL_BIAS_EN_CLK_BUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V6_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V6_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V6_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V6_TX_TX_DRV_LVL, diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h index f5cfacf9be96..181057421c11 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V5_H_ /* Only for QMP V5 PHY - DP PHY registers */ +#define QSERDES_V5_DP_PHY_VCO_DIV 0x070 #define QSERDES_V5_DP_PHY_AUX_INTERRUPT_STATUS 0x0d8 #define QSERDES_V5_DP_PHY_STATUS 0x0dc diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h index 01a20d3be4b8..fa967a1af058 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V6_H_ /* Only for QMP V6 PHY - DP PHY registers */ +#define QSERDES_V6_DP_PHY_VCO_DIV 0x070 #define QSERDES_V6_DP_PHY_AUX_INTERRUPT_STATUS 0x0e0 #define QSERDES_V6_DP_PHY_STATUS 0x0e4

1 year, 4 months

3
2
0 0

[PATCH 6.8 000/273] 6.8.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.5 release. There are 273 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Apr 2024 12:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.5-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.5-rc1 Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Rework rebinding Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use ring ops TLB invalidation for rebinds Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Björn Töpel <bjorn(a)rivosinc.com> riscv: Fix vector state restore in rt_sigreturn() Kent Overstreet <kent.overstreet(a)linux.dev> aio: Fix null ptr deref in aio_complete() wakeup Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Correct the delay calculation Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Remove the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/rw: don't allow multishot reads without NOWAIT support Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Christian Bendiksen <christian(a)bendiksen.me> ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: Add pplcllpl/u members to hdac_ext_stream Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Gabe Teeger <gabe.teeger(a)amd.com> Revert "drm/amd/display: Send DTBCLK disable message on first commit" Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Peter Collingbourne <pcc(a)google.com> stackdepot: rename pool_index to pool_index_plus_1 Oscar Salvador <osalvador(a)suse.de> lib/stackdepot: move stack_record struct definition into the header Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix warning by declaring arch_cpu_idle() as noinstr Andreas Schwab <schwab(a)suse.de> riscv: use KERN_INFO in do_trap Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Limit the reserved VM space to only the platforms that need it Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without trip points Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without cooling devices Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix DSC state HW readout for SST connectors Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp pdm configuration check Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Christian Brauner <brauner(a)kernel.org> block: count BLK_OPEN_RESTRICT_WRITES openers Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Vladimir Isaev <vladimir.isaev(a)syntacore.com> riscv: hwprobe: do not produce frtace relocation Samuel Holland <samuel.holland(a)sifive.com> riscv: mm: Fix prototype to avoid discarding const Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: use += operator to append strings Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Guenter Roeck <linux(a)roeck-us.net> mean_and_variance: Drop always failing tests Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Joshua Hay <joshua.a.hay(a)intel.com> idpf: fix kernel panic on unknown packet types Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Will Deacon <will(a)kernel.org> KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent BPF accessing lowat from a subflow socket. Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Wujie Duan <wjduan(a)linx-info.com> KVM: arm64: Fix out-of-IPA space translation fault handling Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> kbuild: make -Woverride-init warnings more consistent Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning José Roberto de Souza <jose.souza(a)intel.com> drm/i915: Do not print 'pxp init failed with 0' when it succeed Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Disable AuxCCS framebuffers if built for Xe Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Validate the PASID in iommu_attach_device_pasid() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size Taimur Hassan <syed.hassan(a)amd.com> drm/amd/display: Send DTBCLK disable message on first commit Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: Update P010 scaling cap David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix debug messaging in gpiod_find_and_request() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Remove AR30 and AB30 format support Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Prasad Pandit <pjp(a)fedoraproject.org> dpll: indent DPLL option type by a tab Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_GT_PER_TILE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/queue: fix engine_class bounds check Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: use jiffies for job timeout Brian Welty <brian.welty(a)intel.com> drm/xe: Add exec_queue.sched_props.job_timeout_ms Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Remove unused xe_bo->props struct Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Jan Kara <jack(a)suse.cz> nfsd: Fix error cleanup path in nfsd_rename() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Stanislav Fomichev <sdf(a)google.com> xsk: Don't assume metadata is always requested in TX completion Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/nvhe/tlb.c | 3 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/kvm/hyp/vhe/tlb.c | 3 +- arch/arm64/kvm/mmu.c | 2 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 5 +- arch/riscv/kernel/signal.c | 15 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/kernel/vdso/Makefile | 1 + arch/riscv/kvm/aia_aplic.c | 37 +++- arch/riscv/mm/tlbflush.c | 4 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 10 +- arch/s390/kernel/perf_pai_ext.c | 10 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 ++--- arch/sparc/mm/init_64.c | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 ++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 +++++ arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +-- arch/x86/kernel/sev.c | 14 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 2 + arch/x86/kvm/svm/sev.c | 45 +++-- arch/x86/kvm/trace.h | 10 +- arch/x86/lib/Makefile | 13 -- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +-- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +++----- arch/x86/mm/pat/memtype.c | 49 +++-- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- block/bdev.c | 6 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++++--- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 ++- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/dpll/Kconfig | 2 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 +++++- drivers/gpio/gpiolib.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 ++- drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 +- drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 7 +- drivers/gpu/drm/i915/display/g4x_dp.c | 2 - .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 9 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 4 - drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 + drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 +- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 ++ drivers/gpu/drm/i915/gt/intel_gt.c | 6 + drivers/gpu/drm/i915/gt/intel_gt.h | 9 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 ++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++++-- drivers/gpu/drm/i915/i915_driver.c | 2 +- drivers/gpu/drm/i915/i915_perf.c | 2 +- drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 - drivers/gpu/drm/xe/Makefile | 4 +- drivers/gpu/drm/xe/xe_bo.c | 59 +----- drivers/gpu/drm/xe/xe_bo_types.h | 19 -- drivers/gpu/drm/xe/xe_device.h | 4 +- drivers/gpu/drm/xe/xe_exec.c | 31 +--- drivers/gpu/drm/xe/xe_exec_queue.c | 4 +- drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 + drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_pt.c | 8 +- drivers/gpu/drm/xe/xe_ring_ops.c | 11 +- drivers/gpu/drm/xe/xe_sched_job.c | 10 + drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/gpu/drm/xe/xe_vm.c | 27 +-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/iommu/iommu.c | 11 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 ++- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 ++-- drivers/net/ethernet/intel/e1000e/netdev.c | 24 ++- drivers/net/ethernet/intel/e1000e/phy.c | 184 +++++++++++------- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 13 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++++--- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +++-- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 18 +- drivers/net/ethernet/intel/ice/ice_switch.c | 24 ++- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 +- drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++- drivers/net/ethernet/microchip/lan743x_main.c | 18 ++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +++- drivers/net/ethernet/renesas/ravb_main.c | 33 ++-- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +++- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +++- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 ++ drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/pinctrl/aspeed/Makefile | 2 +- drivers/s390/net/qeth_core_main.c | 38 +++- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +-- drivers/scsi/sd.c | 2 +- drivers/scsi/sg.c | 4 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 +++++--- drivers/thermal/gov_power_allocator.c | 14 +- drivers/usb/typec/ucsi/ucsi.c | 10 +- fs/aio.c | 2 +- fs/bcachefs/mean_and_variance_test.c | 28 +-- fs/nfsd/nfs4state.c | 7 +- fs/nfsd/vfs.c | 3 +- fs/proc/Makefile | 2 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 19 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 157 ++++++++++------ fs/smb/client/dfs.c | 51 +++-- fs/smb/client/dfs.h | 33 ++-- fs/smb/client/dfs_cache.c | 53 +++--- fs/smb/client/dir.c | 15 ++ fs/smb/client/file.c | 111 +++++++++-- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 ++ fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 8 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/stackdepot.h | 46 +++++ include/linux/udp.h | 28 +++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + include/net/xdp_sock.h | 2 + include/sound/hdaudio_ext.h | 3 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++++-------- io_uring/kbuf.h | 8 +- io_uring/rw.c | 9 +- kernel/bpf/Makefile | 2 +- kernel/bpf/syscall.c | 35 +++- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- lib/stackdepot.c | 47 +---- mm/Makefile | 3 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++++--- net/bluetooth/hci_event.c | 25 +++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 44 ++++- net/ipv4/inet_fragment.c | 70 +++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 ++- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 2 - net/mptcp/sockopt.c | 4 + net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 +++++++-- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/Makefile.extrawarn | 10 +- scripts/bpf_doc.py | 4 +- scripts/mod/modpost.c | 7 +- security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l41_hda_property.c | 6 + sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/amd/acp/acp-pci.c | 13 +- sound/soc/codecs/cs42l43.c | 12 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- sound/soc/sof/intel/hda-common-ops.c | 3 + sound/soc/sof/intel/hda-dai-ops.c | 11 ++ sound/soc/sof/intel/hda-pcm.c | 29 +++ sound/soc/sof/intel/hda-stream.c | 70 +++++++ sound/soc/sof/intel/hda.h | 6 + sound/soc/sof/intel/lnl.c | 2 - sound/soc/sof/intel/mtl.c | 14 -- sound/soc/sof/intel/mtl.h | 10 - sound/soc/sof/ipc4-pcm.c | 193 +++++++++++++++---- sound/soc/sof/ipc4-priv.h | 14 -- sound/soc/sof/ipc4-topology.c | 22 ++- sound/soc/sof/ops.h | 24 ++- sound/soc/sof/pcm.c | 8 + sound/soc/sof/sof-audio.h | 9 +- sound/soc/sof/sof-priv.h | 24 ++- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 ++-- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++++++++++++-------- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 327 files changed, 3223 insertions(+), 1693 deletions(-)

1 year, 4 months

20
312
0 0

[PATCH v4 RESEND] lockdep: fix deadlock issue between lockdep and rcu

by Carlos Llamas

From: Zhiguo Niu <zhiguo.niu(a)unisoc.com> There is a deadlock scenario between lockdep and rcu when rcu nocb feature is enabled, just as following call stack: rcuop/x -000|queued_spin_lock_slowpath(lock = 0xFFFFFF817F2A8A80, val = ?) -001|queued_spin_lock(inline) // try to hold nocb_gp_lock -001|do_raw_spin_lock(lock = 0xFFFFFF817F2A8A80) -002|__raw_spin_lock_irqsave(inline) -002|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F2A8A80) -003|wake_nocb_gp_defer(inline) -003|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F30B680) -004|__call_rcu_common(inline) -004|call_rcu(head = 0xFFFFFFC082EECC28, func = ?) -005|call_rcu_zapped(inline) -005|free_zapped_rcu(ch = ?)// hold graph lock -006|rcu_do_batch(rdp = 0xFFFFFF817F245680) -007|nocb_cb_wait(inline) -007|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F245680) -008|kthread(_create = 0xFFFFFF80803122C0) -009|ret_from_fork(asm) rcuop/y -000|queued_spin_lock_slowpath(lock = 0xFFFFFFC08291BBC8, val = 0) -001|queued_spin_lock() -001|lockdep_lock() -001|graph_lock() // try to hold graph lock -002|lookup_chain_cache_add() -002|validate_chain() -003|lock_acquire -004|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F211D80) -005|lock_timer_base(inline) -006|mod_timer(inline) -006|wake_nocb_gp_defer(inline)// hold nocb_gp_lock -006|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F2A8680) -007|__call_rcu_common(inline) -007|call_rcu(head = 0xFFFFFFC0822E0B58, func = ?) -008|call_rcu_hurry(inline) -008|rcu_sync_call(inline) -008|rcu_sync_func(rhp = 0xFFFFFFC0822E0B58) -009|rcu_do_batch(rdp = 0xFFFFFF817F266680) -010|nocb_cb_wait(inline) -010|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F266680) -011|kthread(_create = 0xFFFFFF8080363740) -012|ret_from_fork(asm) rcuop/x and rcuop/y are rcu nocb threads with the same nocb gp thread. This patch release the graph lock before lockdep call_rcu. Fixes: a0b0fd53e1e6 ("locking/lockdep: Free lock classes that are no longer in use") Cc: <stable(a)vger.kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Waiman Long <longman(a)redhat.com> Cc: Carlos Llamas <cmllamas(a)google.com> Cc: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Xuewen Yan <xuewen.yan(a)unisoc.com> Reviewed-by: Boqun Feng <boqun.feng(a)gmail.com> Reviewed-by: Waiman Long <longman(a)redhat.com> Reviewed-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- kernel/locking/lockdep.c | 48 ++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c index 151bd3de5936..3468d8230e5f 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c @@ -6184,25 +6184,27 @@ static struct pending_free *get_pending_free(void) static void free_zapped_rcu(struct rcu_head *cb); /* - * Schedule an RCU callback if no RCU callback is pending. Must be called with - * the graph lock held. - */ -static void call_rcu_zapped(struct pending_free *pf) +* See if we need to queue an RCU callback, must called with +* the lockdep lock held, returns false if either we don't have +* any pending free or the callback is already scheduled. +* Otherwise, a call_rcu() must follow this function call. +*/ +static bool prepare_call_rcu_zapped(struct pending_free *pf) { WARN_ON_ONCE(inside_selftest()); if (list_empty(&pf->zapped)) - return; + return false; if (delayed_free.scheduled) - return; + return false; delayed_free.scheduled = true; WARN_ON_ONCE(delayed_free.pf + delayed_free.index != pf); delayed_free.index ^= 1; - call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + return true; } /* The caller must hold the graph lock. May be called from RCU context. */ @@ -6228,6 +6230,7 @@ static void free_zapped_rcu(struct rcu_head *ch) { struct pending_free *pf; unsigned long flags; + bool need_callback; if (WARN_ON_ONCE(ch != &delayed_free.rcu_head)) return; @@ -6239,14 +6242,18 @@ static void free_zapped_rcu(struct rcu_head *ch) pf = delayed_free.pf + (delayed_free.index ^ 1); __free_zapped_classes(pf); delayed_free.scheduled = false; + need_callback = + prepare_call_rcu_zapped(delayed_free.pf + delayed_free.index); + lockdep_unlock(); + raw_local_irq_restore(flags); /* - * If there's anything on the open list, close and start a new callback. - */ - call_rcu_zapped(delayed_free.pf + delayed_free.index); + * If there's pending free and its callback has not been scheduled, + * queue an RCU callback. + */ + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); - lockdep_unlock(); - raw_local_irq_restore(flags); } /* @@ -6286,6 +6293,7 @@ static void lockdep_free_key_range_reg(void *start, unsigned long size) { struct pending_free *pf; unsigned long flags; + bool need_callback; init_data_structures_once(); @@ -6293,10 +6301,11 @@ static void lockdep_free_key_range_reg(void *start, unsigned long size) lockdep_lock(); pf = get_pending_free(); __lockdep_free_key_range(pf, start, size); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); lockdep_unlock(); raw_local_irq_restore(flags); - + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); /* * Wait for any possible iterators from look_up_lock_class() to pass * before continuing to free the memory they refer to. @@ -6390,6 +6399,7 @@ static void lockdep_reset_lock_reg(struct lockdep_map *lock) struct pending_free *pf; unsigned long flags; int locked; + bool need_callback = false; raw_local_irq_save(flags); locked = graph_lock(); @@ -6398,11 +6408,13 @@ static void lockdep_reset_lock_reg(struct lockdep_map *lock) pf = get_pending_free(); __lockdep_reset_lock(pf, lock); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); graph_unlock(); out_irq: raw_local_irq_restore(flags); + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); } /* @@ -6446,6 +6458,7 @@ void lockdep_unregister_key(struct lock_class_key *key) struct pending_free *pf; unsigned long flags; bool found = false; + bool need_callback = false; might_sleep(); @@ -6466,11 +6479,14 @@ void lockdep_unregister_key(struct lock_class_key *key) if (found) { pf = get_pending_free(); __lockdep_free_key_range(pf, key, 1); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); } lockdep_unlock(); raw_local_irq_restore(flags); + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + /* Wait until is_dynamic_key() has finished accessing k->hash_entry. */ synchronize_rcu(); } -- 2.44.0.683.g7961c838ac-goog

1 year, 4 months

2
1
0 0

Kernel Issue: Wrong EFI Loader Signature followed by Kernel Panic

by Atishya Jain

Dear Linux Stable Team, I am writing to report an issue encountered while attempting to boot kernel version 5.4.274 with an egress XDP patch applied. The issue arises with the EFI loader signature, leading to subsequent kernel panic. *Problem Description:* When attempting to boot kernel version 5.4.274 with the egress XDP patch, I encountered the following sequence of events: 1. Initially, the system displays the message "Wrong EFI loader signature." 2. Following this message, the system proceeds to decompress the Linux kernel and performs ELF parsing and relocations successfully. 3. However, upon attempting to boot the kernel, a kernel panic occurs with the error message: "Kernel panic not syncing: UFS: Unable to mount root fs on unknown-block(0,0)." *Error Messages*:(ScreenShots Attached) Upon selecting the kernel version 5.4.274, the system displays the following error messages: ``` Wrong EFI loader signature. early console in extract_kernel input_data: 0x00000000027493b1 input_len: 0x000000000086892c output: 0x0000000001000000 output_len: 0x0000000001f81298 kernel_total_size: 0x0000000001e2c000 needed_size: 0x0000000002000000 trampoline_32bit: 0x0000000000090000 booted via startup_32() Physical, KASLR using RDTSC. Virtual KASLR using RDTSC.. Decompressing Linux... Parsing ELF... Performing relocations... done. Booting the kernel. 8.0522441 RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible! 0.9972031 Kernel panic not syncing: UFS: Unable to mount root fs on unknown-block(0,0) CPU: 1 PID: 1 Command: swapper/0 Not tainted 5.4.274 #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: dump_stack+0x58/0x63 panic+0x188/0x2ce Mount_block_root+0x19b/0x23a prepare_namespace+0x136/0x16c kernel_init_freeable+0x207/0x210 rest_init+0x90/0x90 kernel_init+0x5/0xf6 ret_from_fork+0x35/0x48 Kernel Offset: 0x8488000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xfffffffffffffff) --- end Kernel panic not syncing: UFS: Unable to mount root fs on unknown-block(0,8) ``` *Additional Information*: - The issue persists even after signing the kernel. - I am using Kali Linux in VMware, with the following system information: - Linux kali 6.6.15-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.6.15-2kali1 (2024-04-09) x86_64 GNU/Linux *Steps Taken*: 1. Applied egress XDP patch to kernel version 5.4.274. 2. Attempted to boot the patched kernel. 3. Encountered the "Wrong EFI loader signature" message followed by kernel panic. *Action Required*: I kindly request assistance in resolving this issue or guidance on further troubleshooting steps. Please let me know if any additional information is required. Thank you for your attention to this matter. Best regards, Atishya Jain Project Associate Indian Institute of Technology Gandhinagar Palaj, Gandhinagar - 382055 - India. Email: atishya.jain(a)iitgn.ac.in LinkedIn: www.linkedin.com/in/atishya-jain-it *Screenshots:*

1 year, 4 months

2
1
0 0

[tip: x86/urgent] x86/apic: Don't access the APIC when disabling x2APIC

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 720a22fd6c1cdadf691281909950c0cbc5cdf17e Gitweb: https://git.kernel.org/tip/720a22fd6c1cdadf691281909950c0cbc5cdf17e Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Fri, 26 Apr 2024 00:30:36 +02:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Tue, 30 Apr 2024 07:51:34 +02:00 x86/apic: Don't access the APIC when disabling x2APIC With 'iommu=off' on the kernel command line and x2APIC enabled by the BIOS the code which disables the x2APIC triggers an unchecked MSR access error: RDMSR from 0x802 at rIP: 0xffffffff94079992 (native_apic_msr_read+0x12/0x50) This is happens because default_acpi_madt_oem_check() selects an x2APIC driver before the x2APIC is disabled. When the x2APIC is disabled because interrupt remapping cannot be enabled due to 'iommu=off' on the command line, x2apic_disable() invokes apic_set_fixmap() which in turn tries to read the APIC ID. This triggers the MSR warning because x2APIC is disabled, but the APIC driver is still x2APIC based. Prevent that by adding an argument to apic_set_fixmap() which makes the APIC ID read out conditional and set it to false from the x2APIC disable path. That's correct as the APIC ID has already been read out during early discovery. Fixes: d10a904435fa ("x86/apic: Consolidate boot_cpu_physical_apicid initialization sites") Reported-by: Adrian Huang <ahuang12(a)lenovo.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Adrian Huang <ahuang12(a)lenovo.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/875xw5t6r7.ffs@tglx --- arch/x86/kernel/apic/apic.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index c342c4a..803dcfb 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1771,7 +1771,7 @@ void x2apic_setup(void) __x2apic_enable(); } -static __init void apic_set_fixmap(void); +static __init void apic_set_fixmap(bool read_apic); static __init void x2apic_disable(void) { @@ -1793,7 +1793,12 @@ static __init void x2apic_disable(void) } __x2apic_disable(); - apic_set_fixmap(); + /* + * Don't reread the APIC ID as it was already done from + * check_x2apic() and the APIC driver still is a x2APIC variant, + * which fails to do the read after x2APIC was disabled. + */ + apic_set_fixmap(false); } static __init void x2apic_enable(void) @@ -2057,13 +2062,14 @@ void __init init_apic_mappings(void) } } -static __init void apic_set_fixmap(void) +static __init void apic_set_fixmap(bool read_apic) { set_fixmap_nocache(FIX_APIC_BASE, mp_lapic_addr); apic_mmio_base = APIC_BASE; apic_printk(APIC_VERBOSE, "mapped APIC to %16lx (%16lx)\n", apic_mmio_base, mp_lapic_addr); - apic_read_boot_cpu_id(false); + if (read_apic) + apic_read_boot_cpu_id(false); } void __init register_lapic_address(unsigned long address) @@ -2073,7 +2079,7 @@ void __init register_lapic_address(unsigned long address) mp_lapic_addr = address; if (!x2apic_mode) - apic_set_fixmap(); + apic_set_fixmap(true); } /*

1 year, 4 months

1
0
0 0

[tip: x86/urgent] x86/apic: Don't access the APIC when disabling X2APIC

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 1e1dd773644e9de88f54386f7147c1068375fc75 Gitweb: https://git.kernel.org/tip/1e1dd773644e9de88f54386f7147c1068375fc75 Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Fri, 26 Apr 2024 00:30:36 +02:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Mon, 29 Apr 2024 12:08:07 +02:00 x86/apic: Don't access the APIC when disabling X2APIC With 'iommu=off' on the kernel command line and X2APIC enabled by the BIOS the code which disables the X2APIC triggers an unchecked MSR access error: RDMSR from 0x802 at rIP: 0xffffffff94079992 (native_apic_msr_read+0x12/0x50) This is happens because default_acpi_madt_oem_check() selects an X2APIC driver before the X2APIC is disabled. When the X2APIC is disabled because interrupt remapping cannot be enabled due to 'iommu=off' on the command line, x2apic_disable() invokes apic_set_fixmap() which in turn tries to read the APIC ID. This triggers the MSR warning because X2APIC is disabled, but the APIC driver is still X2APIC based. Prevent that by adding an argument to apic_set_fixmap() which makes the APIC ID read out conditional and set it to false from the X2APIC disable path. That's correct as the APIC ID has already been read out during early discovery. Fixes: d10a904435fa ("x86/apic: Consolidate boot_cpu_physical_apicid initialization sites") Reported-by: Adrian Huang <ahuang12(a)lenovo.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Adrian Huang <ahuang12(a)lenovo.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/875xw5t6r7.ffs@tglx --- arch/x86/kernel/apic/apic.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index c342c4a..b229648 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1771,7 +1771,7 @@ void x2apic_setup(void) __x2apic_enable(); } -static __init void apic_set_fixmap(void); +static __init void apic_set_fixmap(bool read_apic); static __init void x2apic_disable(void) { @@ -1793,7 +1793,12 @@ static __init void x2apic_disable(void) } __x2apic_disable(); - apic_set_fixmap(); + /* + * Don't reread the APIC ID as it was already done from + * check_x2apic() and the apic driver still is a x2APIC variant, + * which fails to do the read after x2APIC was disabled. + */ + apic_set_fixmap(false); } static __init void x2apic_enable(void) @@ -2057,13 +2062,14 @@ void __init init_apic_mappings(void) } } -static __init void apic_set_fixmap(void) +static __init void apic_set_fixmap(bool read_apic) { set_fixmap_nocache(FIX_APIC_BASE, mp_lapic_addr); apic_mmio_base = APIC_BASE; apic_printk(APIC_VERBOSE, "mapped APIC to %16lx (%16lx)\n", apic_mmio_base, mp_lapic_addr); - apic_read_boot_cpu_id(false); + if (read_apic) + apic_read_boot_cpu_id(false); } void __init register_lapic_address(unsigned long address) @@ -2073,7 +2079,7 @@ void __init register_lapic_address(unsigned long address) mp_lapic_addr = address; if (!x2apic_mode) - apic_set_fixmap(); + apic_set_fixmap(true); } /*

1 year, 4 months

2
1
0 0

[PATCH] Revert "riscv: kdump: fix crashkernel reserving problem on RISC-V"

by Mingzheng Xing

This reverts commit 1d6cd2146c2b58bc91266db1d5d6a5f9632e14c0 which has been merged into the mainline commit 39365395046f ("riscv: kdump: use generic interface to simplify crashkernel reservation"), but the latter's series of patches are not included in the 6.6 branch. This will result in the loss of Crash kernel data in /proc/iomem, and kdump loading the kernel will also cause an error: ``` Memory for crashkernel is not reserved Please reserve memory by passing"crashkernel=Y@X" parameter to kernel Then try to loading kdump kernel ``` After revert this patch, verify that it works properly on QEMU riscv. Link: https://lore.kernel.org/linux-riscv/ZSiQRDGLZk7lpakE@MiWiFi-R3L-srv Signed-off-by: Mingzheng Xing <xingmingzheng(a)iscas.ac.cn> --- arch/riscv/kernel/setup.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index aac853ae4eb74..e600aab116a40 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -173,6 +173,19 @@ static void __init init_resources(void) if (ret < 0) goto error; +#ifdef CONFIG_KEXEC_CORE + if (crashk_res.start != crashk_res.end) { + ret = add_resource(&iomem_resource, &crashk_res); + if (ret < 0) + goto error; + } + if (crashk_low_res.start != crashk_low_res.end) { + ret = add_resource(&iomem_resource, &crashk_low_res); + if (ret < 0) + goto error; + } +#endif + #ifdef CONFIG_CRASH_DUMP if (elfcorehdr_size > 0) { elfcorehdr_res.start = elfcorehdr_addr; -- 2.34.1

1 year, 4 months

3
11
0 0

[PATCH] drm/xe: Unmap userptr in MMU invalidation notifier

by Matthew Brost

To be secure, when a userptr is invalidated the pages should be dma unmapped ensuring the device can no longer touch the invalidated pages. v2: - Don't free sg table in MMU notifer, just dma unmap pages Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Fixes: 12f4b58a37f4 ("drm/xe: Use hmm_range_fault to populate user pages") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: stable(a)vger.kernel.org # 6.8 Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_hmm.c | 42 ++++++++++++++++++++++++++------ drivers/gpu/drm/xe/xe_hmm.h | 1 + drivers/gpu/drm/xe/xe_pt.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 5 +++- drivers/gpu/drm/xe/xe_vm_types.h | 5 +++- 5 files changed, 45 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_hmm.c b/drivers/gpu/drm/xe/xe_hmm.c index 2c32dc46f7d4..baf42514e1f9 100644 --- a/drivers/gpu/drm/xe/xe_hmm.c +++ b/drivers/gpu/drm/xe/xe_hmm.c @@ -112,16 +112,20 @@ static int xe_build_sg(struct xe_device *xe, struct hmm_range *range, return ret; } -/* - * xe_hmm_userptr_free_sg() - Free the scatter gather table of userptr +#define need_unmap(__sg) ((u64)(__sg) & 0x1ull) +#define clear_need_unmap(__sg) (__sg) = (struct sg_table *)((u64)(__sg) & ~0x1ull) +#define set_need_unmap(__sg) (__sg) = (struct sg_table *)((u64)(__sg) | 0x1ull) + +/** + * xe_hmm_userptr_unmap_sg() - Unmap the scatter gather table of userptr * * @uvma: the userptr vma which hold the scatter gather table * * With function xe_userptr_populate_range, we allocate storage of - * the userptr sg table. This is a helper function to free this - * sg table, and dma unmap the address in the table. + * the userptr sg table. This is a helper function to dma unmap the address in + * the table. */ -void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma) +void xe_hmm_userptr_unmap_sg(struct xe_userptr_vma *uvma) { struct xe_userptr *userptr = &uvma->userptr; struct xe_vma *vma = &uvma->vma; @@ -129,11 +133,34 @@ void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma) struct xe_vm *vm = xe_vma_vm(vma); struct xe_device *xe = vm->xe; struct device *dev = xe->drm.dev; + bool do_unmap; xe_assert(xe, userptr->sg); - dma_unmap_sgtable(dev, userptr->sg, - write ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE, 0); + spin_lock(&vm->userptr.invalidated_lock); + do_unmap = need_unmap(userptr->sg); + clear_need_unmap(userptr->sg); + spin_unlock(&vm->userptr.invalidated_lock); + + if (do_unmap) + dma_unmap_sgtable(dev, userptr->sg, + write ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE, 0); +} + +/* + * xe_hmm_userptr_free_sg() - Free the scatter gather table of userptr + * + * @uvma: the userptr vma which hold the scatter gather table + * + * With function xe_userptr_populate_range, we allocate storage of + * the userptr sg table. This is a helper function to free this + * sg table, and dma unmap the address in the table. + */ +void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma) +{ + struct xe_userptr *userptr = &uvma->userptr; + + xe_hmm_userptr_unmap_sg(uvma); sg_free_table(userptr->sg); userptr->sg = NULL; } @@ -244,6 +271,7 @@ int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, xe_mark_range_accessed(&hmm_range, write); userptr->sg = &userptr->sgt; + set_need_unmap(userptr->sg); userptr->notifier_seq = hmm_range.notifier_seq; free_pfns: diff --git a/drivers/gpu/drm/xe/xe_hmm.h b/drivers/gpu/drm/xe/xe_hmm.h index 909dc2bdcd97..56e653dc9fa2 100644 --- a/drivers/gpu/drm/xe/xe_hmm.h +++ b/drivers/gpu/drm/xe/xe_hmm.h @@ -9,3 +9,4 @@ struct xe_userptr_vma; int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, bool is_mm_mmap_locked); void xe_hmm_userptr_free_sg(struct xe_userptr_vma *uvma); +void xe_hmm_userptr_unmap_sg(struct xe_userptr_vma *uvma); diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 8d3765d3351e..b095257dc684 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -635,7 +635,7 @@ xe_pt_stage_bind(struct xe_tile *tile, struct xe_vma *vma, if (!xe_vma_is_null(vma)) { if (xe_vma_is_userptr(vma)) - xe_res_first_sg(to_userptr_vma(vma)->userptr.sg, 0, + xe_res_first_sg(vma_to_userptr_sg(vma), 0, xe_vma_size(vma), &curs); else if (xe_bo_is_vram(bo) || xe_bo_is_stolen(bo)) xe_res_first(bo->ttm.resource, xe_vma_bo_offset(vma), diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index dfd31b346021..c3d54dcf2a3e 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -637,6 +637,9 @@ static bool vma_userptr_invalidate(struct mmu_interval_notifier *mni, XE_WARN_ON(err); } + if (userptr->sg) + xe_hmm_userptr_unmap_sg(uvma); + trace_xe_vma_userptr_invalidate_complete(vma); return true; @@ -3405,7 +3408,7 @@ int xe_analyze_vm(struct drm_printer *p, struct xe_vm *vm, int gt_id) if (is_null) { addr = 0; } else if (is_userptr) { - struct sg_table *sg = to_userptr_vma(vma)->userptr.sg; + struct sg_table *sg = vma_to_userptr_sg(vma); struct xe_res_cursor cur; if (sg) { diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index ce1a63a5e3e7..0478a2235076 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -34,6 +34,9 @@ struct xe_vm; #define XE_VMA_PTE_COMPACT (DRM_GPUVA_USERBITS << 9) #define XE_VMA_DUMPABLE (DRM_GPUVA_USERBITS << 10) +#define vma_to_userptr_sg(__vma) \ + (struct sg_table *)((u64)to_userptr_vma((__vma))->userptr.sg & ~0x1ull) + /** struct xe_userptr - User pointer */ struct xe_userptr { /** @invalidate_link: Link for the vm::userptr.invalidated list */ @@ -206,7 +209,7 @@ struct xe_vm { struct rw_semaphore notifier_lock; /** * @userptr.invalidated_lock: Protects the - * @userptr.invalidated list. + * @userptr.invalidated list and dma mapped pages of userptrs */ spinlock_t invalidated_lock; /** -- 2.34.1

1 year, 4 months

1
0
0 0

[PATCH v2] chrome/cros_ec: Handle events during suspend after resume completion

by Karthikeyan Ramasubramanian

Commit 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") re-ordered the resume sequence. Before that change, cros_ec resume sequence is: 1) Enable IRQ 2) Send resume event 3) Handle events during suspend After commit 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable"), cros_ec resume sequence is: 1) Enable IRQ 2) Handle events during suspend 3) Send resume event. This re-ordering leads to delayed handling of any events queued between items 2) and 3) with the updated sequence. Also in certain platforms, EC skips triggering interrupt for certain events eg. mkbp events until the resume event is received. Such events are stuck in the host event queue indefinitely. This change puts back the original order to avoid any delay in handling the pending events. Fixes: 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") Cc: stable(a)vger.kernel.org Cc: Lalith Rajendran <lalithkraj(a)chromium.org> Cc: chrome-platform(a)lists.linux.dev Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- Changes in v2: - Updated the commit message with the right problem description drivers/platform/chrome/cros_ec.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c index badc68bbae8cc..41714df053916 100644 --- a/drivers/platform/chrome/cros_ec.c +++ b/drivers/platform/chrome/cros_ec.c @@ -432,6 +432,12 @@ static void cros_ec_send_resume_event(struct cros_ec_device *ec_dev) void cros_ec_resume_complete(struct cros_ec_device *ec_dev) { cros_ec_send_resume_event(ec_dev); + /* + * Let the mfd devices know about events that occur during + * suspend. This way the clients know what to do with them. + */ + cros_ec_report_events_during_suspend(ec_dev); + } EXPORT_SYMBOL(cros_ec_resume_complete); @@ -442,12 +448,6 @@ static void cros_ec_enable_irq(struct cros_ec_device *ec_dev) if (ec_dev->wake_enabled) disable_irq_wake(ec_dev->irq); - - /* - * Let the mfd devices know about events that occur during - * suspend. This way the clients know what to do with them. - */ - cros_ec_report_events_during_suspend(ec_dev); } /** @@ -475,8 +475,9 @@ EXPORT_SYMBOL(cros_ec_resume_early); */ int cros_ec_resume(struct cros_ec_device *ec_dev) { - cros_ec_enable_irq(ec_dev); - cros_ec_send_resume_event(ec_dev); + cros_ec_resume_early(ec_dev); + cros_ec_resume_complete(ec_dev); + return 0; } EXPORT_SYMBOL(cros_ec_resume); -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

2
2
0 0

[PATCH] kselftest: Add a ksft_perror() helper

by Edward Liaw

From: Mark Brown <broonie(a)kernel.org> [ Upstream commit 907f33028871fa7c9a3db1efd467b78ef82cce20 ] The standard library perror() function provides a convenient way to print an error message based on the current errno but this doesn't play nicely with KTAP output. Provide a helper which does an equivalent thing in a KTAP compatible format. nolibc doesn't have a strerror() and adding the table of strings required doesn't seem like a good fit for what it's trying to do so when we're using that only print the errno. Signed-off-by: Mark Brown <broonie(a)kernel.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Stable-dep-of: 071af0c9e582 ("selftests: timers: Convert posix_timers test to generate KTAP output") Signed-off-by: Edward Liaw <edliaw(a)google.com> --- tools/testing/selftests/kselftest.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index e8eecbc83a60..ad7b97e16f37 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -48,6 +48,7 @@ #include <stdlib.h> #include <unistd.h> #include <stdarg.h> +#include <string.h> #include <stdio.h> #include <sys/utsname.h> #endif @@ -156,6 +157,19 @@ static inline void ksft_print_msg(const char *msg, ...) va_end(args); } +static inline void ksft_perror(const char *msg) +{ +#ifndef NOLIBC + ksft_print_msg("%s: %s (%d)\n", msg, strerror(errno), errno); +#else + /* + * nolibc doesn't provide strerror() and it seems + * inappropriate to add one, just print the errno. + */ + ksft_print_msg("%s: %d)\n", msg, errno); +#endif +} + static inline void ksft_test_result_pass(const char *msg, ...) { int saved_errno = errno; -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

1
1
0 0

[PATCH 6.6.y 1/4] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads

by Rahul Rameshbabu

commit 475747a19316b08e856c666a20503e73d7ed67ed upstream. Omit rx_use_md_dst comment in upstream commit since macsec_ops is not documented. Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- include/net/macsec.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/net/macsec.h b/include/net/macsec.h index ebf9bc54036a..75340c3e0c8b 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -303,6 +303,7 @@ struct macsec_ops { int (*mdo_get_tx_sa_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sc_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sa_stats)(struct macsec_context *ctx); + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa); -- 2.42.0

1 year, 4 months

1
3
0 0

[PATCH 0/2] clk: bcm: Move a couple of __counted_by initializations

by Nathan Chancellor

Hi all, This series addresses two UBSAN warnings I see on my Raspberry Pi 4 with recent releases of clang that support __counted_by by moving the initializations of the element count member before any accesses of the flexible array member. I marked these for stable because more distributions are enabling the bounds sanitizer [1][2], so the warnings will show up when the kernel is built with a compiler that supports __counted_by, so it seems worth fixing this for future users. [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914685 [2]: https://src.fedoraproject.org/rpms/kernel/c/79a2207963b8fea452acfc5dea13ed5… --- Nathan Chancellor (2): clk: bcm: dvp: Assign ->num before accessing ->hws clk: bcm: rpi: Assign ->num before accessing ->hws drivers/clk/bcm/clk-bcm2711-dvp.c | 3 ++- drivers/clk/bcm/clk-raspberrypi.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) --- base-commit: ed30a4a51bb196781c8058073ea720133a65596f change-id: 20240424-cbl-bcm-assign-counted-by-val-before-access-cf19d630f2b4 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 4 months

4
8
0 0

[PATCH] firewire: ohci: fulfill timestamp for some local asynchronous transaction

by Takashi Sakamoto

1394 OHCI driver generates packet data for the response subaction to the request subaction to some local registers. In the case, the driver should assign timestamp to them by itself. This commit fulfills the timestamp for the subaction. Cc: stable(a)vger.kernel.org Fixes: dcadfd7f7c74 ("firewire: core: use union for callback of transaction completion") Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- drivers/firewire/ohci.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c index 38d19410a2be..b9ae0340b8a7 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c @@ -1556,6 +1556,8 @@ static int handle_at_packet(struct context *context, #define HEADER_GET_DATA_LENGTH(q) (((q) >> 16) & 0xffff) #define HEADER_GET_EXTENDED_TCODE(q) (((q) >> 0) & 0xffff) +static u32 get_cycle_time(struct fw_ohci *ohci); + static void handle_local_rom(struct fw_ohci *ohci, struct fw_packet *packet, u32 csr) { @@ -1580,6 +1582,8 @@ static void handle_local_rom(struct fw_ohci *ohci, (void *) ohci->config_rom + i, length); } + // Timestamping on behalf of the hardware. + response.timestamp = cycle_time_to_ohci_tstamp(get_cycle_time(ohci)); fw_core_handle_response(&ohci->card, &response); } @@ -1628,6 +1632,8 @@ static void handle_local_lock(struct fw_ohci *ohci, fw_fill_response(&response, packet->header, RCODE_BUSY, NULL, 0); out: + // Timestamping on behalf of the hardware. + response.timestamp = cycle_time_to_ohci_tstamp(get_cycle_time(ohci)); fw_core_handle_response(&ohci->card, &response); } @@ -1670,8 +1676,6 @@ static void handle_local_request(struct context *ctx, struct fw_packet *packet) } } -static u32 get_cycle_time(struct fw_ohci *ohci); - static void at_context_transmit(struct context *ctx, struct fw_packet *packet) { unsigned long flags; -- 2.43.0

1 year, 4 months

1
1
0 0

[PATCH 4.19 00/41] 4.19.310-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 4.19.310 release. There are 41 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 15 05:04:34 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Arnd Bergmann (1): y2038: rusage: use __kernel_old_timeval Christophe Leroy (3): tools/selftest/vm: allow choosing mem size and page size in map_hugetlb selftests/vm: fix display of page size in map_hugetlb selftests/vm: fix map_hugetlb length used for testing read and write Dexuan Cui (1): hv_netvsc: Make netvsc/VF binding check both MAC and serial number Edward Adam Davis (1): net/rds: fix WARNING in rds_conn_connect_if_down Eric Dumazet (2): geneve: make sure to pull inner header in geneve_rx() net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Fedor Pchelkin (1): btrfs: ref-verify: free ref cache before clearing mount opt Ingo Molnar (1): exit: Fix typo in comment: s/sub-theads/sub-threads Jason Xing (12): netrom: Fix a data-race around sysctl_netrom_default_path_quality netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix data-races around sysctl_net_busy_read Johannes Berg (1): um: allow not setting extra rpaths in the linux binary John Efstathiades (4): lan78xx: Fix white space and style issues lan78xx: Add missing return code checks lan78xx: Fix partial packet errors on suspend/resume lan78xx: Fix race conditions in suspend/resume handling Juhee Kang (1): hv_netvsc: use netif_is_bond_master() instead of open code Lee Jones (1): net: usb: lan78xx: Remove lots of set but unused 'ret' variables Lena Wang (1): netfilter: nf_conntrack_h323: Add protection for bmp length out of range Li RongQing (1): net: move definition of pcpu_lstats to header file Nico Pache (1): selftests: mm: fix map_hugetlb failure on 64K page size systems Oleg Nesterov (5): getrusage: add the "signal_struct *sig" local variable getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: use __for_each_thread() getrusage: use sig->stats_lock rather than lock_task_sighand() exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Oleksij Rempel (1): net: lan78xx: fix runtime PM count underflow on link stop Sasha Levin (1): Linux 4.19.310-rc1 Shradha Gupta (1): hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Werner Sembach (1): Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Makefile | 4 +- arch/alpha/kernel/osf_sys.c | 2 +- arch/um/Kconfig | 13 + arch/um/Makefile | 3 +- arch/x86/Makefile.um | 2 +- drivers/input/serio/i8042-x86ia64io.h | 6 + drivers/net/geneve.c | 18 +- drivers/net/hyperv/netvsc_drv.c | 96 ++- drivers/net/loopback.c | 6 - drivers/net/nlmon.c | 6 - drivers/net/usb/lan78xx.c | 966 +++++++++++++++++------ drivers/net/vsockmon.c | 14 +- fs/btrfs/ref-verify.c | 6 +- include/linux/netdevice.h | 6 + include/uapi/linux/resource.h | 4 +- kernel/exit.c | 12 +- kernel/sys.c | 91 ++- net/ipv6/route.c | 21 +- net/netfilter/nf_conntrack_h323_asn1.c | 4 + net/netrom/af_netrom.c | 14 +- net/netrom/nr_dev.c | 2 +- net/netrom/nr_in.c | 6 +- net/netrom/nr_out.c | 2 +- net/netrom/nr_route.c | 8 +- net/netrom/nr_subr.c | 5 +- net/rds/rdma.c | 3 + net/rds/send.c | 6 +- tools/testing/selftests/vm/map_hugetlb.c | 50 +- 28 files changed, 994 insertions(+), 382 deletions(-) -- 2.43.0

1 year, 4 months

6
48
0 0

FAILED: patch "[PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 025a6f7448f7bb5f4fceb62498ee33d89ae266bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042919-enlisted-punch-79a5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 025a6f7448f7 ("phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6") ef643d55fdeb ("phy: qcom: qmp: split DP PHY registers to separate headers") 7b98cf0e9b5f ("phy: qcom-qmp: pcs: Add v7 register offsets") dc32762214e4 ("phy: qcom-qmp: move PCS MISC V4 registers to separate header") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 025a6f7448f7bb5f4fceb62498ee33d89ae266bb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Mon, 8 Apr 2024 11:30:23 +0200 Subject: [PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6 Commit 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") fixed a regression introduced in 6.5 by making sure that the correct offset is used for the DP_PHY_VCO_DIV register on v3 hardware. Unfortunately, that fix instead broke DisplayPort on v5_5nm and v6 hardware as it failed to add the corresponding offsets also to those register tables. Fixes: 815891eee668 ("phy: qcom-qmp-combo: Introduce orientation variable") Fixes: 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") Cc: stable(a)vger.kernel.org # 6.5: 5abed58a8bde Cc: Stephen Boyd <swboyd(a)chromium.org> Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Stephen Boyd <swboyd(a)chromium.org> Reviewed-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Link: https://lore.kernel.org/r/20240408093023.506-1-johan+linaro@kernel.org Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c index 2a6f70b3e25f..c21cdb8dbfe7 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c @@ -153,6 +153,7 @@ static const unsigned int qmp_v5_5nm_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V5_COM_BIAS_EN_CLKBUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V5_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V5_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V5_5NM_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V5_5NM_TX_TX_DRV_LVL, @@ -177,6 +178,7 @@ static const unsigned int qmp_v6_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V6_COM_PLL_BIAS_EN_CLK_BUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V6_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V6_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V6_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V6_TX_TX_DRV_LVL, diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h index f5cfacf9be96..181057421c11 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V5_H_ /* Only for QMP V5 PHY - DP PHY registers */ +#define QSERDES_V5_DP_PHY_VCO_DIV 0x070 #define QSERDES_V5_DP_PHY_AUX_INTERRUPT_STATUS 0x0d8 #define QSERDES_V5_DP_PHY_STATUS 0x0dc diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h index 01a20d3be4b8..fa967a1af058 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V6_H_ /* Only for QMP V6 PHY - DP PHY registers */ +#define QSERDES_V6_DP_PHY_VCO_DIV 0x070 #define QSERDES_V6_DP_PHY_AUX_INTERRUPT_STATUS 0x0e0 #define QSERDES_V6_DP_PHY_STATUS 0x0e4

1 year, 4 months

2
1
0 0

[PATCH v8 01/35] dyndbg: fix old BUG_ON in >control parser

by Jim Cromie

Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead. cc: stable(a)vger.kernel.org Signed-off-by: Jim Cromie <jim.cromie(a)gmail.com> --- lib/dynamic_debug.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c index c78f335fa981..f2c5e7910bb1 100644 --- a/lib/dynamic_debug.c +++ b/lib/dynamic_debug.c @@ -302,7 +302,11 @@ static int ddebug_tokenize(char *buf, char *words[], int maxwords) } else { for (end = buf; *end && !isspace(*end); end++) ; - BUG_ON(end == buf); + if (end == buf) { + pr_err("parse err after word:%d=%s\n", nwords, + nwords ? words[nwords - 1] : "<none>"); + return -EINVAL; + } } /* `buf' is start of word, `end' is one past its end */ -- 2.44.0

1 year, 4 months

1
0
0 0

[PATCH v2 2/2] drm/nouveau/gsp: Use the sg allocator for level 2 of radix3

by Lyude Paul

Currently we allocate all 3 levels of radix3 page tables using nvkm_gsp_mem_ctor(), which uses dma_alloc_coherent() for allocating all of the relevant memory. This can end up failing in scenarios where the system has very high memory fragmentation, and we can't find enough contiguous memory to allocate level 2 of the page table. Currently, this can result in runtime PM issues on systems where memory fragmentation is high - as we'll fail to allocate the page table for our suspend/resume buffer: kworker/10:2: page allocation failure: order:7, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 10 PID: 479809 Comm: kworker/10:2 Not tainted 6.8.6-201.ChopperV6.fc39.x86_64 #1 Hardware name: SLIMBOOK Executive/Executive, BIOS N.1.10GRU06 02/02/2024 Workqueue: pm pm_runtime_work Call Trace: <TASK> dump_stack_lvl+0x64/0x80 warn_alloc+0x165/0x1e0 ? __alloc_pages_direct_compact+0xb3/0x2b0 __alloc_pages_slowpath.constprop.0+0xd7d/0xde0 __alloc_pages+0x32d/0x350 __dma_direct_alloc_pages.isra.0+0x16a/0x2b0 dma_direct_alloc+0x70/0x270 nvkm_gsp_radix3_sg+0x5e/0x130 [nouveau] r535_gsp_fini+0x1d4/0x350 [nouveau] nvkm_subdev_fini+0x67/0x150 [nouveau] nvkm_device_fini+0x95/0x1e0 [nouveau] nvkm_udevice_fini+0x53/0x70 [nouveau] nvkm_object_fini+0xb9/0x240 [nouveau] nvkm_object_fini+0x75/0x240 [nouveau] nouveau_do_suspend+0xf5/0x280 [nouveau] nouveau_pmops_runtime_suspend+0x3e/0xb0 [nouveau] pci_pm_runtime_suspend+0x67/0x1e0 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 __rpm_callback+0x41/0x170 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_callback+0x5d/0x70 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_suspend+0x120/0x6a0 pm_runtime_work+0x98/0xb0 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 Luckily, we don't actually need to allocate coherent memory for the page table thanks to being able to pass the GPU a radix3 page table for suspend/resume data. So, let's rewrite nvkm_gsp_radix3_sg() to use the sg allocator for level 2. We continue using coherent allocations for lvl0 and 1, since they only take a single page. V2: * Don't forget to actually jump to the next scatterlist when we reach the end of the scatterlist we're currently on when writing out the page table for level 2 Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- .../gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 77 ++++++++++++------- 2 files changed, 54 insertions(+), 27 deletions(-) diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h index 6f5d376d8fcc1..a11d16a16c3b2 100644 --- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h +++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h @@ -15,7 +15,9 @@ struct nvkm_gsp_mem { }; struct nvkm_gsp_radix3 { - struct nvkm_gsp_mem mem[3]; + struct nvkm_gsp_mem lvl0; + struct nvkm_gsp_mem lvl1; + struct sg_table lvl2; }; int nvkm_gsp_sg(struct nvkm_device *, u64 size, struct sg_table *); diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c index 9858c1438aa7f..fd4e80ba6adfc 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c @@ -1624,7 +1624,7 @@ r535_gsp_wpr_meta_init(struct nvkm_gsp *gsp) meta->magic = GSP_FW_WPR_META_MAGIC; meta->revision = GSP_FW_WPR_META_REVISION; - meta->sysmemAddrOfRadix3Elf = gsp->radix3.mem[0].addr; + meta->sysmemAddrOfRadix3Elf = gsp->radix3.lvl0.addr; meta->sizeOfRadix3Elf = gsp->fb.wpr2.elf.size; meta->sysmemAddrOfBootloader = gsp->boot.fw.addr; @@ -1919,8 +1919,9 @@ nvkm_gsp_sg(struct nvkm_device *device, u64 size, struct sg_table *sgt) static void nvkm_gsp_radix3_dtor(struct nvkm_gsp *gsp, struct nvkm_gsp_radix3 *rx3) { - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) - nvkm_gsp_mem_dtor(gsp, &rx3->mem[i]); + nvkm_gsp_sg_free(gsp->subdev.device, &rx3->lvl2); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } /** @@ -1960,36 +1961,60 @@ static int nvkm_gsp_radix3_sg(struct nvkm_gsp *gsp, struct sg_table *sgt, u64 size, struct nvkm_gsp_radix3 *rx3) { - u64 addr; + struct sg_dma_page_iter sg_dma_iter; + struct scatterlist *sg; + size_t bufsize; + u64 *pte; + int ret, i, page_idx = 0; - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) { - u64 *ptes; - size_t bufsize; - int ret, idx; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl0); + if (ret) + return ret; - bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); - ret = nvkm_gsp_mem_ctor(gsp, bufsize, &rx3->mem[i]); - if (ret) - return ret; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl1); + if (ret) + goto lvl1_fail; - ptes = rx3->mem[i].data; - if (i == 2) { - struct scatterlist *sgl; + // Allocate level 2 + bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); + ret = nvkm_gsp_sg(gsp->subdev.device, bufsize, &rx3->lvl2); + if (ret) + goto lvl2_fail; - for_each_sgtable_dma_sg(sgt, sgl, idx) { - for (int j = 0; j < sg_dma_len(sgl) / GSP_PAGE_SIZE; j++) - *ptes++ = sg_dma_address(sgl) + (GSP_PAGE_SIZE * j); - } - } else { - for (int j = 0; j < size / GSP_PAGE_SIZE; j++) - *ptes++ = addr + GSP_PAGE_SIZE * j; + // Write the bus address of level 1 to level 0 + pte = rx3->lvl0.data; + *pte = rx3->lvl1.addr; + + // Write the bus address of each page in level 2 to level 1 + pte = rx3->lvl1.data; + for_each_sgtable_dma_page(&rx3->lvl2, &sg_dma_iter, 0) + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + + // Finally, write the bus address of each page in sgt to level 2 + for_each_sgtable_sg(&rx3->lvl2, sg, i) { + void *sgl_end; + + pte = sg_virt(sg); + sgl_end = (void*)pte + sg->length; + + for_each_sgtable_dma_page(sgt, &sg_dma_iter, page_idx) { + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + page_idx++; + + // Go to the next scatterlist for level 2 if we've reached the end + if ((void*)pte >= sgl_end) + break; } + } - size = rx3->mem[i].size; - addr = rx3->mem[i].addr; + if (ret) { +lvl2_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); +lvl1_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } - return 0; + return ret; } int @@ -2021,7 +2046,7 @@ r535_gsp_fini(struct nvkm_gsp *gsp, bool suspend) sr = gsp->sr.meta.data; sr->magic = GSP_FW_SR_META_MAGIC; sr->revision = GSP_FW_SR_META_REVISION; - sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.mem[0].addr; + sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.lvl0.addr; sr->sizeOfSuspendResumeData = len; mbox0 = lower_32_bits(gsp->sr.meta.addr); -- 2.44.0

1 year, 4 months

1
0
0 0

[merged] bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bounds: use the right number of bits for power-of-two CONFIG_NR_CPUS has been removed from the -mm tree. Its filename was bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: bounds: use the right number of bits for power-of-two CONFIG_NR_CPUS Date: Mon, 29 Apr 2024 15:47:51 +0100 bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. Link: https://lkml.kernel.org/r/20240429144807.3012361-1-willy@infradead.org Fixes: f2d5dcb48f7b (bounds: support non-power-of-two CONFIG_NR_CPUS) Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: �� <m.novosyolov(a)rosalinux.ru> Tested-by: �� <i.gaptrakhmanov(a)rosalinux.ru> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 Link: https://lore.kernel.org/all/1c978cf1-2934-4e66-e4b3-e81b04cb3571@rosalinux.… Cc: Rik van Riel <riel(a)surriel.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/bounds.c~bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus +++ a/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS - 1)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN _ Patches currently in -mm which might be from willy(a)infradead.org are doc-improve-the-description-of-__folio_mark_dirty.patch buffer-add-kernel-doc-for-block_dirty_folio.patch buffer-add-kernel-doc-for-try_to_free_buffers.patch buffer-fix-__bread-and-__bread_gfp-kernel-doc.patch buffer-add-kernel-doc-for-brelse-and-__brelse.patch buffer-add-kernel-doc-for-bforget-and-__bforget.patch buffer-improve-bdev_getblk-documentation.patch doc-split-bufferrst-out-of-api-summaryrst.patch doc-split-bufferrst-out-of-api-summaryrst-fix.patch mm-memory-failure-remove-fsdax_pgoff-argument-from-__add_to_kill.patch mm-memory-failure-pass-addr-to-__add_to_kill.patch mm-return-the-address-from-page_mapped_in_vma.patch mm-make-page_mapped_in_vma-conditional-on-config_memory_failure.patch mm-memory-failure-convert-shake_page-to-shake_folio.patch mm-convert-hugetlb_page_mapping_lock_write-to-folio.patch mm-memory-failure-convert-memory_failure-to-use-a-folio.patch mm-memory-failure-convert-hwpoison_user_mappings-to-take-a-folio.patch mm-memory-failure-add-some-folio-conversions-to-unpoison_memory.patch mm-memory-failure-use-folio-functions-throughout-collect_procs.patch mm-memory-failure-pass-the-folio-to-collect_procs_ksm.patch fscrypt-convert-bh_get_inode_and_lblk_num-to-use-a-folio.patch f2fs-convert-f2fs_clear_page_cache_dirty_tag-to-use-a-folio.patch memory-failure-remove-calls-to-page_mapping.patch migrate-expand-the-use-of-folio-in-__migrate_device_pages.patch userfault-expand-folio-use-in-mfill_atomic_install_pte.patch mm-remove-page_cache_alloc.patch mm-remove-put_devmap_managed_page.patch mm-convert-put_devmap_managed_page_refs-to-put_devmap_managed_folio_refs.patch mm-remove-page_ref_sub_return.patch gup-use-folios-for-gup_devmap.patch mm-add-kernel-doc-for-folio_mark_accessed.patch mm-remove-pagereferenced.patch mm-simplify-thp_vma_allowable_order.patch mm-assert-the-mmap_lock-is-held-in-__anon_vma_prepare.patch mm-delay-the-check-for-a-null-anon_vma.patch mm-fix-some-minor-per-vma-lock-issues-in-userfaultfd.patch mm-optimise-vmf_anon_prepare-for-vmas-without-an-anon_vma.patch squashfs-convert-squashfs_symlink_read_folio-to-use-folio-apis.patch squashfs-remove-calls-to-set-the-folio-error-flag.patch

1 year, 4 months

1
0
0 0

Re: [Intel-wired-lan] [BUG] e1000e, scheduling while atomic (stable)

by Jérôme Carretero

Hi Sasha, Thank you, sorry for the delay but I coudln't reboot. Adding Greg KH because I don't know if stable will receive my e-mail (not subscribed) but the regression was integrated in stable: commit 0a4e3c2d976aa4dd38951afd6267f74ef3fade0e so they should get the fix ASAP too. Tested-by: Jérôme Carretero <cJ-ko(a)zougloub.eu> Best regards, -- Jérôme On Thu, 2024-04-18 at 06:44 +0300, Sasha Neftin wrote: > On 17/04/2024 21:46, Jérôme Carretero wrote: > > Hi, > > > > > > I opened https://bugzilla.kernel.org/show_bug.cgi?id=218740 because > > I'm > > not quite sure the culprit is e1000e or some timer stuff. > > Hello Jérôme, > > You hit on regression introduced by 6dbdd4de0362 (used the wrong > timer > during code running in atomic contexts) > Please, incorporate > https://patchwork.ozlabs.org/project/intel-wired-lan/patch/20240417190320.3… > > in your latest kernel. > > Thanks, > sasha > > > > > I just verified that this happens on the latest master. > > > > > > Let me know if I can (quickly) help, > > > > >

1 year, 4 months

7
7
0 0

+ fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Date: Mon, 29 Apr 2024 12:40:17 +0100 make_uffd_wp_pte() was previously doing: pte = ptep_get(ptep); ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); But if another thread accessed or dirtied the pte between the first 2 calls, this could lead to loss of that information. Since ptep_modify_prot_start() gets and clears atomically, the following is the correct pattern and prevents any possible race. Any access after the first call would see an invalid pte and cause a fault: pte = ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); Link: https://lkml.kernel.org/r/20240429114017.182570-1-ryan.roberts@arm.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan +++ a/fs/proc/task_mmu.c @@ -1825,7 +1825,7 @@ static void make_uffd_wp_pte(struct vm_a pte_t old_pte; old_pte = ptep_modify_prot_start(vma, addr, pte); - ptent = pte_mkuffd_wp(ptent); + ptent = pte_mkuffd_wp(old_pte); ptep_modify_prot_commit(vma, addr, pte, old_pte, ptent); } else if (is_swap_pte(ptent)) { ptent = pte_swp_mkuffd_wp(ptent); _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

1 year, 4 months

1
0
0 0

+ fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Date: Mon, 29 Apr 2024 12:41:04 +0100 pagemap_scan_pmd_entry() checks if uffd-wp is set on each pte to avoid unnecessary if set. However it was previously checking with `pte_uffd_wp(ptep_get(pte))` without first confirming that the pte was present. It is only valid to call pte_uffd_wp() for present ptes. For swap ptes, pte_swp_uffd_wp() must be called because the uffd-wp bit may be kept in a different position, depending on the arch. This was leading to test failures in the pagemap_ioctl mm selftest, when bringing up uffd-wp support on arm64 due to incorrectly interpretting the uffd-wp status of migration entries. Let's fix this by using the correct check based on pte_present(). While we are at it, let's pass the pte to make_uffd_wp_pte() to avoid the pointless extra ptep_get() which can't be optimized out due to READ_ONCE() on many arches. Link: https://lkml.kernel.org/r/20240429114104.182890-1-ryan.roberts@arm.com Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag") Closes: https://lore.kernel.org/linux-arm-kernel/ZiuyGXt0XWwRgFh9@x1n/ Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Tested-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry +++ a/fs/proc/task_mmu.c @@ -1817,10 +1817,8 @@ static unsigned long pagemap_page_catego } static void make_uffd_wp_pte(struct vm_area_struct *vma, - unsigned long addr, pte_t *pte) + unsigned long addr, pte_t *pte, pte_t ptent) { - pte_t ptent = ptep_get(pte); - if (pte_present(ptent)) { pte_t old_pte; @@ -2175,9 +2173,12 @@ static int pagemap_scan_pmd_entry(pmd_t if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) { /* Fast path for performing exclusive WP */ for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { - if (pte_uffd_wp(ptep_get(pte))) + pte_t ptent = ptep_get(pte); + + if ((pte_present(ptent) && pte_uffd_wp(ptent)) || + pte_swp_uffd_wp_any(ptent)) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = addr + PAGE_SIZE; @@ -2190,8 +2191,10 @@ static int pagemap_scan_pmd_entry(pmd_t p->arg.return_mask == PAGE_IS_WRITTEN) { for (addr = start; addr < end; pte++, addr += PAGE_SIZE) { unsigned long next = addr + PAGE_SIZE; + pte_t ptent = ptep_get(pte); - if (pte_uffd_wp(ptep_get(pte))) + if ((pte_present(ptent) && pte_uffd_wp(ptent)) || + pte_swp_uffd_wp_any(ptent)) continue; ret = pagemap_scan_output(p->cur_vma_category | PAGE_IS_WRITTEN, p, addr, &next); @@ -2199,7 +2202,7 @@ static int pagemap_scan_pmd_entry(pmd_t break; if (~p->arg.flags & PM_SCAN_WP_MATCHING) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = next; @@ -2208,8 +2211,9 @@ static int pagemap_scan_pmd_entry(pmd_t } for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { + pte_t ptent = ptep_get(pte); unsigned long categories = p->cur_vma_category | - pagemap_page_category(p, vma, addr, ptep_get(pte)); + pagemap_page_category(p, vma, addr, ptent); unsigned long next = addr + PAGE_SIZE; if (!pagemap_scan_is_interesting_page(categories, p)) @@ -2224,7 +2228,7 @@ static int pagemap_scan_pmd_entry(pmd_t if (~categories & PAGE_IS_WRITTEN) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = next; _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

1 year, 4 months

1
0
0 0

+ bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bounds: use the right number of bits for power-of-two CONFIG_NR_CPUS has been added to the -mm mm-hotfixes-unstable branch. Its filename is bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: bounds: use the right number of bits for power-of-two CONFIG_NR_CPUS Date: Mon, 29 Apr 2024 15:47:51 +0100 bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. Link: https://lkml.kernel.org/r/20240429144807.3012361-1-willy@infradead.org Fixes: f2d5dcb48f7b (bounds: support non-power-of-two CONFIG_NR_CPUS) Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: �� <m.novosyolov(a)rosalinux.ru> Tested-by: �� <i.gaptrakhmanov(a)rosalinux.ru> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 Link: https://lore.kernel.org/all/1c978cf1-2934-4e66-e4b3-e81b04cb3571@rosalinux.… Cc: Rik van Riel <riel(a)surriel.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/bounds.c~bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus +++ a/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS - 1)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN _ Patches currently in -mm which might be from willy(a)infradead.org are bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch doc-improve-the-description-of-__folio_mark_dirty.patch buffer-add-kernel-doc-for-block_dirty_folio.patch buffer-add-kernel-doc-for-try_to_free_buffers.patch buffer-fix-__bread-and-__bread_gfp-kernel-doc.patch buffer-add-kernel-doc-for-brelse-and-__brelse.patch buffer-add-kernel-doc-for-bforget-and-__bforget.patch buffer-improve-bdev_getblk-documentation.patch doc-split-bufferrst-out-of-api-summaryrst.patch doc-split-bufferrst-out-of-api-summaryrst-fix.patch mm-memory-failure-remove-fsdax_pgoff-argument-from-__add_to_kill.patch mm-memory-failure-pass-addr-to-__add_to_kill.patch mm-return-the-address-from-page_mapped_in_vma.patch mm-make-page_mapped_in_vma-conditional-on-config_memory_failure.patch mm-memory-failure-convert-shake_page-to-shake_folio.patch mm-convert-hugetlb_page_mapping_lock_write-to-folio.patch mm-memory-failure-convert-memory_failure-to-use-a-folio.patch mm-memory-failure-convert-hwpoison_user_mappings-to-take-a-folio.patch mm-memory-failure-add-some-folio-conversions-to-unpoison_memory.patch mm-memory-failure-use-folio-functions-throughout-collect_procs.patch mm-memory-failure-pass-the-folio-to-collect_procs_ksm.patch fscrypt-convert-bh_get_inode_and_lblk_num-to-use-a-folio.patch f2fs-convert-f2fs_clear_page_cache_dirty_tag-to-use-a-folio.patch memory-failure-remove-calls-to-page_mapping.patch migrate-expand-the-use-of-folio-in-__migrate_device_pages.patch userfault-expand-folio-use-in-mfill_atomic_install_pte.patch mm-remove-page_mapping.patch mm-remove-page_cache_alloc.patch mm-remove-put_devmap_managed_page.patch mm-convert-put_devmap_managed_page_refs-to-put_devmap_managed_folio_refs.patch mm-remove-page_ref_sub_return.patch gup-use-folios-for-gup_devmap.patch mm-add-kernel-doc-for-folio_mark_accessed.patch mm-remove-pagereferenced.patch mm-simplify-thp_vma_allowable_order.patch mm-assert-the-mmap_lock-is-held-in-__anon_vma_prepare.patch mm-delay-the-check-for-a-null-anon_vma.patch mm-fix-some-minor-per-vma-lock-issues-in-userfaultfd.patch mm-optimise-vmf_anon_prepare-for-vmas-without-an-anon_vma.patch squashfs-convert-squashfs_symlink_read_folio-to-use-folio-apis.patch squashfs-remove-calls-to-set-the-folio-error-flag.patch

1 year, 4 months

1
0
0 0

[PATCH v2] efi: libstub: only free priv.runtime_map when allocated

by Hagar Hemdan

priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an uninitialized value to free_pool. Free priv.runtime_map only when it was allocated. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Fixes: f80d26043af9 ("efi: libstub: avoid efi_get_memory_map() for allocating the virt map") Cc: stable(a)vger.kernel.org Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- v2: added Cc stable tag to the commit message as requested by kernel test robot. --- drivers/firmware/efi/libstub/fdt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/libstub/fdt.c b/drivers/firmware/efi/libstub/fdt.c index 70e9789ff9de..6a337f1f8787 100644 --- a/drivers/firmware/efi/libstub/fdt.c +++ b/drivers/firmware/efi/libstub/fdt.c @@ -335,8 +335,8 @@ efi_status_t allocate_new_fdt_and_exit_boot(void *handle, fail: efi_free(fdt_size, fdt_addr); - - efi_bs_call(free_pool, priv.runtime_map); + if (!efi_novamap) + efi_bs_call(free_pool, priv.runtime_map); return EFI_LOAD_ERROR; } -- 2.40.1

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042952-germless-unguarded-1be2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 4 months

3
2
0 0

[PATCH] bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS

by Matthew Wilcox (Oracle)

bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. Reported-by: Михаил Новоселов <m.novosyolov(a)rosalinux.ru> Tested-by: Ильфат Гаптрахманов <i.gaptrakhmanov(a)rosalinux.ru> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 Link: https://lore.kernel.org/all/1c978cf1-2934-4e66-e4b3-e81b04cb3571@rosalinux.… Fixes: f2d5dcb48f7b (bounds: support non-power-of-two CONFIG_NR_CPUS) Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bounds.c b/kernel/bounds.c index c5a9fcd2d622..8553368ccf79 100644 --- a/kernel/bounds.c +++ b/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS - 1)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN -- 2.43.0

1 year, 4 months

2
1
0 0

[PATCH] media: dw2102: Fix size check

by Ricardo Ribalda

The data is going to be copied at state->data[4], not at state->data[1], fix the check to avoid stack overruns. Found with smatch: drivers/media/usb/dvb-usb/dw2102.c:802 su3000_i2c_transfer() error: __builtin_memcpy() '&state->data[4]' too small (64 vs 67) drivers/media/usb/dvb-usb/dw2102.c:802 su3000_i2c_transfer() error: __builtin_memcpy() '&state->data[4]' too small (64 vs 67) Cc: <stable(a)vger.kernel.org> Fixes: 0e148a522b84 ("media: dw2102: Don't translate i2c read into write") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- This time it could be relevant though. --- drivers/media/usb/dvb-usb/dw2102.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c index 03b411ad64bb..79e2ccf974c9 100644 --- a/drivers/media/usb/dvb-usb/dw2102.c +++ b/drivers/media/usb/dvb-usb/dw2102.c @@ -789,7 +789,7 @@ static int su3000_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], if (msg[j].flags & I2C_M_RD) { /* single read */ - if (1 + msg[j].len > sizeof(state->data)) { + if (4 + msg[j].len > sizeof(state->data)) { warn("i2c rd: len=%d is too big!\n", msg[j].len); num = -EOPNOTSUPP; break; --- base-commit: cefc10d0d9164eb2f62e789b69dc658dc851eb58 change-id: 20240429-dw2102-ed3d128a1582 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 year, 4 months

1
0
0 0

[regression 6.1.80+] "CIFS: VFS: directory entry name would overflow frame end of buf" and invisible files under certain conditions and at least with noserverino mount option

by Salvatore Bonaccorso

Hi Paulo, hi all In Debian we got two reports of cifs mounts not functioning, hiding certain files. The two reports are: https://bugs.debian.org/1069102 https://bugs.debian.org/1069092 On those cases kernel logs error [ 23.225952] CIFS: VFS: directory entry name would overflow frame end of buf 00000000a44b272c I do not have yet a minimal reproducing setup, but I was able to reproduce the the issue cerating a simple share (done for simplicity with ksmbd): [global] ... [poc] path = /srv/data valid users = root read only = no Within /srv/data create an empty file libfoo: # touch /srv/data/libfoo The share is mounted with noserverino (the issue is not reproducible without at least in my case): mount -t cifs -o noserverino //server/poc /mnt On each access of /mnt a new error is logged, while not showing the libfoo file: [ 23.225952] CIFS: VFS: directory entry name would overflow frame end of buf 00000000a44b272c [ 603.494356] CIFS: VFS: directory entry name would overflow frame end of buf 000000001dbf54e1 [ 633.217689] CIFS: VFS: directory entry name would overflow frame end of buf 00000000fb4597c4 [ 642.791862] CIFS: VFS: directory entry name would overflow frame end of buf 0000000023b48528 I have verified that reverting in 6.1.y the commit 0947d0d463d4 ("smb: client: set correct d_type for reparse points under DFS mounts") on top of 6.1.87 fixes the issue. #regzbot introduced: 0947d0d463d4 I can try to make a clean environment to reproeduce the issue, but I'm not yet there. But the regression is related to 0947d0d463d4 ("smb: client: set correct d_type for reparse points under DFS mounts"). The mentioned commit was as well part of 6.7.7 at least, but I'm not able to reproduce the issue from another client running 6.7,9. Does that ring some bell? Regards, Salvatore

1 year, 4 months

3
8
0 0

[PATCH] ALSA: hda: intel-dsp-config: Fix Huawei Matebook D14 NBLB-WAX9N quirk detection

by Mauro Carvalho Chehab

Newer Matebook D14 model comes with essx8336 and supports SOF, but the initial models use the legacy driver, with a Realtek ALC 256 AC97 chip on it. The BIOS seems to be prepared to be used by both models, so it contains an entry for ESSX8336 on its DSDT table. Add a quirk, as otherwise dspconfig driver will try to load SOF, causing audio probe to fail. Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> --- sound/hda/intel-dsp-config.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/sound/hda/intel-dsp-config.c b/sound/hda/intel-dsp-config.c index 6a384b922e4f..8e728f0585dd 100644 --- a/sound/hda/intel-dsp-config.c +++ b/sound/hda/intel-dsp-config.c @@ -46,6 +46,22 @@ static const struct snd_soc_acpi_codecs __maybe_unused essx_83x6 = { * - the first successful match will win */ static const struct config_entry config_table[] = { + /* Quirks */ + { + .flags = 0, /* Model uses AC97 with Realtek ALC 256 */ + .device = PCI_DEVICE_ID_INTEL_HDA_CML_LP, + .dmi_table = (const struct dmi_system_id []) { + { + .ident = "Huawei NBLB-WAX9N", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "HUAWEI"), + DMI_MATCH(DMI_PRODUCT_NAME, "NBLB-WAX9N"), + } + }, + {} + } + }, + /* Merrifield */ #if IS_ENABLED(CONFIG_SND_SOC_SOF_MERRIFIELD) { -- 2.44.0

1 year, 4 months

4
10
0 0

FAILED: patch "[PATCH] fbdev: fix incorrect address computation in deferred IO" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 78d9161d2bcd442d93d917339297ffa057dbee8c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042951-barbell-aeration-a1ce@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 78d9161d2bcd ("fbdev: fix incorrect address computation in deferred IO") 3ed3811283dd ("fbdev: Refactor implementation of page_mkwrite") 56c134f7f1b5 ("fbdev: Track deferred-I/O pages in pageref struct") 856082f021a2 ("fbdev: defio: fix the pagelist corruption") 8c30e2d81bfd ("fbdev: Don't sort deferred-I/O pages by default") 105a940416fc ("fbdev/defio: Early-out if page is already enlisted") 67b723f5b742 ("drm/fb-helper: Calculate damaged area in separate helper") aa15c677cc34 ("drm/fb-helper: Fix vertical damage clipping") a3c286dcef7f ("drm/fb-helper: Fix clip rectangle height") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 78d9161d2bcd442d93d917339297ffa057dbee8c Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Tue, 23 Apr 2024 13:50:53 +0200 Subject: [PATCH] fbdev: fix incorrect address computation in deferred IO With deferred IO enabled, a page fault happens when data is written to the framebuffer device. Then driver determines which page is being updated by calculating the offset of the written virtual address within the virtual memory area, and uses this offset to get the updated page within the internal buffer. This page is later copied to hardware (thus the name "deferred IO"). This offset calculation is only correct if the virtual memory area is mapped to the beginning of the internal buffer. Otherwise this is wrong. For example, if users do: mmap(ptr, 4096, PROT_WRITE, MAP_FIXED | MAP_SHARED, fd, 0xff000); Then the virtual memory area will mapped at offset 0xff000 within the internal buffer. This offset 0xff000 is not accounted for, and wrong page is updated. Correct the calculation by using vmf->pgoff instead. With this change, the variable "offset" will no longer hold the exact offset value, but it is rounded down to multiples of PAGE_SIZE. But this is still correct, because this variable is only used to calculate the page offset. Reported-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Closes: https://lore.kernel.org/linux-fbdev/271372d6-e665-4e7f-b088-dee5f4ab341a@or… Fixes: 56c134f7f1b5 ("fbdev: Track deferred-I/O pages in pageref struct") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://patchwork.freedesktop.org/patch/msgid/20240423115053.4490-1-namcao@… diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c index dae96c9f61cf..806ecd32219b 100644 --- a/drivers/video/fbdev/core/fb_defio.c +++ b/drivers/video/fbdev/core/fb_defio.c @@ -196,7 +196,7 @@ static vm_fault_t fb_deferred_io_track_page(struct fb_info *info, unsigned long */ static vm_fault_t fb_deferred_io_page_mkwrite(struct fb_info *info, struct vm_fault *vmf) { - unsigned long offset = vmf->address - vmf->vma->vm_start; + unsigned long offset = vmf->pgoff << PAGE_SHIFT; struct page *page = vmf->page; file_update_time(vmf->vma->vm_file);

1 year, 4 months

3
2
0 0

FAILED: patch "[PATCH] mm: zswap: fix shrinker NULL crash with cgroup_disable=memory" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 682886ec69d22363819a83ddddd5d66cb5c791e1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042923-monday-hamlet-26ca@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 682886ec69d2 ("mm: zswap: fix shrinker NULL crash with cgroup_disable=memory") 30fb6a8d9e33 ("mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion") e35606e4167d ("mm/zswap: global lru and shrinker shared by all zswap_pools fix") bf9b7df23cb3 ("mm/zswap: global lru and shrinker shared by all zswap_pools") 5182661a11ba ("mm: zswap: function ordering: move entry sections out of LRU section") 506a86c5e221 ("mm: zswap: function ordering: public lru api") abca07c04aa5 ("mm: zswap: function ordering: pool params") c1a0ecb82bdc ("mm: zswap: function ordering: zswap_pools") 39f3ec8eaa60 ("mm: zswap: function ordering: pool refcounting") a984649b5c1f ("mm: zswap: function ordering: pool alloc & free") be7fc97c5283 ("mm: zswap: further cleanup zswap_store()") fa9ad6e21003 ("mm: zswap: break out zwap_compress()") ff2972aa1b5d ("mm: zswap: rename __zswap_load() to zswap_decompress()") 7dd1f7f0fc1c ("mm: zswap: move zswap_invalidate_entry() to related functions") 5b297f70bb26 ("mm: zswap: inline and remove zswap_entry_find_get()") 5878303c5353 ("mm/zswap: fix race between lru writeback and swapoff") db128f5fdee9 ("mm: zswap: remove unused tree argument in zswap_entry_put()") 44c7c734a513 ("mm/zswap: split zswap rb-tree") bb29fd7760ae ("mm/zswap: make sure each swapfile always have zswap rb-tree") 8409a385a6b4 ("mm/zswap: improve with alloc_workqueue() call") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 682886ec69d22363819a83ddddd5d66cb5c791e1 Mon Sep 17 00:00:00 2001 From: Johannes Weiner <hannes(a)cmpxchg.org> Date: Thu, 18 Apr 2024 08:26:28 -0400 Subject: [PATCH] mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252 Link: https://lkml.kernel.org/r/20240418124043.GC1055428@cmpxchg.org Link: https://lkml.kernel.org/r/20240417143324.GA1055428@cmpxchg.org Fixes: b5ba474f3f51 ("zswap: shrink zswap pool based on memory pressure") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Christian Heusel <christian(a)heusel.eu> Debugged-by: Nhat Pham <nphamcs(a)gmail.com> Suggested-by: Nhat Pham <nphamcs(a)gmail.com> Tested-by: Christian Heusel <christian(a)heusel.eu> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Richard W.M. Jones <rjones(a)redhat.com> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Vitaly Wool <vitaly.wool(a)konsulko.com> Cc: <stable(a)vger.kernel.org> [v6.8] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/zswap.c b/mm/zswap.c index caed028945b0..6f8850c44b61 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1331,15 +1331,22 @@ static unsigned long zswap_shrinker_count(struct shrinker *shrinker, if (!gfp_has_io_fs(sc->gfp_mask)) return 0; -#ifdef CONFIG_MEMCG_KMEM - mem_cgroup_flush_stats(memcg); - nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; - nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); -#else - /* use pool stats instead of memcg stats */ - nr_backing = zswap_pool_total_size >> PAGE_SHIFT; - nr_stored = atomic_read(&zswap_nr_stored); -#endif + /* + * For memcg, use the cgroup-wide ZSWAP stats since we don't + * have them per-node and thus per-lruvec. Careful if memcg is + * runtime-disabled: we can get sc->memcg == NULL, which is ok + * for the lruvec, but not for memcg_page_state(). + * + * Without memcg, use the zswap pool-wide metrics. + */ + if (!mem_cgroup_disabled()) { + mem_cgroup_flush_stats(memcg); + nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; + nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); + } else { + nr_backing = zswap_pool_total_size >> PAGE_SHIFT; + nr_stored = atomic_read(&zswap_nr_stored); + } if (!nr_stored) return 0;

1 year, 4 months

3
2
0 0

FAILED: patch "[PATCH] mm: turn folio_test_hugetlb into a PageType" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d99e3140a4d33e26066183ff727d8f02f56bec64 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042907-unquote-thank-8de2@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d99e3140a4d3 ("mm: turn folio_test_hugetlb into a PageType") 29cfe7556bfd ("mm: constify more page/folio tests") 443cbaf9e2fd ("crash: split vmcoreinfo exporting code out from crash_core.c") 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c") 55c49fee57af ("mm/vmalloc: remove vmap_area_list") d093602919ad ("mm: vmalloc: remove global vmap_area_root rb-tree") 7fa8cee00316 ("mm: vmalloc: move vmap_init_free_space() down in vmalloc.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d99e3140a4d33e26066183ff727d8f02f56bec64 Mon Sep 17 00:00:00 2001 From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Date: Thu, 21 Mar 2024 14:24:43 +0000 Subject: [PATCH] mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a refcount on it, but we have a few places (memory-failure, compaction, procfs) which do not and should not take a speculative reference. Since hugetlb pages do not use individual page mapcounts (they are always fully mapped and use the entire_mapcount field to record the number of mappings), the PageType field is available now that page_mapcount() ignores the value in this field. In compaction and with CONFIG_DEBUG_VM enabled, the current implementation can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") effectively added some VM_BUG_ON() checks in the PageHuge() testing path. [willy(a)infradead.org: update vmcoreinfo] Link: https://lkml.kernel.org/r/ZgGZUvsdhaT1Va-T@casper.infradead.org Link: https://lkml.kernel.org/r/20240321142448.1645400-6-willy@infradead.org Fixes: 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Luis Chamberlain <mcgrof(a)kernel.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218227 Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h index 35a0087d0910..4bf1c25fd1dc 100644 --- a/include/linux/page-flags.h +++ b/include/linux/page-flags.h @@ -190,7 +190,6 @@ enum pageflags { /* At least one page in this folio has the hwpoison flag set */ PG_has_hwpoisoned = PG_error, - PG_hugetlb = PG_active, PG_large_rmappable = PG_workingset, /* anon or file-backed */ }; @@ -876,29 +875,6 @@ TESTPAGEFLAG_FALSE(LargeRmappable, large_rmappable) #define PG_head_mask ((1UL << PG_head)) -#ifdef CONFIG_HUGETLB_PAGE -int PageHuge(const struct page *page); -SETPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) -CLEARPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) - -/** - * folio_test_hugetlb - Determine if the folio belongs to hugetlbfs - * @folio: The folio to test. - * - * Context: Any context. Caller should have a reference on the folio to - * prevent it from being turned into a tail page. - * Return: True for hugetlbfs folios, false for anon folios or folios - * belonging to other filesystems. - */ -static inline bool folio_test_hugetlb(const struct folio *folio) -{ - return folio_test_large(folio) && - test_bit(PG_hugetlb, const_folio_flags(folio, 1)); -} -#else -TESTPAGEFLAG_FALSE(Huge, hugetlb) -#endif - #ifdef CONFIG_TRANSPARENT_HUGEPAGE /* * PageHuge() only returns true for hugetlbfs pages, but not for @@ -954,18 +930,6 @@ PAGEFLAG_FALSE(HasHWPoisoned, has_hwpoisoned) TESTSCFLAG_FALSE(HasHWPoisoned, has_hwpoisoned) #endif -/* - * Check if a page is currently marked HWPoisoned. Note that this check is - * best effort only and inherently racy: there is no way to synchronize with - * failing hardware. - */ -static inline bool is_page_hwpoison(struct page *page) -{ - if (PageHWPoison(page)) - return true; - return PageHuge(page) && PageHWPoison(compound_head(page)); -} - /* * For pages that are never mapped to userspace (and aren't PageSlab), * page_type may be used. Because it is initialised to -1, we invert the @@ -982,6 +946,7 @@ static inline bool is_page_hwpoison(struct page *page) #define PG_offline 0x00000100 #define PG_table 0x00000200 #define PG_guard 0x00000400 +#define PG_hugetlb 0x00000800 #define PageType(page, flag) \ ((page->page_type & (PAGE_TYPE_BASE | flag)) == PAGE_TYPE_BASE) @@ -1076,6 +1041,37 @@ PAGE_TYPE_OPS(Table, table, pgtable) */ PAGE_TYPE_OPS(Guard, guard, guard) +#ifdef CONFIG_HUGETLB_PAGE +FOLIO_TYPE_OPS(hugetlb, hugetlb) +#else +FOLIO_TEST_FLAG_FALSE(hugetlb) +#endif + +/** + * PageHuge - Determine if the page belongs to hugetlbfs + * @page: The page to test. + * + * Context: Any context. + * Return: True for hugetlbfs pages, false for anon pages or pages + * belonging to other filesystems. + */ +static inline bool PageHuge(const struct page *page) +{ + return folio_test_hugetlb(page_folio(page)); +} + +/* + * Check if a page is currently marked HWPoisoned. Note that this check is + * best effort only and inherently racy: there is no way to synchronize with + * failing hardware. + */ +static inline bool is_page_hwpoison(struct page *page) +{ + if (PageHWPoison(page)) + return true; + return PageHuge(page) && PageHWPoison(compound_head(page)); +} + extern bool is_free_buddy_page(struct page *page); PAGEFLAG(Isolated, isolated, PF_ANY); @@ -1142,7 +1138,7 @@ static __always_inline void __ClearPageAnonExclusive(struct page *page) */ #define PAGE_FLAGS_SECOND \ (0xffUL /* order */ | 1UL << PG_has_hwpoisoned | \ - 1UL << PG_hugetlb | 1UL << PG_large_rmappable) + 1UL << PG_large_rmappable) #define PAGE_FLAGS_PRIVATE \ (1UL << PG_private | 1UL << PG_private_2) diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h index d801409b33cf..d55e53ac91bd 100644 --- a/include/trace/events/mmflags.h +++ b/include/trace/events/mmflags.h @@ -135,6 +135,7 @@ IF_HAVE_PG_ARCH_X(arch_3) #define DEF_PAGETYPE_NAME(_name) { PG_##_name, __stringify(_name) } #define __def_pagetype_names \ + DEF_PAGETYPE_NAME(hugetlb), \ DEF_PAGETYPE_NAME(offline), \ DEF_PAGETYPE_NAME(guard), \ DEF_PAGETYPE_NAME(table), \ diff --git a/kernel/vmcore_info.c b/kernel/vmcore_info.c index f95516cd45bb..23c125c2e243 100644 --- a/kernel/vmcore_info.c +++ b/kernel/vmcore_info.c @@ -205,11 +205,10 @@ static int __init crash_save_vmcoreinfo_init(void) VMCOREINFO_NUMBER(PG_head_mask); #define PAGE_BUDDY_MAPCOUNT_VALUE (~PG_buddy) VMCOREINFO_NUMBER(PAGE_BUDDY_MAPCOUNT_VALUE); -#ifdef CONFIG_HUGETLB_PAGE - VMCOREINFO_NUMBER(PG_hugetlb); +#define PAGE_HUGETLB_MAPCOUNT_VALUE (~PG_hugetlb) + VMCOREINFO_NUMBER(PAGE_HUGETLB_MAPCOUNT_VALUE); #define PAGE_OFFLINE_MAPCOUNT_VALUE (~PG_offline) VMCOREINFO_NUMBER(PAGE_OFFLINE_MAPCOUNT_VALUE); -#endif #ifdef CONFIG_KALLSYMS VMCOREINFO_SYMBOL(kallsyms_names); diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 53e0ab5c0845..4553241f0fb2 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1624,7 +1624,7 @@ static inline void __clear_hugetlb_destructor(struct hstate *h, { lockdep_assert_held(&hugetlb_lock); - folio_clear_hugetlb(folio); + __folio_clear_hugetlb(folio); } /* @@ -1711,7 +1711,7 @@ static void add_hugetlb_folio(struct hstate *h, struct folio *folio, h->surplus_huge_pages_node[nid]++; } - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); folio_change_private(folio, NULL); /* * We have to set hugetlb_vmemmap_optimized again as above @@ -2049,7 +2049,7 @@ static void __prep_account_new_huge_page(struct hstate *h, int nid) static void init_new_hugetlb_folio(struct hstate *h, struct folio *folio) { - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); INIT_LIST_HEAD(&folio->lru); hugetlb_set_folio_subpool(folio, NULL); set_hugetlb_cgroup(folio, NULL); @@ -2159,22 +2159,6 @@ static bool prep_compound_gigantic_folio_for_demote(struct folio *folio, return __prep_compound_gigantic_folio(folio, order, true); } -/* - * PageHuge() only returns true for hugetlbfs pages, but not for normal or - * transparent huge pages. See the PageTransHuge() documentation for more - * details. - */ -int PageHuge(const struct page *page) -{ - const struct folio *folio; - - if (!PageCompound(page)) - return 0; - folio = page_folio(page); - return folio_test_hugetlb(folio); -} -EXPORT_SYMBOL_GPL(PageHuge); - /* * Find and lock address space (mapping) in write mode. *

1 year, 4 months

3
2
0 0

FAILED: patch "[PATCH] x86/tdx: Preserve shared bit on mprotect()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042908-modular-case-bbd4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: a0a8d15a798b ("x86/tdx: Preserve shared bit on mprotect()") e45964771007 ("x86/coco: Define cc_vendor without CONFIG_ARCH_HAS_CC_PLATFORM") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Wed, 24 Apr 2024 11:20:35 +0300 Subject: [PATCH] x86/tdx: Preserve shared bit on mprotect() The TDX guest platform takes one bit from the physical address to indicate if the page is shared (accessible by VMM). This bit is not part of the physical_mask and is not preserved during mprotect(). As a result, the 'shared' bit is lost during mprotect() on shared mappings. _COMMON_PAGE_CHG_MASK specifies which PTE bits need to be preserved during modification. AMD includes 'sme_me_mask' in the define to preserve the 'encrypt' bit. To cover both Intel and AMD cases, include 'cc_mask' in _COMMON_PAGE_CHG_MASK instead of 'sme_me_mask'. Reported-and-tested-by: Chris Oo <cho(a)microsoft.com> Fixes: 41394e33f3a0 ("x86/tdx: Extend the confidential computing API to support TDX guests") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240424082035.4092071-1-kirill.shutemov%40linu… diff --git a/arch/x86/include/asm/coco.h b/arch/x86/include/asm/coco.h index c086699b0d0c..aa6c8f8ca958 100644 --- a/arch/x86/include/asm/coco.h +++ b/arch/x86/include/asm/coco.h @@ -25,6 +25,7 @@ u64 cc_mkdec(u64 val); void cc_random_init(void); #else #define cc_vendor (CC_VENDOR_NONE) +static const u64 cc_mask = 0; static inline u64 cc_mkenc(u64 val) { diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 0b748ee16b3d..9abb8cc4cd47 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -148,7 +148,7 @@ #define _COMMON_PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | \ _PAGE_DIRTY_BITS | _PAGE_SOFT_DIRTY | \ - _PAGE_DEVMAP | _PAGE_ENC | _PAGE_UFFD_WP) + _PAGE_DEVMAP | _PAGE_CC | _PAGE_UFFD_WP) #define _PAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PAT) #define _HPAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PSE | _PAGE_PAT_LARGE) @@ -173,6 +173,7 @@ enum page_cache_mode { }; #endif +#define _PAGE_CC (_AT(pteval_t, cc_mask)) #define _PAGE_ENC (_AT(pteval_t, sme_me_mask)) #define _PAGE_CACHE_MASK (_PAGE_PWT | _PAGE_PCD | _PAGE_PAT)

1 year, 4 months

3
2
0 0

FAILED: patch "[PATCH] rust: remove `params` from `module` macro example" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 19843452dca40e28d6d3f4793d998b681d505c7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042924-ribcage-browsing-7e8b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 19843452dca4 ("rust: remove `params` from `module` macro example") b13c9880f909 ("rust: macros: take string literals in `module!`") c3630df66f95 ("rust: samples: add `rust_print` example") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19843452dca40e28d6d3f4793d998b681d505c7f Mon Sep 17 00:00:00 2001 From: Aswin Unnikrishnan <aswinunni01(a)gmail.com> Date: Fri, 19 Apr 2024 21:50:13 +0000 Subject: [PATCH] rust: remove `params` from `module` macro example Remove argument `params` from the `module` macro example, because the macro does not currently support module parameters since it was not sent with the initial merge. Signed-off-by: Aswin Unnikrishnan <aswinunni01(a)gmail.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Cc: stable(a)vger.kernel.org Fixes: 1fbde52bde73 ("rust: add `macros` crate") Link: https://lore.kernel.org/r/20240419215015.157258-1-aswinunni01@gmail.com [ Reworded slightly. ] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/macros/lib.rs b/rust/macros/lib.rs index f489f3157383..520eae5fd792 100644 --- a/rust/macros/lib.rs +++ b/rust/macros/lib.rs @@ -35,18 +35,6 @@ use proc_macro::TokenStream; /// author: "Rust for Linux Contributors", /// description: "My very own kernel module!", /// license: "GPL", -/// params: { -/// my_i32: i32 { -/// default: 42, -/// permissions: 0o000, -/// description: "Example of i32", -/// }, -/// writeable_i32: i32 { -/// default: 42, -/// permissions: 0o644, -/// description: "Example of i32", -/// }, -/// }, /// } /// /// struct MyModule;

1 year, 4 months

3
2
0 0

Serious regression on 6.1.x-stable caused by "bounds: support non-power-of-two CONFIG_NR_CPUS"

by Mikhail Novosyolov

Hello, colleagues. Commit f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a "bounds: support non-power-of-two CONFIG_NR_CPUS" (https://github.com/torvalds/linux/commit/f2d5dcb48f7ba9e3ff249d58fc1fa963d3…) was backported to 6.1.x-stable (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…), but causes a serious regression on quite a lot of hardware with AMD GPUs, kernel panics. It was backported to 6.1.84, 6.1.84 has problems, 6/1/83 does not, the newest 6.1.88 still has this problem. The problem is described here: https://gitlab.freedesktop.org/drm/amd/-/issues/3347

1 year, 4 months

4
4
0 0

[PATCH v3 0/3] usb: typec: tipd: fix event checking in interrupt service routines

by Javier Carrasco

The ISRs of the tps25750 and tps6598x do not handle generated events properly under all circumstances. The tps6598x ISR does not read all bits of the INT_EVENTX registers in newer devices (tps65987 and tps65988, which have 11-byte interrupt registers), leaving events signaled with bits above 64 unattended. Moreover, these events are not cleared, leaving the interrupt enabled. The tps25750 reads all bits of the INT_EVENT1 register, but the event checking is not right because the same event is checked in two different regions of the same register by means of an OR operation. This series aims to fix both issues by reading all bits of the INT_EVENTX registers, and limiting the event checking to the region where the supported events are defined (currently they are limited to the first 64 bits of the registers, as the are defined as BIT_ULL()). In order to identify the interrupt register size, a simple mechanism has been added to read the version register and select the right size accordingly. This mechanism has been tested with a TPS65987DDHRSHR (DH variant) which returned the expected value (0xF7). If the need for events above the first 64 bits of the INT_EVENTX registers arises, a different mechanism might be required. But for the current needs, all definitions can be left as they are. When at it, an explicit device_get_match_data() (which is already contained in i2c_get_match_data()) has been removed. Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> --- Changes in v3: - Remove explicit usage of device_get_match_data() (new patch). - Fix series versioning (last resend should have been v2). - Keep 64 bit reads in the interrupt handler for tps65981/2/6 by reading the version register. - Link to v2: https://lore.kernel.org/r/20240328-tps6598x_fix_event_handling-v1-0-502721f… Changes in v2: - Add Cc tag for 'stable' (fixes). - Link to v1: https://lore.kernel.org/r/20240325-tps6598x_fix_event_handling-v1-0-633fe0c… --- Javier Carrasco (3): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x usb: typec: tipd: rely on i2c_get_match_data() drivers/usb/typec/tipd/core.c | 56 +++++++++++++++++++++++++-------------- drivers/usb/typec/tipd/tps6598x.h | 11 ++++++++ 2 files changed, 47 insertions(+), 20 deletions(-) --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240328-tps6598x_fix_event_handling-3398d3d82f85 Best regards, -- Javier Carrasco <javier.carrasco(a)wolfvision.net>

1 year, 4 months

1
2
0 0

[PATCH stable,5.10 0/2] introduce stop timer to solve the problem of CVE-2024-26865

by Zhengchao Shao

For the CVE-2024-26865 issue, the stable 5.10 branch code also involves this issue. However, the patch of the mainline version cannot be used on stable 5.10 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel listener' s reqsk in inet_twsk_purge()") is required to stop the timer. Eric Dumazet (1): tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima (1): tcp: Clean up kernel listener's reqsk in inet_twsk_purge() net/ipv4/inet_timewait_sock.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) -- 2.34.1

1 year, 4 months

3
5
0 0

FAILED: patch "[PATCH] mm: turn folio_test_hugetlb into a PageType" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d99e3140a4d33e26066183ff727d8f02f56bec64 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042908-squint-barometer-51de@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d99e3140a4d3 ("mm: turn folio_test_hugetlb into a PageType") 29cfe7556bfd ("mm: constify more page/folio tests") 443cbaf9e2fd ("crash: split vmcoreinfo exporting code out from crash_core.c") 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c") 55c49fee57af ("mm/vmalloc: remove vmap_area_list") d093602919ad ("mm: vmalloc: remove global vmap_area_root rb-tree") 7fa8cee00316 ("mm: vmalloc: move vmap_init_free_space() down in vmalloc.c") 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") 9f2a63523582 ("Merge tag 'mm-nonmm-stable-2024-01-09-10-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d99e3140a4d33e26066183ff727d8f02f56bec64 Mon Sep 17 00:00:00 2001 From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Date: Thu, 21 Mar 2024 14:24:43 +0000 Subject: [PATCH] mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a refcount on it, but we have a few places (memory-failure, compaction, procfs) which do not and should not take a speculative reference. Since hugetlb pages do not use individual page mapcounts (they are always fully mapped and use the entire_mapcount field to record the number of mappings), the PageType field is available now that page_mapcount() ignores the value in this field. In compaction and with CONFIG_DEBUG_VM enabled, the current implementation can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") effectively added some VM_BUG_ON() checks in the PageHuge() testing path. [willy(a)infradead.org: update vmcoreinfo] Link: https://lkml.kernel.org/r/ZgGZUvsdhaT1Va-T@casper.infradead.org Link: https://lkml.kernel.org/r/20240321142448.1645400-6-willy@infradead.org Fixes: 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Luis Chamberlain <mcgrof(a)kernel.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218227 Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h index 35a0087d0910..4bf1c25fd1dc 100644 --- a/include/linux/page-flags.h +++ b/include/linux/page-flags.h @@ -190,7 +190,6 @@ enum pageflags { /* At least one page in this folio has the hwpoison flag set */ PG_has_hwpoisoned = PG_error, - PG_hugetlb = PG_active, PG_large_rmappable = PG_workingset, /* anon or file-backed */ }; @@ -876,29 +875,6 @@ TESTPAGEFLAG_FALSE(LargeRmappable, large_rmappable) #define PG_head_mask ((1UL << PG_head)) -#ifdef CONFIG_HUGETLB_PAGE -int PageHuge(const struct page *page); -SETPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) -CLEARPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) - -/** - * folio_test_hugetlb - Determine if the folio belongs to hugetlbfs - * @folio: The folio to test. - * - * Context: Any context. Caller should have a reference on the folio to - * prevent it from being turned into a tail page. - * Return: True for hugetlbfs folios, false for anon folios or folios - * belonging to other filesystems. - */ -static inline bool folio_test_hugetlb(const struct folio *folio) -{ - return folio_test_large(folio) && - test_bit(PG_hugetlb, const_folio_flags(folio, 1)); -} -#else -TESTPAGEFLAG_FALSE(Huge, hugetlb) -#endif - #ifdef CONFIG_TRANSPARENT_HUGEPAGE /* * PageHuge() only returns true for hugetlbfs pages, but not for @@ -954,18 +930,6 @@ PAGEFLAG_FALSE(HasHWPoisoned, has_hwpoisoned) TESTSCFLAG_FALSE(HasHWPoisoned, has_hwpoisoned) #endif -/* - * Check if a page is currently marked HWPoisoned. Note that this check is - * best effort only and inherently racy: there is no way to synchronize with - * failing hardware. - */ -static inline bool is_page_hwpoison(struct page *page) -{ - if (PageHWPoison(page)) - return true; - return PageHuge(page) && PageHWPoison(compound_head(page)); -} - /* * For pages that are never mapped to userspace (and aren't PageSlab), * page_type may be used. Because it is initialised to -1, we invert the @@ -982,6 +946,7 @@ static inline bool is_page_hwpoison(struct page *page) #define PG_offline 0x00000100 #define PG_table 0x00000200 #define PG_guard 0x00000400 +#define PG_hugetlb 0x00000800 #define PageType(page, flag) \ ((page->page_type & (PAGE_TYPE_BASE | flag)) == PAGE_TYPE_BASE) @@ -1076,6 +1041,37 @@ PAGE_TYPE_OPS(Table, table, pgtable) */ PAGE_TYPE_OPS(Guard, guard, guard) +#ifdef CONFIG_HUGETLB_PAGE +FOLIO_TYPE_OPS(hugetlb, hugetlb) +#else +FOLIO_TEST_FLAG_FALSE(hugetlb) +#endif + +/** + * PageHuge - Determine if the page belongs to hugetlbfs + * @page: The page to test. + * + * Context: Any context. + * Return: True for hugetlbfs pages, false for anon pages or pages + * belonging to other filesystems. + */ +static inline bool PageHuge(const struct page *page) +{ + return folio_test_hugetlb(page_folio(page)); +} + +/* + * Check if a page is currently marked HWPoisoned. Note that this check is + * best effort only and inherently racy: there is no way to synchronize with + * failing hardware. + */ +static inline bool is_page_hwpoison(struct page *page) +{ + if (PageHWPoison(page)) + return true; + return PageHuge(page) && PageHWPoison(compound_head(page)); +} + extern bool is_free_buddy_page(struct page *page); PAGEFLAG(Isolated, isolated, PF_ANY); @@ -1142,7 +1138,7 @@ static __always_inline void __ClearPageAnonExclusive(struct page *page) */ #define PAGE_FLAGS_SECOND \ (0xffUL /* order */ | 1UL << PG_has_hwpoisoned | \ - 1UL << PG_hugetlb | 1UL << PG_large_rmappable) + 1UL << PG_large_rmappable) #define PAGE_FLAGS_PRIVATE \ (1UL << PG_private | 1UL << PG_private_2) diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h index d801409b33cf..d55e53ac91bd 100644 --- a/include/trace/events/mmflags.h +++ b/include/trace/events/mmflags.h @@ -135,6 +135,7 @@ IF_HAVE_PG_ARCH_X(arch_3) #define DEF_PAGETYPE_NAME(_name) { PG_##_name, __stringify(_name) } #define __def_pagetype_names \ + DEF_PAGETYPE_NAME(hugetlb), \ DEF_PAGETYPE_NAME(offline), \ DEF_PAGETYPE_NAME(guard), \ DEF_PAGETYPE_NAME(table), \ diff --git a/kernel/vmcore_info.c b/kernel/vmcore_info.c index f95516cd45bb..23c125c2e243 100644 --- a/kernel/vmcore_info.c +++ b/kernel/vmcore_info.c @@ -205,11 +205,10 @@ static int __init crash_save_vmcoreinfo_init(void) VMCOREINFO_NUMBER(PG_head_mask); #define PAGE_BUDDY_MAPCOUNT_VALUE (~PG_buddy) VMCOREINFO_NUMBER(PAGE_BUDDY_MAPCOUNT_VALUE); -#ifdef CONFIG_HUGETLB_PAGE - VMCOREINFO_NUMBER(PG_hugetlb); +#define PAGE_HUGETLB_MAPCOUNT_VALUE (~PG_hugetlb) + VMCOREINFO_NUMBER(PAGE_HUGETLB_MAPCOUNT_VALUE); #define PAGE_OFFLINE_MAPCOUNT_VALUE (~PG_offline) VMCOREINFO_NUMBER(PAGE_OFFLINE_MAPCOUNT_VALUE); -#endif #ifdef CONFIG_KALLSYMS VMCOREINFO_SYMBOL(kallsyms_names); diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 53e0ab5c0845..4553241f0fb2 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1624,7 +1624,7 @@ static inline void __clear_hugetlb_destructor(struct hstate *h, { lockdep_assert_held(&hugetlb_lock); - folio_clear_hugetlb(folio); + __folio_clear_hugetlb(folio); } /* @@ -1711,7 +1711,7 @@ static void add_hugetlb_folio(struct hstate *h, struct folio *folio, h->surplus_huge_pages_node[nid]++; } - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); folio_change_private(folio, NULL); /* * We have to set hugetlb_vmemmap_optimized again as above @@ -2049,7 +2049,7 @@ static void __prep_account_new_huge_page(struct hstate *h, int nid) static void init_new_hugetlb_folio(struct hstate *h, struct folio *folio) { - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); INIT_LIST_HEAD(&folio->lru); hugetlb_set_folio_subpool(folio, NULL); set_hugetlb_cgroup(folio, NULL); @@ -2159,22 +2159,6 @@ static bool prep_compound_gigantic_folio_for_demote(struct folio *folio, return __prep_compound_gigantic_folio(folio, order, true); } -/* - * PageHuge() only returns true for hugetlbfs pages, but not for normal or - * transparent huge pages. See the PageTransHuge() documentation for more - * details. - */ -int PageHuge(const struct page *page) -{ - const struct folio *folio; - - if (!PageCompound(page)) - return 0; - folio = page_folio(page); - return folio_test_hugetlb(folio); -} -EXPORT_SYMBOL_GPL(PageHuge); - /* * Find and lock address space (mapping) in write mode. *

1 year, 4 months

2
1
0 0

[PATCH] drm/i915/gt: Automate CCS Mode setting during engine resets

by Andi Shyti

We missed setting the CCS mode during resume and engine resets. Create a workaround to be added in the engine's workaround list. This workaround sets the XEHP_CCS_MODE value at every reset. The issue can be reproduced by running: $ clpeak --kernel-latency Without resetting the CCS mode, we encounter a fence timeout: Fence expiration time out i915-0000:03:00.0:clpeak[2387]:2! Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/10895 Fixes: 6db31251bb26 ("drm/i915/gt: Enable only one CCS for compute workload") Reported-by: Gnattu OC <gnattuoc(a)me.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Chris Wilson <chris.p.wilson(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.2+ --- Hi Gnattu, thanks again for reporting this issue and for your prompt replies on the issue. Would you give this patch a chance? Andi drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +++--- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c index 044219c5960a..99b71bb7da0a 100644 --- a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c +++ b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c @@ -8,14 +8,14 @@ #include "intel_gt_ccs_mode.h" #include "intel_gt_regs.h" -void intel_gt_apply_ccs_mode(struct intel_gt *gt) +unsigned int intel_gt_apply_ccs_mode(struct intel_gt *gt) { int cslice; u32 mode = 0; int first_ccs = __ffs(CCS_MASK(gt)); if (!IS_DG2(gt->i915)) - return; + return 0; /* Build the value for the fixed CCS load balancing */ for (cslice = 0; cslice < I915_MAX_CCS; cslice++) { @@ -35,5 +35,5 @@ void intel_gt_apply_ccs_mode(struct intel_gt *gt) XEHP_CCS_MODE_CSLICE_MASK); } - intel_uncore_write(gt->uncore, XEHP_CCS_MODE, mode); + return mode; } diff --git a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h index 9e5549caeb26..55547f2ff426 100644 --- a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h +++ b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h @@ -8,6 +8,6 @@ struct intel_gt; -void intel_gt_apply_ccs_mode(struct intel_gt *gt); +unsigned int intel_gt_apply_ccs_mode(struct intel_gt *gt); #endif /* __INTEL_GT_CCS_MODE_H__ */ diff --git a/drivers/gpu/drm/i915/gt/intel_workarounds.c b/drivers/gpu/drm/i915/gt/intel_workarounds.c index 68b6aa11bcf7..58693923bf6c 100644 --- a/drivers/gpu/drm/i915/gt/intel_workarounds.c +++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c @@ -2703,6 +2703,7 @@ add_render_compute_tuning_settings(struct intel_gt *gt, static void ccs_engine_wa_mode(struct intel_engine_cs *engine, struct i915_wa_list *wal) { struct intel_gt *gt = engine->gt; + u32 mode; if (!IS_DG2(gt->i915)) return; @@ -2719,7 +2720,8 @@ static void ccs_engine_wa_mode(struct intel_engine_cs *engine, struct i915_wa_li * After having disabled automatic load balancing we need to * assign all slices to a single CCS. We will call it CCS mode 1 */ - intel_gt_apply_ccs_mode(gt); + mode = intel_gt_apply_ccs_mode(gt); + wa_masked_en(wal, XEHP_CCS_MODE, mode); } /* -- 2.43.0

1 year, 4 months

3
3
0 0

FAILED: patch "[PATCH] kbuild: rust: force `alloc` extern to allow "empty" Rust" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ded103c7eb23753f22597afa500a7c1ad34116ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042909-whimsical-drapery-40d1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ded103c7eb23 ("kbuild: rust: force `alloc` extern to allow "empty" Rust files") 295d8398c67e ("kbuild: specify output names separately for each emission type from rustc") 16169a47d5c3 ("kbuild: refactor host*_flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ded103c7eb23753f22597afa500a7c1ad34116ba Mon Sep 17 00:00:00 2001 From: Miguel Ojeda <ojeda(a)kernel.org> Date: Mon, 22 Apr 2024 11:06:44 +0200 Subject: [PATCH] kbuild: rust: force `alloc` extern to allow "empty" Rust files If one attempts to build an essentially empty file somewhere in the kernel tree, it leads to a build error because the compiler does not recognize the `new_uninit` unstable feature: error[E0635]: unknown feature `new_uninit` --> <crate attribute>:1:9 | 1 | feature(new_uninit) | ^^^^^^^^^^ The reason is that we pass `-Zcrate-attr='feature(new_uninit)'` (together with `-Zallow-features=new_uninit`) to let non-`rust/` code use that unstable feature. However, the compiler only recognizes the feature if the `alloc` crate is resolved (the feature is an `alloc` one). `--extern alloc`, which we pass, is not enough to resolve the crate. Introducing a reference like `use alloc;` or `extern crate alloc;` solves the issue, thus this is not seen in normal files. For instance, `use`ing the `kernel` prelude introduces such a reference, since `alloc` is used inside. While normal use of the build system is not impacted by this, it can still be fairly confusing for kernel developers [1], thus use the unstable `force` option of `--extern` [2] (added in Rust 1.71 [3]) to force the compiler to resolve `alloc`. This new unstable feature is only needed meanwhile we use the other unstable feature, since then we will not need `-Zcrate-attr`. Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: Daniel Almeida <daniel.almeida(a)collabora.com> Reported-by: Julian Stecklina <julian.stecklina(a)cyberus-technology.de> Closes: https://rust-for-linux.zulipchat.com/#narrow/stream/288089-General/topic/x/… [1] Fixes: 2f7ab1267dc9 ("Kbuild: add Rust support") Link: https://github.com/rust-lang/rust/issues/111302 [2] Link: https://github.com/rust-lang/rust/pull/109421 [3] Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Reviewed-by: Gary Guo <gary(a)garyguo.net> Link: https://lore.kernel.org/r/20240422090644.525520-1-ojeda@kernel.org Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/scripts/Makefile.build b/scripts/Makefile.build index baf86c0880b6..533a7799fdfe 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -273,7 +273,7 @@ rust_common_cmd = \ -Zallow-features=$(rust_allowed_features) \ -Zcrate-attr=no_std \ -Zcrate-attr='feature($(rust_allowed_features))' \ - --extern alloc --extern kernel \ + -Zunstable-options --extern force:alloc --extern kernel \ --crate-type rlib -L $(objtree)/rust/ \ --crate-name $(basename $(notdir $@)) \ --sysroot=/dev/null \

1 year, 4 months

3
5
0 0

FAILED: patch "[PATCH] macsec: Detect if Rx skb is macsec-related for offloading" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 642c984dd0e37dbaec9f87bd1211e5fac1f142bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042928-mastiff-unmasked-6a54@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 642c984dd0e3 ("macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 642c984dd0e37dbaec9f87bd1211e5fac1f142bf Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:04 -0700 Subject: [PATCH] macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Can now correctly identify where the packets should be delivered by using md_dst or its absence on devices that provide it. This detection is not possible without device drivers that update md_dst. A fallback pattern should be used for supporting such device drivers. This fallback mode causes multicast messages to be cloned to both the non-macsec and macsec ports, independent of whether the multicast message received was encrypted over MACsec or not. Other non-macsec traffic may also fail to be handled correctly for devices in promiscuous mode. Link: https://lore.kernel.org/netdev/ZULRxX9eIbFiVi7v@hog/ Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-4-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 0206b84284ab..ff016c11b4a0 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -999,10 +999,12 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) struct metadata_dst *md_dst; struct macsec_rxh_data *rxd; struct macsec_dev *macsec; + bool is_macsec_md_dst; rcu_read_lock(); rxd = macsec_data_rcu(skb->dev); md_dst = skb_metadata_dst(skb); + is_macsec_md_dst = md_dst && md_dst->type == METADATA_MACSEC; list_for_each_entry_rcu(macsec, &rxd->secys, secys) { struct sk_buff *nskb; @@ -1013,14 +1015,42 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) * the SecTAG, so we have to deduce which port to deliver to. */ if (macsec_is_offloaded(macsec) && netif_running(ndev)) { - struct macsec_rx_sc *rx_sc = NULL; + const struct macsec_ops *ops; - if (md_dst && md_dst->type == METADATA_MACSEC) - rx_sc = find_rx_sc(&macsec->secy, md_dst->u.macsec_info.sci); + ops = macsec_get_ops(macsec, NULL); - if (md_dst && md_dst->type == METADATA_MACSEC && !rx_sc) + if (ops->rx_uses_md_dst && !is_macsec_md_dst) continue; + if (is_macsec_md_dst) { + struct macsec_rx_sc *rx_sc; + + /* All drivers that implement MACsec offload + * support using skb metadata destinations must + * indicate that they do so. + */ + DEBUG_NET_WARN_ON_ONCE(!ops->rx_uses_md_dst); + rx_sc = find_rx_sc(&macsec->secy, + md_dst->u.macsec_info.sci); + if (!rx_sc) + continue; + /* device indicated macsec offload occurred */ + skb->dev = ndev; + skb->pkt_type = PACKET_HOST; + eth_skb_pkt_type(skb, ndev); + ret = RX_HANDLER_ANOTHER; + goto out; + } + + /* This datapath is insecure because it is unable to + * enforce isolation of broadcast/multicast traffic and + * unicast traffic with promiscuous mode on the macsec + * netdev. Since the core stack has no mechanism to + * check that the hardware did indeed receive MACsec + * traffic, it is possible that the response handling + * done by the MACsec port was to a plaintext packet. + * This violates the MACsec protocol standard. + */ if (ether_addr_equal_64bits(hdr->h_dest, ndev->dev_addr)) { /* exact match, divert skb to this port */ @@ -1036,14 +1066,10 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) break; nskb->dev = ndev; - if (ether_addr_equal_64bits(hdr->h_dest, - ndev->broadcast)) - nskb->pkt_type = PACKET_BROADCAST; - else - nskb->pkt_type = PACKET_MULTICAST; + eth_skb_pkt_type(nskb, ndev); __netif_rx(nskb); - } else if (rx_sc || ndev->flags & IFF_PROMISC) { + } else if (ndev->flags & IFF_PROMISC) { skb->dev = ndev; skb->pkt_type = PACKET_HOST; ret = RX_HANDLER_ANOTHER;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] x86/tdx: Preserve shared bit on mprotect()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042908-cesarean-sulfur-8a97@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: a0a8d15a798b ("x86/tdx: Preserve shared bit on mprotect()") e45964771007 ("x86/coco: Define cc_vendor without CONFIG_ARCH_HAS_CC_PLATFORM") df57721f9a63 ("Merge tag 'x86_shstk_for_6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Wed, 24 Apr 2024 11:20:35 +0300 Subject: [PATCH] x86/tdx: Preserve shared bit on mprotect() The TDX guest platform takes one bit from the physical address to indicate if the page is shared (accessible by VMM). This bit is not part of the physical_mask and is not preserved during mprotect(). As a result, the 'shared' bit is lost during mprotect() on shared mappings. _COMMON_PAGE_CHG_MASK specifies which PTE bits need to be preserved during modification. AMD includes 'sme_me_mask' in the define to preserve the 'encrypt' bit. To cover both Intel and AMD cases, include 'cc_mask' in _COMMON_PAGE_CHG_MASK instead of 'sme_me_mask'. Reported-and-tested-by: Chris Oo <cho(a)microsoft.com> Fixes: 41394e33f3a0 ("x86/tdx: Extend the confidential computing API to support TDX guests") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240424082035.4092071-1-kirill.shutemov%40linu… diff --git a/arch/x86/include/asm/coco.h b/arch/x86/include/asm/coco.h index c086699b0d0c..aa6c8f8ca958 100644 --- a/arch/x86/include/asm/coco.h +++ b/arch/x86/include/asm/coco.h @@ -25,6 +25,7 @@ u64 cc_mkdec(u64 val); void cc_random_init(void); #else #define cc_vendor (CC_VENDOR_NONE) +static const u64 cc_mask = 0; static inline u64 cc_mkenc(u64 val) { diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 0b748ee16b3d..9abb8cc4cd47 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -148,7 +148,7 @@ #define _COMMON_PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | \ _PAGE_DIRTY_BITS | _PAGE_SOFT_DIRTY | \ - _PAGE_DEVMAP | _PAGE_ENC | _PAGE_UFFD_WP) + _PAGE_DEVMAP | _PAGE_CC | _PAGE_UFFD_WP) #define _PAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PAT) #define _HPAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PSE | _PAGE_PAT_LARGE) @@ -173,6 +173,7 @@ enum page_cache_mode { }; #endif +#define _PAGE_CC (_AT(pteval_t, cc_mask)) #define _PAGE_ENC (_AT(pteval_t, sme_me_mask)) #define _PAGE_CACHE_MASK (_PAGE_PWT | _PAGE_PCD | _PAGE_PAT)

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042903-compel-crushing-17a5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 39d26a8f2efc ("net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:05 -0700 Subject: [PATCH] net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec mlx5 Rx flow steering and CQE handling enable the driver to be able to update an skb's md_dst attribute as MACsec when MACsec traffic arrives when a device is configured for offloading. Advertise this to the core stack to take advantage of this capability. Cc: stable(a)vger.kernel.org Fixes: b7c9400cbc48 ("net/mlx5e: Implement MACsec Rx data path using MACsec skb_metadata_dst") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-5-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c index b2cabd6ab86c..cc9bcc420032 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c @@ -1640,6 +1640,7 @@ static const struct macsec_ops macsec_offload_ops = { .mdo_add_secy = mlx5e_macsec_add_secy, .mdo_upd_secy = mlx5e_macsec_upd_secy, .mdo_del_secy = mlx5e_macsec_del_secy, + .rx_uses_md_dst = true, }; bool mlx5e_macsec_handle_tx_skb(struct mlx5e_macsec *macsec, struct sk_buff *skb)

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042947-muppet-trivial-6404@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 39d26a8f2efc ("net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:05 -0700 Subject: [PATCH] net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec mlx5 Rx flow steering and CQE handling enable the driver to be able to update an skb's md_dst attribute as MACsec when MACsec traffic arrives when a device is configured for offloading. Advertise this to the core stack to take advantage of this capability. Cc: stable(a)vger.kernel.org Fixes: b7c9400cbc48 ("net/mlx5e: Implement MACsec Rx data path using MACsec skb_metadata_dst") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-5-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c index b2cabd6ab86c..cc9bcc420032 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c @@ -1640,6 +1640,7 @@ static const struct macsec_ops macsec_offload_ops = { .mdo_add_secy = mlx5e_macsec_add_secy, .mdo_upd_secy = mlx5e_macsec_upd_secy, .mdo_del_secy = mlx5e_macsec_del_secy, + .rx_uses_md_dst = true, }; bool mlx5e_macsec_handle_tx_skb(struct mlx5e_macsec *macsec, struct sk_buff *skb)

1 year, 4 months

1
0
0 0

[PATCH stable,4.19 0/2] introduce stop timer to solve the problem of CVE-2024-26865

by Zhengchao Shao

For the CVE-2024-26865 issue, the stable 4.19 branch code also involves this issue. However, the patch of the mainline version cannot be used on stable 4.19 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel listener' s reqsk in inet_twsk_purge()") is required to stop the timer. Eric Dumazet (1): tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima (1): tcp: Clean up kernel listener's reqsk in inet_twsk_purge() net/ipv4/inet_timewait_sock.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) -- 2.34.1

1 year, 4 months

1
2
0 0

[PATCH stable,5.15 0/2] introduce stop timer to solve the problem of CVE-2024-26865

by Zhengchao Shao

For the CVE-2024-26865 issue, the stable 5.15 branch code also involves this issue. However, the patch of the mainline version cannot be used on stable 5.15 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel listener' s reqsk in inet_twsk_purge()") is required to stop the timer. Eric Dumazet (1): tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima (1): tcp: Clean up kernel listener's reqsk in inet_twsk_purge() net/ipv4/inet_timewait_sock.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) -- 2.34.1

1 year, 4 months

1
2
0 0

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042956-tricking-matted-50cf@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") c471245bd9f2 ("nvmem: sec-qfprom: Add Qualcomm secure QFPROM support") 27f699e578b1 ("nvmem: core: add support for fixed cells *layout*") de6e05097f7d ("nvmem: mtk-efuse: Support postprocessing for GPU speed binning data") 266570f496b9 ("nvmem: core: introduce NVMEM layouts") 50014d659617 ("nvmem: core: use nvmem_add_one_cell() in nvmem_add_cells_from_of()") 2ded6830d376 ("nvmem: core: add nvmem_add_one_cell()") cc5bdd323dde ("nvmem: core: drop the removal of the cells in nvmem_add_cells()") db3546d58b5a ("nvmem: core: fix cell removal on error") edcf2fb66052 ("nvmem: core: fix device node refcounting") ab3428cfd9aa ("nvmem: core: fix registration vs use race") 560181d3ace6 ("nvmem: core: fix cleanup after dev_set_name()") 569653f022a2 ("nvmem: core: remove nvmem_config wp_gpio") 3bd747c7ea13 ("nvmem: core: initialise nvmem->id early") a3816a7d7c09 ("nvmem: stm32: add nvmem type attribute") a06d9e5a63b7 ("nvmem: sort config symbols alphabetically") 28fc7c986f01 ("nvmem: prefix all symbols with NVMEM_") 5544e90c8126 ("nvmem: core: add error handling for dev_set_name") d5542923f200 ("nvmem: add driver handling U-Boot environment variables") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042955-overture-backlight-50ec@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") c471245bd9f2 ("nvmem: sec-qfprom: Add Qualcomm secure QFPROM support") 27f699e578b1 ("nvmem: core: add support for fixed cells *layout*") de6e05097f7d ("nvmem: mtk-efuse: Support postprocessing for GPU speed binning data") 266570f496b9 ("nvmem: core: introduce NVMEM layouts") 50014d659617 ("nvmem: core: use nvmem_add_one_cell() in nvmem_add_cells_from_of()") 2ded6830d376 ("nvmem: core: add nvmem_add_one_cell()") cc5bdd323dde ("nvmem: core: drop the removal of the cells in nvmem_add_cells()") db3546d58b5a ("nvmem: core: fix cell removal on error") edcf2fb66052 ("nvmem: core: fix device node refcounting") ab3428cfd9aa ("nvmem: core: fix registration vs use race") 560181d3ace6 ("nvmem: core: fix cleanup after dev_set_name()") 569653f022a2 ("nvmem: core: remove nvmem_config wp_gpio") 3bd747c7ea13 ("nvmem: core: initialise nvmem->id early") a3816a7d7c09 ("nvmem: stm32: add nvmem type attribute") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d2d73a6dd17365c43e109263841f7c26da55cfb0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-throwaway-recluse-d3a6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d2d73a6dd173 ("mtd: limit OTP NVMEM cell parse to non-NAND devices") 2cc3b37f5b6d ("nvmem: add explicit config option to read old syntax fixed OF cells") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d2d73a6dd17365c43e109263841f7c26da55cfb0 Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth(a)gmail.com> Date: Fri, 12 Apr 2024 12:50:26 +0200 Subject: [PATCH] mtd: limit OTP NVMEM cell parse to non-NAND devices MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240412105030.1598-1-ansuelsmth@gmail.com diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] macsec: Detect if Rx skb is macsec-related for offloading" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 642c984dd0e37dbaec9f87bd1211e5fac1f142bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042923-sufferer-anywhere-76a7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 642c984dd0e3 ("macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 642c984dd0e37dbaec9f87bd1211e5fac1f142bf Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:04 -0700 Subject: [PATCH] macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Can now correctly identify where the packets should be delivered by using md_dst or its absence on devices that provide it. This detection is not possible without device drivers that update md_dst. A fallback pattern should be used for supporting such device drivers. This fallback mode causes multicast messages to be cloned to both the non-macsec and macsec ports, independent of whether the multicast message received was encrypted over MACsec or not. Other non-macsec traffic may also fail to be handled correctly for devices in promiscuous mode. Link: https://lore.kernel.org/netdev/ZULRxX9eIbFiVi7v@hog/ Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-4-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 0206b84284ab..ff016c11b4a0 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -999,10 +999,12 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) struct metadata_dst *md_dst; struct macsec_rxh_data *rxd; struct macsec_dev *macsec; + bool is_macsec_md_dst; rcu_read_lock(); rxd = macsec_data_rcu(skb->dev); md_dst = skb_metadata_dst(skb); + is_macsec_md_dst = md_dst && md_dst->type == METADATA_MACSEC; list_for_each_entry_rcu(macsec, &rxd->secys, secys) { struct sk_buff *nskb; @@ -1013,14 +1015,42 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) * the SecTAG, so we have to deduce which port to deliver to. */ if (macsec_is_offloaded(macsec) && netif_running(ndev)) { - struct macsec_rx_sc *rx_sc = NULL; + const struct macsec_ops *ops; - if (md_dst && md_dst->type == METADATA_MACSEC) - rx_sc = find_rx_sc(&macsec->secy, md_dst->u.macsec_info.sci); + ops = macsec_get_ops(macsec, NULL); - if (md_dst && md_dst->type == METADATA_MACSEC && !rx_sc) + if (ops->rx_uses_md_dst && !is_macsec_md_dst) continue; + if (is_macsec_md_dst) { + struct macsec_rx_sc *rx_sc; + + /* All drivers that implement MACsec offload + * support using skb metadata destinations must + * indicate that they do so. + */ + DEBUG_NET_WARN_ON_ONCE(!ops->rx_uses_md_dst); + rx_sc = find_rx_sc(&macsec->secy, + md_dst->u.macsec_info.sci); + if (!rx_sc) + continue; + /* device indicated macsec offload occurred */ + skb->dev = ndev; + skb->pkt_type = PACKET_HOST; + eth_skb_pkt_type(skb, ndev); + ret = RX_HANDLER_ANOTHER; + goto out; + } + + /* This datapath is insecure because it is unable to + * enforce isolation of broadcast/multicast traffic and + * unicast traffic with promiscuous mode on the macsec + * netdev. Since the core stack has no mechanism to + * check that the hardware did indeed receive MACsec + * traffic, it is possible that the response handling + * done by the MACsec port was to a plaintext packet. + * This violates the MACsec protocol standard. + */ if (ether_addr_equal_64bits(hdr->h_dest, ndev->dev_addr)) { /* exact match, divert skb to this port */ @@ -1036,14 +1066,10 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb) break; nskb->dev = ndev; - if (ether_addr_equal_64bits(hdr->h_dest, - ndev->broadcast)) - nskb->pkt_type = PACKET_BROADCAST; - else - nskb->pkt_type = PACKET_MULTICAST; + eth_skb_pkt_type(nskb, ndev); __netif_rx(nskb); - } else if (rx_sc || ndev->flags & IFF_PROMISC) { + } else if (ndev->flags & IFF_PROMISC) { skb->dev = ndev; skb->pkt_type = PACKET_HOST; ret = RX_HANDLER_ANOTHER;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] macsec: Enable devices to advertise whether they update" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 475747a19316b08e856c666a20503e73d7ed67ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042910-reopen-tiara-5796@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 475747a19316 ("macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads") a73d8779d61a ("net: macsec: introduce mdo_insert_tx_tag") eb97b9bd38f9 ("net: macsec: documentation for macsec_context and macsec_ops") 15f1735520f9 ("macsec: add support for IFLA_MACSEC_OFFLOAD in macsec_changelink") f3b4a00f0f62 ("net: macsec: fix net device access prior to holding a lock") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 475747a19316b08e856c666a20503e73d7ed67ed Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:02 -0700 Subject: [PATCH] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/macsec.h b/include/net/macsec.h index dbd22180cc5c..de216cbc6b05 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -321,6 +321,7 @@ struct macsec_context { * for the TX tag * @needed_tailroom: number of bytes reserved at the end of the sk_buff for the * TX tag + * @rx_uses_md_dst: whether MACsec device offload supports sk_buff md_dst */ struct macsec_ops { /* Device wide */ @@ -352,6 +353,7 @@ struct macsec_ops { struct sk_buff *skb); unsigned int needed_headroom; unsigned int needed_tailroom; + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] macsec: Enable devices to advertise whether they update" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 475747a19316b08e856c666a20503e73d7ed67ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042909-drab-untapped-78a4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 475747a19316 ("macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads") a73d8779d61a ("net: macsec: introduce mdo_insert_tx_tag") eb97b9bd38f9 ("net: macsec: documentation for macsec_context and macsec_ops") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 475747a19316b08e856c666a20503e73d7ed67ed Mon Sep 17 00:00:00 2001 From: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Date: Tue, 23 Apr 2024 11:13:02 -0700 Subject: [PATCH] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Cannot know whether a Rx skb missing md_dst is intended for MACsec or not without knowing whether the device is able to update this field during an offload. Assume that an offload to a MACsec device cannot support updating md_dst by default. Capable devices can advertise that they do indicate that an skb is related to a MACsec offloaded packet using the md_dst. Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support") Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> Reviewed-by: Benjamin Poirier <bpoirier(a)nvidia.com> Reviewed-by: Cosmin Ratiu <cratiu(a)nvidia.com> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/macsec.h b/include/net/macsec.h index dbd22180cc5c..de216cbc6b05 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -321,6 +321,7 @@ struct macsec_context { * for the TX tag * @needed_tailroom: number of bytes reserved at the end of the sk_buff for the * TX tag + * @rx_uses_md_dst: whether MACsec device offload supports sk_buff md_dst */ struct macsec_ops { /* Device wide */ @@ -352,6 +353,7 @@ struct macsec_ops { struct sk_buff *skb); unsigned int needed_headroom; unsigned int needed_tailroom; + bool rx_uses_md_dst; }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: CPPC: Use access_width over bit_width for system memory" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2f4a4d63a193 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042921-pennant-gumming-5bd3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2f4a4d63a193be6fd530d180bb13c3592052904c Mon Sep 17 00:00:00 2001 From: Jarred White <jarredwhite(a)linux.microsoft.com> Date: Fri, 1 Mar 2024 11:25:59 -0800 Subject: [PATCH] ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fall back to using bit_width. Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ [ rjw: Subject and changelog edits, comment adjustments ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index d155a86a8614..b954ce3638a9 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -166,6 +166,13 @@ show_cppc_data(cppc_get_perf_caps, cppc_perf_caps, nominal_freq); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf); show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); +/* Check for valid access_width, otherwise, fallback to using bit_width */ +#define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) + +/* Shift and apply the mask for CPC reads/writes */ +#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ + GENMASK(((reg)->bit_width), 0))) + static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { @@ -780,6 +787,7 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) } else if (gas_t->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { if (gas_t->address) { void __iomem *addr; + size_t access_width; if (!osc_cpc_flexible_adr_space_confirmed) { pr_debug("Flexible address space capability not supported\n"); @@ -787,7 +795,8 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr) goto out_free; } - addr = ioremap(gas_t->address, gas_t->bit_width/8); + access_width = GET_BIT_WIDTH(gas_t) / 8; + addr = ioremap(gas_t->address, access_width); if (!addr) goto out_free; cpc_ptr->cpc_regs[i-2].sys_mem_vaddr = addr; @@ -983,6 +992,7 @@ int __weak cpc_write_ffh(int cpunum, struct cpc_reg *reg, u64 val) static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) { void __iomem *vaddr = NULL; + int size; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; @@ -994,7 +1004,7 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = 0; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; @@ -1018,7 +1028,9 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return acpi_os_read_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + switch (size) { case 8: *val = readb_relaxed(vaddr); break; @@ -1037,18 +1049,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) return -EFAULT; } + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + *val = MASK_VAL(reg, *val); + return 0; } static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) { int ret_val = 0; + int size; void __iomem *vaddr = NULL; int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = 8 << (reg->access_width - 1); + u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, @@ -1070,7 +1086,12 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) return acpi_os_write_memory((acpi_physical_address)reg->address, val, reg->bit_width); - switch (reg->bit_width) { + size = GET_BIT_WIDTH(reg); + + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) + val = MASK_VAL(reg, val); + + switch (size) { case 8: writeb_relaxed(val, vaddr); break;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 05d92ee782eeb7b939bdd0189e6efcab9195bf95 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042941-fleshed-collide-d77b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 05d92ee782ee ("ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro") 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") 0651ab90e4ad ("ACPI: CPPC: Check _OSC for flexible address space") c42fa24b4475 ("ACPI: bus: Avoid using CPPC if not supported by firmware") 2ca8e6285250 ("Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query flag"") f684b1075128 ("ACPI: CPPC: Drop redundant local variable from cpc_read()") 5f51c7ce1dc3 ("ACPI: CPPC: Fix up I/O port access in cpc_read()") a2c8f92bea5f ("ACPI: CPPC: Implement support for SystemIO registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 05d92ee782eeb7b939bdd0189e6efcab9195bf95 Mon Sep 17 00:00:00 2001 From: Jarred White <jarredwhite(a)linux.microsoft.com> Date: Mon, 8 Apr 2024 22:23:09 -0700 Subject: [PATCH] ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Commit 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") neglected to properly wrap the bit_offset shift when it comes to applying the mask. This may cause incorrect values to be read and may cause the cpufreq module not be loaded. [ 11.059751] cpu_capacity: CPU0 missing/invalid highest performance. [ 11.066005] cpu_capacity: partial information: fallback to 1024 for all CPUs Also, corrected the bitmask generation in GENMASK (extra bit being added). Fixes: 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") Signed-off-by: Jarred White <jarredwhite(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ Reviewed-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 4bfbe55553f4..00a30ca35e78 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -170,8 +170,8 @@ show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time); #define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width) /* Shift and apply the mask for CPC reads/writes */ -#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \ - GENMASK(((reg)->bit_width), 0))) +#define MASK_VAL(reg, val) (((val) >> (reg)->bit_offset) & \ + GENMASK(((reg)->bit_width) - 1, 0)) static ssize_t show_feedback_ctrs(struct kobject *kobj, struct kobj_attribute *attr, char *buf)

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042942-headboard-dweeb-a026@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") 2962484dfef8 ("misc: eeprom: at24: check suspend status before disable regulator") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042943-elves-patrol-347f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") 2962484dfef8 ("misc: eeprom: at24: check suspend status before disable regulator") 45df80d7605c ("misc: eeprom: at24: register nvmem only after eeprom is ready to use") 58d6fee50e67 ("misc: eeprom: at24: fix regulator underflow") cd5676db0574 ("misc: eeprom: at24: support pm_runtime control") 1c89074bf850 ("eeprom: at24: remove the write-protect pin support") 69afc4b62308 ("eeprom: at24: sort headers alphabetically") 285be87c79e1 ("eeprom: at24: Improve confusing log message") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042942-smirk-rectal-821f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042941-payphone-elf-fac2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") a3c10035d12f ("eeprom: at24: Use dev_err_probe for nvmem register failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eeprom: at24: fix memory corruption race condition" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f42c97027fb75776e2e9358d16bf4a99aeb04cf2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042940-resize-urgent-402d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: f42c97027fb7 ("eeprom: at24: fix memory corruption race condition") caba40ec3531 ("eeprom: at24: Probe for DDR3 thermal sensor in the SPD case") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f42c97027fb75776e2e9358d16bf4a99aeb04cf2 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki <dtokazaki(a)google.com> Date: Mon, 22 Apr 2024 17:43:36 +0000 Subject: [PATCH] eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. Signed-off-by: Daniel Okazaki <dtokazaki(a)google.com> Fixes: b20eb4c1f026 ("eeprom: at24: drop unnecessary label") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240422174337.2487142-1-dtokazaki@google.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 572333ead5fb..4bd4f32bcdab 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -758,15 +758,6 @@ static int at24_probe(struct i2c_client *client) } pm_runtime_enable(dev); - at24->nvmem = devm_nvmem_register(dev, &nvmem_config); - if (IS_ERR(at24->nvmem)) { - pm_runtime_disable(dev); - if (!pm_runtime_status_suspended(dev)) - regulator_disable(at24->vcc_reg); - return dev_err_probe(dev, PTR_ERR(at24->nvmem), - "failed to register nvmem\n"); - } - /* * Perform a one-byte test read to verify that the chip is functional, * unless powering on the device is to be avoided during probe (i.e. @@ -782,6 +773,15 @@ static int at24_probe(struct i2c_client *client) } } + at24->nvmem = devm_nvmem_register(dev, &nvmem_config); + if (IS_ERR(at24->nvmem)) { + pm_runtime_disable(dev); + if (!pm_runtime_status_suspended(dev)) + regulator_disable(at24->vcc_reg); + return dev_err_probe(dev, PTR_ERR(at24->nvmem), + "failed to register nvmem\n"); + } + /* If this a SPD EEPROM, probe for DDR3 thermal sensor */ if (cdata == &at24_data_spd) at24_probe_temp_sensor(client);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix wrong block_start calculation for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fe1c6c7acce10baf9521d6dccc17268d91ee2305 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042906-stapling-dosage-67ad@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fe1c6c7acce1 ("btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()") 92e1229b204d ("btrfs: tests: test invalid splitting when skipping pinned drop extent_map") f345dbdf2c9c ("btrfs: tests: add a test for btrfs_add_extent_mapping") 89c3760428db ("btrfs: tests: add extent_map tests for dropping with odd layouts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe1c6c7acce10baf9521d6dccc17268d91ee2305 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 9 Apr 2024 20:32:34 +0930 Subject: [PATCH] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() [BUG] During my extent_map cleanup/refactor, with extra sanity checks, extent-map-tests::test_case_7() would not pass the checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr/@offset combination. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. This is a regression caused by commit c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"), which removed the @len update for pinned extents. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. Thankfully this is not going to lead to any data corruption, as IO path does not utilize btrfs_drop_extent_map_range() with @skip_pinned set. So this fix is only here for the sake of consistency/correctness. CC: stable(a)vger.kernel.org # 6.5+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 445f7716f1e2..24a048210b15 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -817,7 +817,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..47b5d301038e 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -847,6 +847,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fallback if compressed IO fails for ENOSPC" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 131a821a243f89be312ced9e62ccc37b2cf3846c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042924-filling-contact-97aa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 131a821a243f ("btrfs: fallback if compressed IO fails for ENOSPC") a994310aa26f ("btrfs: remove PAGE_SET_ERROR") 99a01bd6388e ("btrfs: use btrfs_inode inside compress_file_range") 99a81a444448 ("btrfs: switch async_chunk::inode to btrfs_inode") fd8d2951f478 ("btrfs: convert extent_io page op defines to enum bits") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 131a821a243f89be312ced9e62ccc37b2cf3846c Mon Sep 17 00:00:00 2001 From: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Date: Sat, 6 Apr 2024 04:45:02 -0400 Subject: [PATCH] btrfs: fallback if compressed IO fails for ENOSPC In commit b4ccace878f4 ("btrfs: refactor submit_compressed_extents()"), if an async extent compressed but failed to find enough space, we changed from falling back to an uncompressed write to just failing the write altogether. The principle was that if there's not enough space to write the compressed version of the data, there can't possibly be enough space to write the larger, uncompressed version of the data. However, this isn't necessarily true: due to fragmentation, there could be enough discontiguous free blocks to write the uncompressed version, but not enough contiguous free blocks to write the smaller but unsplittable compressed version. This has occurred to an internal workload which relied on write()'s return value indicating there was space. While rare, it has happened a few times. Thus, in order to prevent early ENOSPC, re-add a fallback to uncompressed writing. Fixes: b4ccace878f4 ("btrfs: refactor submit_compressed_extents()") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Co-developed-by: Neal Gompa <neal(a)gompa.dev> Signed-off-by: Neal Gompa <neal(a)gompa.dev> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index c65fe5de4022..7fed887e700c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1145,13 +1145,13 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, 0, *alloc_hint, &ins, 1, 1); if (ret) { /* - * Here we used to try again by going back to non-compressed - * path for ENOSPC. But we can't reserve space even for - * compressed size, how could it work for uncompressed size - * which requires larger size? So here we directly go error - * path. + * We can't reserve contiguous space for the compressed size. + * Unlikely, but it's possible that we could have enough + * non-contiguous space for the uncompressed size instead. So + * fall back to uncompressed. */ - goto out_free; + submit_uncompressed_range(inode, async_extent, locked_page); + goto done; } /* Here we're doing allocation and writeback of the compressed pages */ @@ -1203,7 +1203,6 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, out_free_reserve: btrfs_dec_block_group_reservations(fs_info, ins.objectid); btrfs_free_reserved_extent(fs_info, ins.objectid, ins.offset, 1); -out_free: mapping_set_error(inode->vfs_inode.i_mapping, -EIO); extent_clear_unlock_delalloc(inode, start, end, NULL, EXTENT_LOCKED | EXTENT_DELALLOC |

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042955-boxer-slinky-3da2@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-savanna-reversing-7575@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042953-unstitch-causing-de1d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9c0f59e47a90 ("HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up") dbe0dd5fd2e0 ("HID: i2c-hid: explicitly code setting and sending reports") b26fc3161b78 ("HID: i2c-hid: refactor reset command") d34c6105499b ("HID: i2c-hid: use "struct i2c_hid" as argument in most calls") a5e5e03e9476 ("HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports") cf5b2fb012c0 ("HID: i2c-hid: fix handling numbered reports with IDs of 15 and above") ca66a6770bd9 ("HID: i2c-hid: Skip ELAN power-on command after reset") b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules") 19a0b6d79c97 ("Merge branch 'for-5.11/i2c-hid' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Mon, 18 Mar 2024 11:59:02 +0100 Subject: [PATCH] HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. Reported-and-tested-by: Eva Kurchatova <nyandarknessgirl(a)gmail.com> Closes: https://lore.kernel.org/r/CA+eeCSPUDpUg76ZO8dszSbAGn+UHjcyv8F1J-CUPVARAzEtW… Fixes: 4a200c3b9a40 ("HID: i2c-hid: introduce HID over i2c specification implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..1c86c97688e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -64,7 +64,6 @@ /* flags */ #define I2C_HID_STARTED 0 #define I2C_HID_RESET_PENDING 1 -#define I2C_HID_READ_PENDING 2 #define I2C_HID_PWR_ON 0x00 #define I2C_HID_PWR_SLEEP 0x01 @@ -190,15 +189,10 @@ static int i2c_hid_xfer(struct i2c_hid *ihid, msgs[n].len = recv_len; msgs[n].buf = recv_buf; n++; - - set_bit(I2C_HID_READ_PENDING, &ihid->flags); } ret = i2c_transfer(client->adapter, msgs, n); - if (recv_len) - clear_bit(I2C_HID_READ_PENDING, &ihid->flags); - if (ret != n) return ret < 0 ? ret : -EIO; @@ -556,9 +550,6 @@ static irqreturn_t i2c_hid_irq(int irq, void *dev_id) { struct i2c_hid *ihid = dev_id; - if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) - return IRQ_HANDLED; - i2c_hid_get_input(ihid); return IRQ_HANDLED;

1 year, 4 months

1
0
0 0

[PATCH v3] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..e1c6dffe5f8b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1580,7 +1580,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1743,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4231,7 +4235,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4241,9 +4248,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,9 +4334,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4549,6 +4562,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

3
2
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042930-undone-willow-c057@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042931-rejoice-waving-ec82@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042930-gap-giant-6499@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix lock ordering potential deadlock in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8861fd5180476f45f9e8853db154600469a0284f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042929-repave-emerald-63ea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8861fd518047 ("smb3: fix lock ordering potential deadlock in cifs_sync_mid_result") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 12:49:50 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index e1a79e031b28..ddf1a3aafee5 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); rc = -EIO; + goto sync_mid_done; } spin_unlock(&server->mid_lock); +sync_mid_done: release_mid(mid); return rc; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042917-regulate-exquisite-3f14@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042916-rebate-duct-2b7b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042915-underhand-decorator-fe82@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042915-serving-venus-b776@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] smb3: missing lock when picking channel" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8094a600245e9b28eb36a13036f202ad67c1f887 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042914-scariness-polka-0293@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8094a600245e ("smb3: missing lock when picking channel") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8094a600245e9b28eb36a13036f202ad67c1f887 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 25 Apr 2024 11:30:16 -0500 Subject: [PATCH] smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") Cc: stable(a)vger.kernel.org Reviewed-by: Shyam Prasad N <sprasad(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..e1a79e031b28 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1057,9 +1057,11 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) index = (uint)atomic_inc_return(&ses->chan_seq); index %= ses->chan_count; } + + server = ses->chans[index].server; spin_unlock(&ses->chan_lock); - return ses->chans[index].server; + return server; } int

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042912-scholar-flammable-0e87@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") 0472f8d3c054 ("mmc: sdhci-msm: Use OPP API to set clk/perf state") 9051db381fab ("mmc: sdhci-msm: Mark sdhci_msm_cqe_disable static") 87a8df0dce6a ("mmc: sdhci-msm: Add CQHCI support for sdhci-msm") 21f1e2d457ce ("mmc: sdhci-msm: Re-initialize DLL if MCLK is gated dynamically") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042911-librarian-armory-e9db@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") 0472f8d3c054 ("mmc: sdhci-msm: Use OPP API to set clk/perf state") 9051db381fab ("mmc: sdhci-msm: Mark sdhci_msm_cqe_disable static") 87a8df0dce6a ("mmc: sdhci-msm: Add CQHCI support for sdhci-msm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-msm: pervent access to suspended controller" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f8def10f73a516b771051a2f70f2f0446902cb4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042910-obnoxious-sleep-f776@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f8def10f73a5 ("mmc: sdhci-msm: pervent access to suspended controller") c93767cf64eb ("mmc: sdhci-msm: add Inline Crypto Engine support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8def10f73a516b771051a2f70f2f0446902cb4f Mon Sep 17 00:00:00 2001 From: Mantas Pucka <mantas(a)8devices.com> Date: Thu, 21 Mar 2024 14:30:01 +0000 Subject: [PATCH] mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240321-sdhci-mmc-suspend-v1-1-fbc555a64400@8dev… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = {

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042950-distaste-resource-3555@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") 78fbe906cc90 ("mm/page-flags: reuse PG_mappedtodisk as PG_anon_exclusive for PageAnon() pages") c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") 84d60fdd3733 ("mm: slightly clarify KSM logic in do_swap_page()") 5cbf9942c963 ("mm: generalize the pgmap based page_free infrastructure") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042949-discolor-mop-d6e8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") 78fbe906cc90 ("mm/page-flags: reuse PG_mappedtodisk as PG_anon_exclusive for PageAnon() pages") c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") 84d60fdd3733 ("mm: slightly clarify KSM logic in do_swap_page()") 5cbf9942c963 ("mm: generalize the pgmap based page_free infrastructure") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b76b46902c2d0395488c8412e1116c2486cdfcb2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042948-overstuff-untwist-805f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b76b46902c2d ("mm/hugetlb: fix missing hugetlb_lock for resv uncharge") d4ab0316cc33 ("mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b76b46902c2d0395488c8412e1116c2486cdfcb2 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Wed, 17 Apr 2024 17:18:35 -0400 Subject: [PATCH] mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 31d00eee028f..53e0ab5c0845 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret)

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix invalid device address check" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 32868e126c78876a8a5ddfcb6ac8cb2fffcf4d27 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042954-refract-eraser-aaf8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 32868e126c78 ("Bluetooth: qca: fix invalid device address check") 77f45cca8bc5 ("Bluetooth: qca: fix device-address endianness") 4790a73ace86 ("Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"") 7dcd3e014aa7 ("Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT") a7f8dedb4be2 ("Bluetooth: qca: add support for QCA2066") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32868e126c78876a8a5ddfcb6ac8cb2fffcf4d27 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 16 Apr 2024 11:15:09 +0200 Subject: [PATCH] Bluetooth: qca: fix invalid device address check Qualcomm Bluetooth controllers may not have been provisioned with a valid device address and instead end up using the default address 00:00:00:00:5a:ad. This was previously believed to be due to lack of persistent storage for the address but it may also be due to integrators opting to not use the on-chip OTP memory and instead store the address elsewhere (e.g. in storage managed by secure world firmware). According to Qualcomm, at least WCN6750, WCN6855 and WCN7850 have on-chip OTP storage for the address. As the device type alone cannot be used to determine when the address is valid, instead read back the address during setup() and only set the HCI_QUIRK_USE_BDADDR_PROPERTY flag when needed. This specifically makes sure that controllers that have been provisioned with an address do not start as unconfigured. Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Link: https://lore.kernel.org/r/124a7d54-5a18-4be7-9a76-a12017f6cce5@quicinc.com/ Fixes: 5971752de44c ("Bluetooth: hci_qca: Set HCI_QUIRK_USE_BDADDR_PROPERTY for wcn3990") Fixes: e668eb1e1578 ("Bluetooth: hci_core: Don't stop BT if the BD address missing in dts") Fixes: 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk") Cc: stable(a)vger.kernel.org # 6.5 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 19cfc342fc7b..216826c31ee3 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -15,6 +15,8 @@ #define VERSION "0.1" +#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) + int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) { @@ -612,6 +614,38 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) } EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); +static int qca_check_bdaddr(struct hci_dev *hdev) +{ + struct hci_rp_read_bd_addr *bda; + struct sk_buff *skb; + int err; + + if (bacmp(&hdev->public_addr, BDADDR_ANY)) + return 0; + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + err = PTR_ERR(skb); + bt_dev_err(hdev, "Failed to read device address (%d)", err); + return err; + } + + if (skb->len != sizeof(*bda)) { + bt_dev_err(hdev, "Device address length mismatch"); + kfree_skb(skb); + return -EIO; + } + + bda = (struct hci_rp_read_bd_addr *)skb->data; + if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT)) + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + kfree_skb(skb); + + return 0; +} + static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, struct qca_btsoc_version ver, u8 rom_ver, u16 bid) { @@ -818,6 +852,10 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, break; } + err = qca_check_bdaddr(hdev); + if (err) + return err; + bt_dev_info(hdev, "QCA setup on UART is completed"); return 0; diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index ecbc52eaf101..92fa20f5ac7d 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1905,8 +1905,6 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - qcadev = serdev_device_get_drvdata(hu->serdev); if (qcadev->bdaddr_property_broken) set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks);

1 year, 4 months

1
0
0 0

[PATCH 5.10.y] PM / devfreq: Fix buffer overflow in trans_stat_show

by Jan Kiszka

From: Christian Marangi <ansuelsmth(a)gmail.com> [ Upstream commit 08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 ] Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. Link: https://lore.kernel.org/all/20231024183016.14648-2-ansuelsmth@gmail.com/ Cc: stable(a)vger.kernel.org Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218041 Fixes: e552bbaf5b98 ("PM / devfreq: Add sysfs node for representing frequency transition information.") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> --- Original found by someone at Nvidia. But this backport is based on the 5.15 commit (796d3fad8c35ee9df9027899fb90ceaeb41b958f) where only a conflict in sysfs-class-devfreq needed manual resolution. Documentation/ABI/testing/sysfs-class-devfreq | 3 + drivers/devfreq/devfreq.c | 59 +++++++++++++------ 2 files changed, 43 insertions(+), 19 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-devfreq b/Documentation/ABI/testing/sysfs-class-devfreq index b8ebff4b1c4c..4514cf9fc7a1 100644 --- a/Documentation/ABI/testing/sysfs-class-devfreq +++ b/Documentation/ABI/testing/sysfs-class-devfreq @@ -66,6 +66,9 @@ Description: echo 0 > /sys/class/devfreq/.../trans_stat + If the transition table is bigger than PAGE_SIZE, reading + this will return an -EFBIG error. + What: /sys/class/devfreq/.../userspace/set_freq Date: September 2011 Contact: MyungJoo Ham <myungjoo.ham(a)samsung.com> diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 216594b86119..93df6cef4f5a 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -1639,7 +1639,7 @@ static ssize_t trans_stat_show(struct device *dev, struct device_attribute *attr, char *buf) { struct devfreq *df = to_devfreq(dev); - ssize_t len; + ssize_t len = 0; int i, j; unsigned int max_state; @@ -1648,7 +1648,7 @@ static ssize_t trans_stat_show(struct device *dev, max_state = df->profile->max_state; if (max_state == 0) - return sprintf(buf, "Not Supported.\n"); + return scnprintf(buf, PAGE_SIZE, "Not Supported.\n"); mutex_lock(&df->lock); if (!df->stop_polling && @@ -1658,33 +1658,54 @@ static ssize_t trans_stat_show(struct device *dev, } mutex_unlock(&df->lock); - len = sprintf(buf, " From : To\n"); - len += sprintf(buf + len, " :"); - for (i = 0; i < max_state; i++) - len += sprintf(buf + len, "%10lu", - df->profile->freq_table[i]); + len += scnprintf(buf + len, PAGE_SIZE - len, " From : To\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, " :"); + for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10lu", + df->profile->freq_table[i]); + } + if (len >= PAGE_SIZE - 1) + return PAGE_SIZE - 1; - len += sprintf(buf + len, " time(ms)\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, " time(ms)\n"); for (i = 0; i < max_state; i++) { + if (len >= PAGE_SIZE - 1) + break; if (df->profile->freq_table[i] == df->previous_freq) { - len += sprintf(buf + len, "*"); + len += scnprintf(buf + len, PAGE_SIZE - len, "*"); } else { - len += sprintf(buf + len, " "); + len += scnprintf(buf + len, PAGE_SIZE - len, " "); + } + if (len >= PAGE_SIZE - 1) + break; + + len += scnprintf(buf + len, PAGE_SIZE - len, "%10lu:", + df->profile->freq_table[i]); + for (j = 0; j < max_state; j++) { + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10u", + df->stats.trans_table[(i * max_state) + j]); } - len += sprintf(buf + len, "%10lu:", - df->profile->freq_table[i]); - for (j = 0; j < max_state; j++) - len += sprintf(buf + len, "%10u", - df->stats.trans_table[(i * max_state) + j]); + if (len >= PAGE_SIZE - 1) + break; + len += scnprintf(buf + len, PAGE_SIZE - len, "%10llu\n", (u64) + jiffies64_to_msecs(df->stats.time_in_state[i])); + } + + if (len < PAGE_SIZE - 1) + len += scnprintf(buf + len, PAGE_SIZE - len, "Total transition : %u\n", + df->stats.total_trans); - len += sprintf(buf + len, "%10llu\n", (u64) - jiffies64_to_msecs(df->stats.time_in_state[i])); + if (len >= PAGE_SIZE - 1) { + pr_warn_once("devfreq transition table exceeds PAGE_SIZE. Disabling\n"); + return -EFBIG; } - len += sprintf(buf + len, "Total transition : %u\n", - df->stats.total_trans); return len; } -- 2.35.3

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] fork: defer linking file vma until vma is fully initialized" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042320-angled-goldmine-2cd7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 35e351780fa9 ("fork: defer linking file vma until vma is fully initialized") d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") 2820b0f09be9 ("hugetlbfs: close race between MADV_DONTNEED and page fault") b5df09226450 ("mm: set up vma iterator for vma_iter_prealloc() calls") f72cf24a8686 ("mm: use vma_iter_clear_gfp() in nommu") da0892547b10 ("maple_tree: re-introduce entry to mas_preallocate() arguments") fd892593d44d ("mm: change do_vmi_align_munmap() tracking of VMAs to remove") 5502ea44f5ad ("mm/hugetlb: add page_mask for hugetlb_follow_page_mask()") dd767aaa2fc8 ("mm/hugetlb: handle FOLL_DUMP well in follow_page_mask()") 1279aa0656bb ("mm: make show_free_areas() static") 408579cd627a ("mm: Update do_vmi_align_munmap() return semantics") e4bd84c069f2 ("mm: Always downgrade mmap_lock if requested") 43ec8a620b38 ("Merge tag 'unmap-fix-20230629' of git://git.infradead.org/users/dwmw2/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Wed, 10 Apr 2024 17:14:41 +0800 Subject: [PATCH] fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/fork.c b/kernel/fork.c index 39a5046c2f0b..aebb3e6c96dc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out;

1 year, 4 months

3
2
0 0

[PATCH 5.15,5.10,5.4,4.19 0/2] Fix warning when tracing with large filenames

by Thadeu Lima de Souza Cascardo

The warning described on patch "tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together" can be triggered with a perf probe on do_execve with a large path. As PATH_MAX is larger than PERF_MAX_TRACE_SIZE (2048 before the patch), the warning will trigger. The fix was included in 5.16, so backporting to 5.15 and earlier LTS kernels. Also included is a patch that better describes the attempted allocation size. -- 2.34.1

1 year, 4 months

2
4
0 0

FAILED: patch "[PATCH] virtio_net: Do not send RSS key if it is not supported" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 059a49aa2e25c58f90b50151f109dd3c4cdb3a47 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041414-humming-alarm-eb41@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 059a49aa2e25 ("virtio_net: Do not send RSS key if it is not supported") fb6e30a72539 ("net: ethtool: pass a pointer to parameters to get/set_rxfh ethtool ops") 02cbfba1add5 ("idpf: add ethtool callbacks") a5ab9ee0df0b ("idpf: add singleq start_xmit and napi poll") 3a8845af66ed ("idpf: add RX splitq napi poll support") c2d548cad150 ("idpf: add TX splitq napi poll support") 6818c4d5b3c2 ("idpf: add splitq start_xmit") d4d558718266 ("idpf: initialize interrupts and enable vport") 95af467d9a4e ("idpf: configure resources for RX queues") 1c325aac10a8 ("idpf: configure resources for TX queues") ce1b75d0635c ("idpf: add ptypes and MAC filter support") 0fe45467a104 ("idpf: add create vport and netdev configuration") 4930fbf419a7 ("idpf: add core init and interrupt request") 8077c727561a ("idpf: add controlq init and reset checks") e850efed5e15 ("idpf: add module register and probe functionality") b9335a757232 ("net/mlx5e: Make flow classification filters static") 4cab498f33f7 ("hv_netvsc: Allocate rx indirection table size dynamically") 4f3ed1293feb ("ixgbe: Allow flow hash to be set via ethtool") 2b30f8291a30 ("net: ethtool: add support for MAC Merge layer") 8580e16c28f3 ("net/ethtool: add netlink interface for the PLCA RS") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 059a49aa2e25c58f90b50151f109dd3c4cdb3a47 Mon Sep 17 00:00:00 2001 From: Breno Leitao <leitao(a)debian.org> Date: Wed, 3 Apr 2024 08:43:12 -0700 Subject: [PATCH] virtio_net: Do not send RSS key if it is not supported There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_commit_rss_command() 3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather 4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size; 5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function): if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed"); 6) virtio_error() (also QEMU function) set the device as broken vdev->broken = true; 7) Qemu bails out, and do not repond this crazy kernel. 8) The kernel is waiting for the response to come back (function virtnet_send_command()) 9) The kernel is waiting doing the following : while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) cpu_relax(); 10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu `vdev->broken`, so, it never realizes that the vitio is broken at QEMU side. Fix it by not sending RSS commands if the feature is not available in the device. Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") Cc: stable(a)vger.kernel.org Cc: qemu-devel(a)nongnu.org Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> Reviewed-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index c22d1118a133..115c3c5414f2 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3807,6 +3807,7 @@ static int virtnet_set_rxfh(struct net_device *dev, struct netlink_ext_ack *extack) { struct virtnet_info *vi = netdev_priv(dev); + bool update = false; int i; if (rxfh->hfunc != ETH_RSS_HASH_NO_CHANGE && @@ -3814,13 +3815,28 @@ static int virtnet_set_rxfh(struct net_device *dev, return -EOPNOTSUPP; if (rxfh->indir) { + if (!vi->has_rss) + return -EOPNOTSUPP; + for (i = 0; i < vi->rss_indir_table_size; ++i) vi->ctrl->rss.indirection_table[i] = rxfh->indir[i]; + update = true; } - if (rxfh->key) - memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); - virtnet_commit_rss_command(vi); + if (rxfh->key) { + /* If either _F_HASH_REPORT or _F_RSS are negotiated, the + * device provides hash calculation capabilities, that is, + * hash_key is configured. + */ + if (!vi->has_rss && !vi->has_rss_hash_report) + return -EOPNOTSUPP; + + memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); + update = true; + } + + if (update) + virtnet_commit_rss_command(vi); return 0; } @@ -4729,13 +4745,15 @@ static int virtnet_probe(struct virtio_device *vdev) if (virtio_has_feature(vdev, VIRTIO_NET_F_HASH_REPORT)) vi->has_rss_hash_report = true; - if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) + if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) { vi->has_rss = true; - if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_indir_table_size = virtio_cread16(vdev, offsetof(struct virtio_net_config, rss_max_indirection_table_length)); + } + + if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_key_size = virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size));

1 year, 4 months

3
2
0 0

[Patch 5.4.y] net/mlx5e: Fix a race in command alloc flow

by Samasth Norway Ananda

From: Shifeng Li <lishifeng(a)sangfor.com.cn> [ Upstream commit 8f5100da56b3980276234e812ce98d8f075194cd ] Fix a cmd->ent use after free due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entry while another process running command flush flow takes refcount to this command entry. The process which handles commands flush may see this command as needed to be flushed if the other process allocated a ent->idx but didn't set ent to cmd->ent_arr in cmd_work_handler(). Fix it by moving the assignment of cmd->ent_arr into the spin lock. [70013.081955] BUG: KASAN: use-after-free in mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.081967] Write of size 4 at addr ffff88880b1510b4 by task kworker/26:1/1433361 [70013.081968] [70013.082028] Workqueue: events aer_isr [70013.082053] Call Trace: [70013.082067] dump_stack+0x8b/0xbb [70013.082086] print_address_description+0x6a/0x270 [70013.082102] kasan_report+0x179/0x2c0 [70013.082173] mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.082267] mlx5_cmd_flush+0x80/0x180 [mlx5_core] [70013.082304] mlx5_enter_error_state+0x106/0x1d0 [mlx5_core] [70013.082338] mlx5_try_fast_unload+0x2ea/0x4d0 [mlx5_core] [70013.082377] remove_one+0x200/0x2b0 [mlx5_core] [70013.082409] pci_device_remove+0xf3/0x280 [70013.082439] device_release_driver_internal+0x1c3/0x470 [70013.082453] pci_stop_bus_device+0x109/0x160 [70013.082468] pci_stop_and_remove_bus_device+0xe/0x20 [70013.082485] pcie_do_fatal_recovery+0x167/0x550 [70013.082493] aer_isr+0x7d2/0x960 [70013.082543] process_one_work+0x65f/0x12d0 [70013.082556] worker_thread+0x87/0xb50 [70013.082571] kthread+0x2e9/0x3a0 [70013.082592] ret_from_fork+0x1f/0x40 The logical relationship of this error is as follows: aer_recover_work | ent->work -------------------------------------------+------------------------------ aer_recover_work_func | |- pcie_do_recovery | |- report_error_detected | |- mlx5_pci_err_detected |cmd_work_handler |- mlx5_enter_error_state | |- cmd_alloc_index |- enter_error_state | |- lock cmd->alloc_lock |- mlx5_cmd_flush | |- clear_bit |- mlx5_cmd_trigger_completions| |- unlock cmd->alloc_lock |- lock cmd->alloc_lock | |- vector = ~dev->cmd.vars.bitmask |- for_each_set_bit | |- cmd_ent_get(cmd->ent_arr[i]) (UAF) |- unlock cmd->alloc_lock | |- cmd->ent_arr[ent->idx]=ent The cmd->ent_arr[ent->idx] assignment and the bit clearing are not protected by the cmd->alloc_lock in cmd_work_handler(). Fixes: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") Reviewed-by: Moshe Shemesh <moshe(a)nvidia.com> Signed-off-by: Shifeng Li <lishifeng(a)sangfor.com.cn> Signed-off-by: Saeed Mahameed <saeedm(a)nvidia.com> [Samasth: backport for 5.4.y] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Conflicts: drivers/net/ethernet/mellanox/mlx5/core/cmd.c conflict caused due to the absence of commit 58db72869a9f ("net/mlx5: Re-organize mlx5_cmd struct") which is structural change of code and is not necessary for this patch. --- commit: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") is present from linux-5.4.y onwards but the current commit which fixes it is only present from linux-6.1.y. Would be nice to get an opinion from the author or maintainer. --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c index 93a6597366f5..ebf5b30b2100 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -114,15 +114,18 @@ static u8 alloc_token(struct mlx5_cmd *cmd) return token; } -static int cmd_alloc_index(struct mlx5_cmd *cmd) +static int cmd_alloc_index(struct mlx5_cmd *cmd, struct mlx5_cmd_work_ent *ent) { unsigned long flags; int ret; spin_lock_irqsave(&cmd->alloc_lock, flags); ret = find_first_bit(&cmd->bitmask, cmd->max_reg_cmds); - if (ret < cmd->max_reg_cmds) + if (ret < cmd->max_reg_cmds) { clear_bit(ret, &cmd->bitmask); + ent->idx = ret; + cmd->ent_arr[ent->idx] = ent; + } spin_unlock_irqrestore(&cmd->alloc_lock, flags); return ret < cmd->max_reg_cmds ? ret : -ENOMEM; @@ -905,7 +908,7 @@ static void cmd_work_handler(struct work_struct *work) sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem; down(sem); if (!ent->page_queue) { - alloc_ret = cmd_alloc_index(cmd); + alloc_ret = cmd_alloc_index(cmd, ent); if (alloc_ret < 0) { mlx5_core_err(dev, "failed to allocate command entry\n"); if (ent->callback) { @@ -920,15 +923,14 @@ static void cmd_work_handler(struct work_struct *work) up(sem); return; } - ent->idx = alloc_ret; } else { ent->idx = cmd->max_reg_cmds; spin_lock_irqsave(&cmd->alloc_lock, flags); clear_bit(ent->idx, &cmd->bitmask); + cmd->ent_arr[ent->idx] = ent; spin_unlock_irqrestore(&cmd->alloc_lock, flags); } - cmd->ent_arr[ent->idx] = ent; lay = get_inst(cmd, ent->idx); ent->lay = lay; memset(lay, 0, sizeof(*lay)); -- 2.43.0

1 year, 4 months

2
1
0 0

Backport request for [PATCH 0/3] selftests/seccomp seccomp_bpf test fixes

by Terry Tritton

Please backport the following fixes for selftest/seccomp. I forgot to send the original patches to the stable list! They resolve some edge cases in the testing. commit 8e3c9f9f3a0742cd12b682a1766674253b33fcf0 selftests/seccomp: user_notification_addfd check nextfd is available commit: 471dbc547612adeaa769e48498ef591c6c95a57a selftests/seccomp: Change the syscall used in KILL_THREAD test commit: ecaaa55c9fa5e8058445a8b891070b12208cdb6d selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) Please backport to 6.6 onwards. Thanks, Terry.

1 year, 4 months

2
1
0 0

Re: [6.6.y] "selftests/bpf: Add netkit to tc_redirect selftest" needs to be reverted

by Geliang Tang

cc stable(a)vger.kernel.org On Fri, 2024-04-26 at 10:50 +0200, Greg Kroah-Hartman wrote: > Hi, > > This is the friendly email-bot of Greg Kroah-Hartman's inbox. I've > detected that you have sent him a direct question that might be > better > sent to a public mailing list which is much faster in responding to > questions than Greg normally is. > > Please try asking one of the following mailing lists for your > questions: > > For udev and hotplug related questions, please ask on the > linux-hotplug(a)vger.kernel.org mailing list > > For USB related questions, please ask on the > linux-usb(a)vger.kernel.org > mailing list > > For PCI related questions, please ask on the > linux-pci(a)vger.kernel.org or linux-kernel(a)vger.kernel.org mailing > lists > > For serial and tty related questions, please ask on the > linux-serial(a)vger.kernel.org mailing list. > > For staging tree related questions, please ask on the > linux-staging(a)lists.linux.dev mailing list. > > For general kernel related questions, please ask on the > kernelnewbies(a)nl.linux.org or linux-kernel(a)vger.kernel.org mailing > lists, depending on the type of question. More basic, beginner > questions are better asked on the kernelnewbies list, after reading > the wiki at www.kernelnewbies.org. > > For Linux stable and longterm kernel release questions or patches > to > be included in the stable or longterm kernel trees, please email > stable(a)vger.kernel.org and Cc: the linux-kernel(a)vger.kernel.org > mailing list so all of the stable kernel developers can be > notified. > Also please read Documentation/process/stable-kernel-rules.rst in > the > Linux kernel tree for the proper procedure to get patches accepted > into the stable or longterm kernel releases. > > If you really want to ask Greg the question, please read the > following > two links as to why emailing a single person directly is usually not > a > good thing, and causes extra work on a single person: > http://www.arm.linux.org.uk/news/?newsitem=11 > http://www.eyrie.org/~eagle/faqs/questions.html > > After reading those messages, and you still feel that you want to > email > Greg instead of posting on a mailing list, then resend your message > within 24 hours and it will go through to him. But be forewarned, > his > email inbox currently looks like: > 912 messages in /home/greg/mail/INBOX/ > so it might be a while before he gets to the message. > > Thank you for your understanding. > > The email triggering this response has been automatically discarded. > > thanks, > > greg k-h's email bot

1 year, 4 months

2
3
0 0

v5.15 backport request

by Ard Biesheuvel

Please consider the commits below for backporting to v5.15. These patches are prerequisites for the backport of the x86 EFI stub refactor that is needed for distros to sign v5.15 images for secure boot in a way that complies with new MS requirements for memory protections while running in the EFI firmware. All patches either predate v6.1 or have been backported to it already. The remaining ~50 changes will be posted as a patch series in due time, as they will not apply cleanly to v5.15. Please apply in the order that they appear below. Thanks, Ard. 44f155b4b07b8293472c9797d5b39839b91041ca 4da87c51705815fe1fbd41cc61640bb80da5bc54 7c4146e8885512719a50b641e9277a1712e052ff 176db622573f028f85221873ea4577e096785315 950d00558a920227b5703d1fcc4751cfe03853cd ec1c66af3a30d45c2420da0974c01d3515dba26e a9ee679b1f8c3803490ed2eeffb688aaee56583f 3ba75c1316390b2bc39c19cb8f0f85922ab3f9ed 82e0d6d76a2a74bd6a31141d555d53b4cc22c2a3 31f1a0edff78c43e8a3bd3692af0db1b25c21b17 9cf42bca30e98a1c6c9e8abf876940a551eaa3d1 cb8bda8ad4438b4bcfcf89697fc84803fb210017 e2ab9eab324cdf240de89741e4a1aa79919f0196 5c3a85f35b583259cf5ca0344cd79c8899ba1bb7 91592b5c0c2f076ff9d8cc0c14aa563448ac9fc4 73a6dec80e2acedaef3ca603d4b5799049f6e9f8 7f22ca396778fea9332d83ec2359dbe8396e9a06 4b52016247aeaa55ca3e3bc2e03cd91114c145c2 630f337f0c4fd80390e8600adcab31550aea33df db14655ad7854b69a2efda348e30d02dbc19e8a1 bad267f9e18f8e9e628abd1811d2899b1735a4e1 62b71cd73d41ddac6b1760402bbe8c4932e23531 cc3fdda2876e58a7e83e558ab51853cf106afb6a d2d7a54f69b67cd0a30e0ebb5307cb2de625baac

1 year, 4 months

3
5
0 0

Linux 6.1.89

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.89 kernel. Only users of the 6.1 kernel series that had build problems with 6.1.88 need to upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arm/mach-omap2/pdata-quirks.c | 10 ----- sound/soc/ti/omap3pandora.c | 63 +++++++++++++++++++++++-------------- 3 files changed, 41 insertions(+), 34 deletions(-) Greg Kroah-Hartman (2): Revert "ASoC: ti: Convert Pandora ASoC to GPIO descriptors" Linux 6.1.89

1 year, 4 months

1
1
0 0

[PATCH 2/2] x86/sgx: Resolve EREMOVE page vs EAUG page data race

by Dmitrii Kuvaiskii

Two enclave threads may try to add and remove the same enclave page simultaneously (e.g., if the SGX runtime supports both lazy allocation and `MADV_DONTNEED` semantics). Consider this race: 1. T1 performs page removal in sgx_encl_remove_pages() and stops right after removing the page table entry and right before re-acquiring the enclave lock to EREMOVE and xa_erase(&encl->page_array) the page. 2. T2 tries to access the page, and #PF[not_present] is raised. The condition to EAUG in sgx_vma_fault() is not satisfied because the page is still present in encl->page_array, thus the SGX driver assumes that the fault happened because the page was swapped out. The driver continues on a code path that installs a page table entry *without* performing EAUG. 3. The enclave page metadata is in inconsistent state: the PTE is installed but there was no EAUG. Thus, T2 in userspace infinitely receives SIGSEGV on this page (and EACCEPT always fails). Fix this by making sure that T1 (the page-removing thread) always wins this data race. In particular, the page-being-removed is marked as such, and T2 retries until the page is fully removed. Fixes: 9849bb27152c ("x86/sgx: Support complete page removal") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 3 ++- arch/x86/kernel/cpu/sgx/encl.h | 3 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 41f14b1a3025..7ccd8b2fce5f 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -257,7 +257,8 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, /* Entry successfully located. */ if (entry->epc_page) { - if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) + if (entry->desc & (SGX_ENCL_PAGE_BEING_RECLAIMED | + SGX_ENCL_PAGE_BEING_REMOVED)) return ERR_PTR(-EBUSY); return entry; diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index f94ff14c9486..fff5f2293ae7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -25,6 +25,9 @@ /* 'desc' bit marking that the page is being reclaimed. */ #define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3) +/* 'desc' bit marking that the page is being removed. */ +#define SGX_ENCL_PAGE_BEING_REMOVED BIT(2) + struct sgx_encl_page { unsigned long desc; unsigned long vm_max_prot_bits:8; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index b65ab214bdf5..c542d4dd3e64 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -1142,6 +1142,7 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, * Do not keep encl->lock because of dependency on * mmap_lock acquired in sgx_zap_enclave_ptes(). */ + entry->desc |= SGX_ENCL_PAGE_BEING_REMOVED; mutex_unlock(&encl->lock); sgx_zap_enclave_ptes(encl, addr); -- 2.34.1

1 year, 4 months

1
0
0 0

[PATCH 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Two enclave threads may try to access the same non-present enclave page simultaneously (e.g., if the SGX runtime supports lazy allocation). The threads will end up in sgx_encl_eaug_page(), racing to acquire the enclave lock. The winning thread will perform EAUG, set up the page table entry, and insert the page into encl->page_array. The losing thread will then get -EBUSY on xa_insert(&encl->page_array) and proceed to error handling path. This error handling path contains two bugs: (1) SIGBUS is sent to userspace even though the enclave page is correctly installed by another thread, and (2) sgx_encl_free_epc_page() is called that performs EREMOVE even though the enclave page was never intended to be removed. The first bug is less severe because it impacts only the user space; the second bug is more severe because it also impacts the OS state by ripping the page (added by the winning thread) from the enclave. Fix these two bugs (1) by returning VM_FAULT_NOPAGE to the generic Linux fault handler so that no signal is sent to userspace, and (2) by replacing sgx_encl_free_epc_page() with sgx_free_epc_page() so that no EREMOVE is performed. Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

1 year, 4 months

1
0
0 0

[PATCH 6.1 000/141] 6.1.88-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.88 release. There are 141 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.88-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.88-rc1 Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Fix deadlock when enabling ASPM Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Vladimir Oltean <olteanv(a)gmail.com> net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Qiang Zhang <qiang4.zhang(a)intel.com> bootconfig: use memblock_free_late to free xbc memory to buddy Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Disable support for adaptive PEBS Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Reset .throttled state in .startup() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Return IRQ_NONE in the ISR if no handling happend Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: Do a runtime PM get on controllers during probe AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Extend mtk_clk_simple_probe() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mux: Propagate struct device for mtk-mux AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Propagate struct device for composites AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-gate: Propagate struct device with mtk_clk_register_gates() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8192: Propagate struct device for gate clocks AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8192: Correctly unregister and free clocks on failure Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree for clk_summary Vishal Badole <badolevishal1116(a)gmail.com> clk: Show active consumers of clocks in debugfs Yu Zhe <yuzhe(a)nfschina.com> clk: remove unnecessary (void*) conversions Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: new quirk to reduce the SET_ADDRESS request timeout Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Brenton Simpson <appsforartists(a)google.com> drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Use FIELD_GET() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add correct product series name to messages Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Default mixer driver to enabled Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: group AMD specific quirk code together Linus Walleij <linus.walleij(a)linaro.org> ASoC: ti: Convert Pandora ASoC to GPIO descriptors Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add support for Clarett 8Pre USB Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Move USB IDs out from device_info struct Rob Herring <robh(a)kernel.org> ARM: davinci: Drop unused includes Kelvin Cao <kelvin.cao(a)microchip.com> PCI: switchtec: Add support for PCIe Gen5 devices Kelvin Cao <kelvin.cao(a)microchip.com> PCI: switchtec: Use normal comment style Niklas Schnelle <schnelle(a)linux.ibm.com> PCI: Make quirk using inw() depend on HAS_IOPORT Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Execute quirk_enable_clear_retrain_link() earlier Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add debug log for link controller power quirk Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Log function name of the called quirk Arnd Bergmann <arnd(a)arndb.de> x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() Mike Pastore <mike(a)oobak.org> PCI: Delay after FLR of Solidigm P44 Pro NVMe Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: pci-quirks: Reduce the length of a spinlock section in usb_amd_find_chipset_info() David Yang <mmyangfl(a)gmail.com> HID: kye: Sort kye devices Alvaro Karsz <alvaro.karsz(a)solid-run.com> PCI: Avoid FLR for SolidRun SNET DPU rev 1 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: OMAP2+: pdata-quirks: stop including wl12xx.h Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: omap2: n8x0: stop instantiating codec platform data Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: allow zero flags in parsing tc flower Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent deadlock while disabling aRFS Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Add missing __head annotation to startup_64_load_idt() Pasha Tatashin <pasha.tatashin(a)soleen.com> x86/mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Increase section and file alignment to 4k/512 Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Split off PE/COFF .data section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop PE/COFF .reloc section Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Construct PE/COFF .text section from assembler Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Derive file size from _edata symbol Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Define setup size in linker script Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Set EFI handover offset directly in header asm Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Grab kernel_info offset from zoffset header directly Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop references to startup_64 Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Drop redundant code setting the root device Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Omit compression buffer from PE/COFF image memory footprint Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Remove the 'bugger off' message Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Drop alignment flags from PE section headers Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Reinstate soft limit for initrd loading Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Disregard setup header of loaded image Ard Biesheuvel <ardb(a)kernel.org> x86/efi: Drop EFI stub .bss from .data section Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid writing the mac address before first reading Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle creditable entropy from atomic process context Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Alexey Izbyshev <izbyshev(a)ispras.ru> io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix incorrect number of active RBs for gfx11 Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: fix incorrect active rb bitmap for gfx11 Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Enable DMA mappings with SEV ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + MAINTAINERS | 2 +- Makefile | 4 +- arch/arm/mach-davinci/pdata-quirks.c | 2 +- arch/arm/mach-omap2/board-n8x0.c | 5 - arch/arm/mach-omap2/common-board-devices.h | 2 - arch/arm/mach-omap2/pdata-quirks.c | 12 +- arch/arm64/mm/pageattr.c | 3 - arch/x86/boot/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 1 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/boot/compressed/vmlinux.lds.S | 6 +- arch/x86/boot/header.S | 211 +++++++--------- arch/x86/boot/setup.ld | 14 +- arch/x86/boot/tools/build.c | 273 +-------------------- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/page_types.h | 12 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/kernel/amd_gart_64.c | 2 +- arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kernel/head64.c | 7 +- arch/x86/kernel/platform-quirks.c | 1 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 11 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 + arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/vmx/vmx.c | 24 +- arch/x86/kvm/x86.c | 2 +- arch/x86/mm/mem_encrypt_boot.S | 4 +- arch/x86/mm/mem_encrypt_identity.c | 58 ++--- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pti.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/char/random.c | 10 +- drivers/clk/clk.c | 201 +++++++++++---- drivers/clk/mediatek/clk-gate.c | 23 +- drivers/clk/mediatek/clk-gate.h | 7 +- drivers/clk/mediatek/clk-mt2701-aud.c | 4 +- drivers/clk/mediatek/clk-mt2701-eth.c | 4 +- drivers/clk/mediatek/clk-mt2701-g3d.c | 2 +- drivers/clk/mediatek/clk-mt2701-hif.c | 4 +- drivers/clk/mediatek/clk-mt2701-mm.c | 4 +- drivers/clk/mediatek/clk-mt2701.c | 22 +- drivers/clk/mediatek/clk-mt2712-mm.c | 4 +- drivers/clk/mediatek/clk-mt2712.c | 24 +- drivers/clk/mediatek/clk-mt6765.c | 13 +- drivers/clk/mediatek/clk-mt6779-mm.c | 4 +- drivers/clk/mediatek/clk-mt6779.c | 21 +- drivers/clk/mediatek/clk-mt6795-infracfg.c | 3 +- drivers/clk/mediatek/clk-mt6795-mm.c | 3 +- drivers/clk/mediatek/clk-mt6795-pericfg.c | 6 +- drivers/clk/mediatek/clk-mt6795-topckgen.c | 6 +- drivers/clk/mediatek/clk-mt6797-mm.c | 4 +- drivers/clk/mediatek/clk-mt6797.c | 7 +- drivers/clk/mediatek/clk-mt7622-aud.c | 4 +- drivers/clk/mediatek/clk-mt7622-eth.c | 8 +- drivers/clk/mediatek/clk-mt7622-hif.c | 8 +- drivers/clk/mediatek/clk-mt7622.c | 22 +- drivers/clk/mediatek/clk-mt7629-eth.c | 7 +- drivers/clk/mediatek/clk-mt7629-hif.c | 8 +- drivers/clk/mediatek/clk-mt7629.c | 18 +- drivers/clk/mediatek/clk-mt7986-eth.c | 10 +- drivers/clk/mediatek/clk-mt7986-infracfg.c | 7 +- drivers/clk/mediatek/clk-mt7986-topckgen.c | 3 +- drivers/clk/mediatek/clk-mt8135.c | 18 +- drivers/clk/mediatek/clk-mt8167-aud.c | 2 +- drivers/clk/mediatek/clk-mt8167-img.c | 2 +- drivers/clk/mediatek/clk-mt8167-mfgcfg.c | 2 +- drivers/clk/mediatek/clk-mt8167-mm.c | 4 +- drivers/clk/mediatek/clk-mt8167-vdec.c | 3 +- drivers/clk/mediatek/clk-mt8167.c | 12 +- drivers/clk/mediatek/clk-mt8173-mm.c | 4 +- drivers/clk/mediatek/clk-mt8173.c | 34 +-- drivers/clk/mediatek/clk-mt8183-audio.c | 4 +- drivers/clk/mediatek/clk-mt8183-mm.c | 4 +- drivers/clk/mediatek/clk-mt8183.c | 36 +-- drivers/clk/mediatek/clk-mt8186-mcu.c | 3 +- drivers/clk/mediatek/clk-mt8186-mm.c | 3 +- drivers/clk/mediatek/clk-mt8186-topckgen.c | 9 +- drivers/clk/mediatek/clk-mt8192-aud.c | 3 +- drivers/clk/mediatek/clk-mt8192-mm.c | 3 +- drivers/clk/mediatek/clk-mt8192.c | 88 +++++-- drivers/clk/mediatek/clk-mt8195-apmixedsys.c | 3 +- drivers/clk/mediatek/clk-mt8195-topckgen.c | 9 +- drivers/clk/mediatek/clk-mt8195-vdo0.c | 3 +- drivers/clk/mediatek/clk-mt8195-vdo1.c | 3 +- drivers/clk/mediatek/clk-mt8365-mm.c | 5 +- drivers/clk/mediatek/clk-mt8365.c | 14 +- drivers/clk/mediatek/clk-mt8516-aud.c | 2 +- drivers/clk/mediatek/clk-mt8516.c | 12 +- drivers/clk/mediatek/clk-mtk.c | 127 +++++++++- drivers/clk/mediatek/clk-mtk.h | 13 +- drivers/clk/mediatek/clk-mux.c | 14 +- drivers/clk/mediatek/clk-mux.h | 3 +- drivers/comedi/drivers/vmk80xx.c | 35 +-- drivers/firmware/efi/libstub/Makefile | 7 - drivers/firmware/efi/libstub/x86-stub.c | 58 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++-- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 80 ++++-- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 - drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_vma.c | 42 +++- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/hid/hid-ids.h | 2 +- drivers/hid/hid-kye.c | 66 ++--- drivers/hid/hid-quirks.c | 6 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 58 +++-- drivers/net/dsa/mt7530.h | 6 + drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 +- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 ++ drivers/net/tun.c | 18 +- drivers/net/usb/ax88179_178a.c | 4 +- drivers/pci/bus.c | 49 ++-- drivers/pci/pci.c | 78 ++++-- drivers/pci/pci.h | 4 +- drivers/pci/pcie/aspm.c | 21 +- drivers/pci/pcie/dpc.c | 5 +- drivers/pci/quirks.c | 70 +++++- drivers/pci/switch/switchtec.c | 158 +++++++----- drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 ++- drivers/thunderbolt/quirks.c | 2 + drivers/thunderbolt/switch.c | 50 +++- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/tty/serial/stm32-usart.c | 13 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 15 +- drivers/usb/core/port.c | 4 +- drivers/usb/core/quirks.c | 7 + drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/host/pci-quirks.c | 123 +++++----- drivers/usb/host/pci-quirks.h | 14 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/host/xhci.c | 23 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/serial/option.c | 40 +++ fs/nilfs2/dir.c | 2 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/server.c | 13 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/vfs.c | 5 + fs/sysfs/file.c | 2 + include/linux/bootconfig.h | 7 +- include/linux/pci.h | 5 + include/linux/pci_ids.h | 2 + include/linux/switchtec.h | 1 + include/linux/usb/hcd.h | 5 +- include/linux/usb/quirks.h | 3 + include/net/dsa.h | 8 + include/net/netfilter/nf_flow_table.h | 12 +- include/trace/events/rpcgss.h | 4 +- include/uapi/linux/pci_regs.h | 1 + init/main.c | 2 + io_uring/io_uring.c | 16 +- lib/bootconfig.c | 19 +- mm/memory-failure.c | 18 +- net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/dsa/dsa2.c | 24 +- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_tables_api.c | 16 +- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/ti/omap3pandora.c | 63 ++--- sound/usb/Makefile | 2 +- sound/usb/mixer_quirks.c | 9 +- .../{mixer_scarlett_gen2.c => mixer_scarlett2.c} | 257 +++++++++++++------ sound/usb/mixer_scarlett2.h | 7 + sound/usb/mixer_scarlett_gen2.h | 7 - .../ftrace/test.d/event/subsystem-enable.tc | 6 +- 199 files changed, 2147 insertions(+), 1497 deletions(-)

1 year, 4 months

16
163
0 0

[PATCH v1] usb: typec: tcpm: enforce ready state when queueing alt mode vdm

by RD Babiera

Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c26fb70c3ec6..6fa1601ac259 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, TCPC_TX_SOP); mutex_unlock(&port->lock); base-commit: 684e9f5f97eb4b7831298ffad140d5c1d426ff27 -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

2
3
0 0

[REGRESSION] Serious regression on 6.1.x-stable caused by "bounds: support non-power-of-two CONFIG_NR_CPUS"

by Mikhail Novosyolov

Hello, colleagues. Commit f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a "bounds: support non-power-of-two CONFIG_NR_CPUS" (https://github.com/torvalds/linux/commit/f2d5dcb48f7ba9e3ff249d58fc1fa963d3…) was backported to 6.1.x-stable (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…), but causes a serious regression on quite a lot of hardware with AMD GPUs, kernel panics. It was backported to 6.1.84, 6.1.84 has problems, 6.1.83 does not, the newest 6.1.88 still has this problem. The problem is described here: https://gitlab.freedesktop.org/drm/amd/-/issues/3347 #regzbot introduced: 428ca0000f0abd5c99354c52a36becf2b815ca21

1 year, 4 months

1
0
0 0

[PATCH 1/1] serial: sc16is7xx: announce support of SER_RS485_RTS_ON_SEND

by Konstantin Pugin

From: Konstantin Pugin <ria.freelander(a)gmail.com> When specifying flag SER_RS485_RTS_ON_SEND in RS485 configuration, we get the following warning after commit 4afeced55baa ("serial: core: fix sanitizing check for RTS settings"): invalid RTS setting, using RTS_AFTER_SEND instead This results in SER_RS485_RTS_AFTER_SEND being set and the driver always write to the register field SC16IS7XX_EFCR_RTS_INVERT_BIT, which breaks some hardware using these chips. The hardware supports both RTS_ON_SEND and RTS_AFTER_SEND modes, so fix this by announcing support for RTS_ON_SEND. Cc: stable(a)vger.kernel.org Fixes: 267913ecf737 ("serial: sc16is7xx: Fill in rs485_supported") Tested-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Konstantin Pugin <ria.freelander(a)gmail.com> --- drivers/tty/serial/sc16is7xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 03cf30e20b75..dfcc804f558f 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -1449,7 +1449,7 @@ static int sc16is7xx_setup_mctrl_ports(struct sc16is7xx_port *s, } static const struct serial_rs485 sc16is7xx_rs485_supported = { - .flags = SER_RS485_ENABLED | SER_RS485_RTS_AFTER_SEND, + .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND, .delay_rts_before_send = 1, .delay_rts_after_send = 1, /* Not supported but keep returning -EINVAL */ }; -- 2.44.0

1 year, 4 months

1
0
0 0

[PATCH v3] Input: xen-kbdfront - drop keys to shrink modalias

by Jason Andryuk

xen kbdfront registers itself as being able to deliver *any* key since it doesn't know what keys the backend may produce. Unfortunately, the generated modalias gets too large and uevent creation fails with -ENOMEM. This can lead to gdm not using the keyboard since there is no seat associated [1] and the debian installer crashing [2]. Trim the ranges of key capabilities by removing some BTN_* ranges. While doing this, some neighboring undefined ranges are removed to trim it further. An upper limit of KEY_KBD_LCD_MENU5 is still too large. Use an upper limit of KEY_BRIGHTNESS_MENU. This removes: BTN_DPAD_UP(0x220)..BTN_DPAD_RIGHT(0x223) Empty space 0x224..0x229 Empty space 0x28a..0x28f KEY_MACRO1(0x290)..KEY_MACRO30(0x2ad) KEY_MACRO_RECORD_START 0x2b0 KEY_MACRO_RECORD_STOP 0x2b1 KEY_MACRO_PRESET_CYCLE 0x2b2 KEY_MACRO_PRESET1(0x2b3)..KEY_MACRO_PRESET3(0xb5) Empty space 0x2b6..0x2b7 KEY_KBD_LCD_MENU1(0x2b8)..KEY_KBD_LCD_MENU5(0x2bc) Empty space 0x2bd..0x2bf BTN_TRIGGER_HAPPY(0x2c0)..BTN_TRIGGER_HAPPY40(0x2e7) Empty space 0x2e8..0x2ff The modalias shrinks from 2082 to 1550 bytes. A chunk of keys need to be removed to allow the keyboard to be used. This may break some functionality, but the hope is these macro keys are uncommon and don't affect any users. [1] https://github.com/systemd/systemd/issues/22944 [2] https://lore.kernel.org/xen-devel/87o8dw52jc.fsf@vps.thesusis.net/T/ Cc: Phillip Susi <phill(a)thesusis.net> Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Mattijs Korpershoek <mkorpershoek(a)baylibre.com> --- v3: Add Mattijs R-b Put /* and */ on separate lines --- drivers/input/misc/xen-kbdfront.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/input/misc/xen-kbdfront.c b/drivers/input/misc/xen-kbdfront.c index 67f1c7364c95..d59ba8f9852e 100644 --- a/drivers/input/misc/xen-kbdfront.c +++ b/drivers/input/misc/xen-kbdfront.c @@ -256,7 +256,16 @@ static int xenkbd_probe(struct xenbus_device *dev, __set_bit(EV_KEY, kbd->evbit); for (i = KEY_ESC; i < KEY_UNKNOWN; i++) __set_bit(i, kbd->keybit); - for (i = KEY_OK; i < KEY_MAX; i++) + /* + * In theory we want to go KEY_OK..KEY_MAX, but that grows the + * modalias line too long. There is a gap of buttons from + * BTN_DPAD_UP..BTN_DPAD_RIGHT and KEY_ALS_TOGGLE is the next + * defined. Then continue up to KEY_BRIGHTNESS_MENU as an upper + * limit. + */ + for (i = KEY_OK; i < BTN_DPAD_UP; i++) + __set_bit(i, kbd->keybit); + for (i = KEY_ALS_TOGGLE; i <= KEY_BRIGHTNESS_MENU; i++) __set_bit(i, kbd->keybit); ret = input_register_device(kbd); -- 2.41.0

1 year, 4 months

2
5
0 0

[PATCH v2] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address 00000000000003c0 pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..454165776797 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4,7 +4,6 @@ * * USB Power Delivery protocol stack. */ - #include <linux/completion.h> #include <linux/debugfs.h> #include <linux/device.h> @@ -1580,7 +1579,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1742,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4231,7 +4234,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4241,9 +4247,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,9 +4333,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4549,6 +4561,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

1
1
0 0

[PATCH v1] usb: typec: tcpm: Check for port partner validity before consuming it

by Badhri Jagan Sridharan

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: [17514.377076][ T275] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003c0 [17514.378270][ T275] pc : run_state_machine+0x1bc8/0x1c08 [17514.378286][ T275] lr : run_state_machine+0x1b90/0x1c08 .. [17514.378377][ T275] Call trace: [17514.378381][ T275] run_state_machine+0x1bc8/0x1c08 [17514.378388][ T275] tcpm_state_machine_work+0x94/0xe4 [17514.378396][ T275] kthread_worker_fn+0x118/0x328 [17514.378406][ T275] kthread+0x1d0/0x23c [17514.378412][ T275] ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..8a4fa8d875c6 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4,7 +4,6 @@ * * USB Power Delivery protocol stack. */ - #include <linux/completion.h> #include <linux/debugfs.h> #include <linux/device.h> @@ -1580,7 +1579,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (!IS_ERR_OR_NULL(port->partner)) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1742,6 +1742,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (IS_ERR_OR_NULL(port->partner)) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4244,7 +4247,8 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner = typec_register_partner(port->typec_port, &port->partner_desc); port->connected = true; - typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); + if (!IS_ERR_OR_NULL(port->partner)) + typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4323,8 +4327,10 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); + if (!IS_ERR_OR_NULL(port->partner)) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + } port->partner = NULL; port->connected = false; } @@ -4549,6 +4555,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (IS_ERR_OR_NULL(port->partner)) + return; + switch (port->negotiated_rev) { case PD_REV30: break; base-commit: 3f12222a4bebeb13ce06ddecc1610ad32fa835dd -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

2
2
0 0

[PATCH 5.15 000/476] 5.15.149-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.149 release. There are 476 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 23 Feb 2024 12:59:02 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.149-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.149-rc1 Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Ignore End Transfer delay on teardown Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: Revert "media: rkisp1: Drop IRQF_SHARED" Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Execute gadget stop after halting the controller Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Don't delay End Transfer on delayed_status Peter Suti <peter.suti(a)streamunlimited.com> staging: fbtft: core: set smem_len before fb_deferred_io_init call Kees Cook <keescook(a)chromium.org> smb3: Replace smb2pdu 1-element arrays with flex-arrays Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add null pointer checks Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Fix EEE implementation Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on stack" Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dsi: Enable runtime PM Douglas Anderson <dianders(a)chromium.org> PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs for invalid DAT metadata block requests Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential bug in end_buffer_async_write Linus Torvalds <torvalds(a)linuxfoundation.org> sched/membarrier: reduce the ability to hammer on sys_membarrier Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Missing gc cancellations fixed Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Davidlohr Bueso <dave(a)stgolabs.net> hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix performance regression in swap operation Carlos Llamas <cmllamas(a)google.com> scripts/decode_stacktrace.sh: optionally use LLVM utilities Miguel Ojeda <ojeda(a)kernel.org> scripts: decode_stacktrace: demangle Rust symbols Schspa Shi <schspa(a)gmail.com> scripts/decode_stacktrace.sh: support old bash version Nam Cao <namcao(a)linutronix.de> fbdev: flush deferred IO before closing Takashi Iwai <tiwai(a)suse.de> fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() Takashi Iwai <tiwai(a)suse.de> fbdev: Fix invalid page access after closing deferred I/O devices Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Rename pagelist to pagereflist for deferred I/O Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Track deferred-I/O pages in pageref struct Chuansheng Liu <chuansheng.liu(a)intel.com> fbdev: defio: fix the pagelist corruption Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Don't sort deferred-I/O pages by default Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/defio: Early-out if page is already enlisted Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: 8250_exar: Set missing rs485_supported flag Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_exar: Fill in rs485_supported Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Queue PM runtime idle on disconnect event Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Handle EP0 request dequeuing properly Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Submit endxfer command if delayed during disconnect Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Force sending delayed status during soft disconnect Mayank Rana <quic_mrana(a)quicinc.com> usb: dwc3: Fix ep0 handling when getting reset while doing control transfer Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Delay issuing End Transfer Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Only End Transfer for ep0 data phase Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: ep0: Don't prepare beyond Setup stage Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: fix uninitialized firmware_stat Sjoerd Simons <sjoerd(a)collabora.com> bus: moxtet: Add spi device table David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: add extra delay for firmware ready Lukas Wunner <lukas(a)wunner.de> wifi: mwifiex: Support SD8978 chipset Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> mwifiex: Select firmware based on strapping Christian König <christian.koenig(a)amd.com> dma-buf: add dma_fence_timestamp helper Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix task hung while purging oob_skb in GC. Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Inform kmemleak of saved_cmdlines allocation Konrad Dybcio <konrad.dybcio(a)linaro.org> pmdomain: core: Move the unused cleanup to a _sync initcall Oleksij Rempel <linux(a)rempel-privat.de> can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Ziqi Zhao <astrajoan(a)yahoo.com> can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Nuno Sa <nuno.sa(a)analog.com> of: property: fix typo in io-channels Prakash Sangappa <prakash.sangappa(a)oracle.com> mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Rishabh Dave <ridave(a)redhat.com> ceph: prevent use-after-free in encode_cap_msg() Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix potential loss of L3-IP@ in case of network issues Sinthu Raja <sinthu.raja(a)ti.com> net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Doug Berger <opendmb(a)gmail.com> irqchip/irq-brcmstb-l2: Add write memory barrier before exit Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Daniel de Villiers <daniel.devilliers(a)corigine.com> nfp: flower: prevent re-adding mac index for bonded port Daniel Basilio <daniel.basilio(a)corigine.com> nfp: use correct macro for LengthSelect in BAR config Kim Phillips <kim.phillips(a)amd.com> crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix data corruption in dsync block recovery for small block sizes bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Add quirk for SWS JS201D Alexander Stein <alexander.stein(a)ew.tq-group.com> mmc: slot-gpio: Allow non-sleeping GPIO ro Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Aleksander Mazur <deweloper(a)wp.pl> x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Naveen N Rao <naveen(a)kernel.org> powerpc/64: Set task pt_regs->link to the LR value on scv entry Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fail probe if clock crystal is unstable Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: improve crystal stable clock detection Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: set default value when reading clock ready bit Vincent Donnefort <vdonnefort(a)google.com> ring-buffer: Clean ring_buffer_poll_wait() error return Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Philip Yang <Philip.Yang(a)amd.com> drm/prime: Support page array >= 4GB Sean Young <sean(a)mess.org> media: rc: bpf attach/detach requires write permission Mario Limonciello <mario.limonciello(a)amd.com> iio: accel: bma400: Fix a compilation problem Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: core: fix memleak in iio_device_register_sysfs zhili.liu <zhili.liu(a)ucas.com.cn> iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC David Schiller <david.schiller(a)jku.at> staging: iio: ad5933: fix type mismatch regression Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix wasted memory in saved_cmdlines logic Baokun Li <libaokun1(a)huawei.com> ext4: fix double-free of blocks due to wrong extents moved_len Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Mark all sessions as invalid in cb_remove Carlos Llamas <cmllamas(a)google.com> binder: signal epoll threads of self-work Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: handle deferred probe Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Jan Beulich <jbeulich(a)suse.com> xen-netback: properly sync TX responses Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: nci: free rx_data_reassembly skb on NCI device cleanup Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix changing ELF file type for output of gen_btf for big endian Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct documentation of fw_csr_string() kernel API Ondrej Mosnacek <omosnace(a)redhat.com> lsm: fix the logic in security_inode_getsecctx() Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: flush any delayed gfxoff on suspend entry" Lee Duncan <lduncan(a)suse.com> scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Paolo Abeni <pabeni(a)redhat.com> mptcp: fix data re-injection from stale subflow Radek Krejci <radek.krejci(a)oracle.com> modpost: trim leading spaces when processing source files list Jean Delvare <jdelvare(a)suse.de> i2c: i801: Fix block process call transactions Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Remove i801_set_block_buffer_mode Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> powerpc/kasan: Fix addr error caused by page alignment Zhipeng Lu <alexious(a)zju.edu.cn> media: ir_toy: fix a memleak in irtoy_tx Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend yuan linyu <yuanlinyu(a)hihonor.com> usb: f_mass_storage: forbid async queue when shutdown happen Oliver Neukum <oneukum(a)suse.com> USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Christian A. Ehrhardt <lk(a)c--e.de> usb: ucsi_acpi: Fix command completion handling Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Do not register input devices until after hid_hw_start Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: generic: Avoid reporting a serial of '0' to userspace Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid-of: fix NULL-deref on failed power up Luka Guzenko <l.guzenko(a)web.de> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx David Senoner <seda18(a)rolmail.net> ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Michael Kelley <mhklinux(a)outlook.com> scsi: storvsc: Fix ring buffer size calculation Zach O'Keefe <zokeefe(a)google.com> mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/trigger: Fix to return error if failed to alloc snapshot Samuel Holland <samuel.holland(a)sifive.com> scs: add CONFIG_MMU dependency for vfree_atomic() Ivan Vecera <ivecera(a)redhat.com> i40e: Fix waiting for queues of all VSIs to be disabled Guenter Roeck <linux(a)roeck-us.net> MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path for statistics Alexey Khoroshilov <khoroshilov(a)ispras.ru> ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: ppc4xx: Drop write-only variable Aaron Conole <aconole(a)redhat.com> net: openvswitch: limit the number of recursions from action sets Dan Carpenter <dan.carpenter(a)linaro.org> wifi: iwlwifi: Fix some error codes Christian A. Ehrhardt <lk(a)c--e.de> of: unittest: Fix compile in the non-dynamic case David Sterba <dsterba(a)suse.com> btrfs: send: return EOPNOTSUPP on unknown flags Boris Burkov <boris(a)bur.io> btrfs: forbid deleting live subvol qgroup Qu Wenruo <wqu(a)suse.com> btrfs: do not ASSERT() if the newly created subvolume already got read Boris Burkov <boris(a)bur.io> btrfs: forbid creating subvol qgroups Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_rbtree: skip end interval element from gc Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix a typo of register name in DPP safety handling Simon Horman <horms(a)kernel.org> net: stmmac: xgmac: use #define for string constants Jiri Wiesner <jwiesner(a)suse.de> clocksource: Skip watchdog check for large watchdog intervals Prathu Baronia <prathubaronia2011(a)gmail.com> vhost: use kzalloc() instead of kmalloc() followed by memset() Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Frederic Weisbecker <frederic(a)kernel.org> hrtimer: Report offline hrtimer enqueue Prashanth K <quic_prashk(a)quicinc.com> usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Leonard Dallmayr <leonard.dallmayr(a)mailbox.org> USB: serial: cp210x: add ID for IMST iM871A-USB Puliang Lu <puliang.lu(a)fibocom.com> USB: serial: option: add Fibocom FM101-GL variant JackBB Wu <wojackbb(a)gmail.com> USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Julian Sikorski <belegdol+github(a)gmail.com> ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Justin Stitt <justinstitt(a)google.com> drivers: lkdtm: fix clang -Wformat warning Tejun Heo <tj(a)kernel.org> blk-iocost: Fix an UBSAN shift-out-of-bounds warning Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix an NULL dereference bug Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove scratch_aligned pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: add helper to release pcpu scratch area Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: store index in scratch maps Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: reject direction for ct id Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Anson Jacob <Anson.Jacob(a)amd.com> drm/amd/display: Fix multiple memory leaks reported by coverity Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: restrict match/target protocol to u16 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_compat: reject unused compat flag Eric Dumazet <edumazet(a)google.com> ppp_async: limit MRU to 64K Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. Shigeru Yoshida <syoshida(a)redhat.com> tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() David Howells <dhowells(a)redhat.com> rxrpc: Fix response to PING RESPONSE ACKs to a dead call Eric Dumazet <edumazet(a)google.com> inet: read sk->sk_family once in inet_recv_error() Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix bogus core_id to attr name mapping Zhang Rui <rui.zhang(a)intel.com> hwmon: (coretemp) Fix out-of-bounds memory access Loic Prylli <lprylli(a)netflix.com> hwmon: (aspeed-pwm-tacho) mutex for tach reading Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-pf: Fix a memleak otx2_sq_init Zhipeng Lu <alexious(a)zju.edu.cn> atm: idt77252: fix a memleak in open_card_ubr0 Antoine Tenart <atenart(a)kernel.org> tunnels: fix out of bounds access when building IPv6 PMTU error Paolo Abeni <pabeni(a)redhat.com> selftests: net: avoid just another constant wait Paolo Abeni <pabeni(a)redhat.com> selftests: net: cut more slack for gro fwd tests. Furong Xu <0x1207(a)gmail.com> net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Tony Lindgren <tony(a)atomide.com> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Frank Li <Frank.Li(a)nxp.com> dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Jai Luthra <j-luthra(a)ti.com> dmaengine: ti: k3-udma: Report short packet errors Guanhua Gao <guanhua.gao(a)nxp.com> dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Johan Hovold <johan+linaro(a)kernel.org> ASoC: codecs: lpass-wsa-macro: fix compander volume hack Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: remove print in bond_verify_device_path Benjamin Berg <bberg(a)redhat.com> HID: apple: Add 2021 magic keyboard FN key mapping Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: Add support for the 2021 Magic Keyboard Praveen Kaligineedi <pkaligineedi(a)google.com> gve: Fix use-after-free vulnerability Huang Shijie <shijie(a)os.amperecomputing.com> arm64: irq: set the correct node for shadow call stack Breno Leitao <leitao(a)debian.org> net: sysfs: Fix /sys/class/net/<iface> path Paolo Abeni <pabeni(a)redhat.com> selftests: net: fix available tunnels detection Eric Dumazet <edumazet(a)google.com> af_unix: fix lockdep positive in sk_diag_dump_icons() Zhipeng Lu <alexious(a)zju.edu.cn> net: ipv4: fix a memleak in ip_setup_cork Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV Linus Lüssing <linus.luessing(a)c0d3.blue> bridge: mcast: fix disabled snooping after long uptime Eric Dumazet <edumazet(a)google.com> llc: call sock_orphan() at release time Helge Deller <deller(a)kernel.org> ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor overtemp event handling Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: Refactor returning internal error codes Piotr Skajewski <piotrx.skajewski(a)intel.com> ixgbe: Remove non-inclusive language Eric Dumazet <edumazet(a)google.com> tcp: add sanity checks to rx zerocopy Eric Dumazet <edumazet(a)google.com> ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() Eric Dumazet <edumazet(a)google.com> ip6_tunnel: use dev_sw_netstats_rx_add() Paolo Abeni <pabeni(a)redhat.com> selftests: net: give more time for GRO aggregation Ming Lei <ming.lei(a)redhat.com> scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Su Hui <suhui(a)nfschina.com> scsi: isci: Fix an error code problem in isci_io_request_build() Stephen Rothwell <sfr(a)canb.auug.org.au> drm: using mul_u32_u32() requires linux/math64.h Edward Adam Davis <eadavis(a)qq.com> wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Peter Zijlstra <peterz(a)infradead.org> perf: Fix the nr_addr_filters fix Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' Xiubo Li <xiubli(a)redhat.com> ceph: fix deadlock or deadcode of misusing dget() Ming Lei <ming.lei(a)redhat.com> blk-mq: fix IO hang from sbitmap wakeup race Zhu Yanjun <yanjun.zhu(a)linux.dev> virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix lock dependency warning Ian Rogers <irogers(a)google.com> libsubcmd: Fix memory leak in uniq() Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Bjorn Helgaas <bhelgaas(a)google.com> PCI/AER: Decode Requester ID when no error info found Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix 64GT/s effective data rate calculation Max Kellermann <max.kellermann(a)ionos.com> fs/kernfs/dir: obey S_ISGID Adrian Reber <areber(a)redhat.com> tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Jo Van Bulck <jo.vanbulck(a)cs.kuleuven.be> selftests/sgx: Fix linker script asserts Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: hub: Replace hardcoded quirk value with BIT() macro James Clark <james.clark(a)arm.com> perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present Daniel Stodden <dns(a)arista.com> PCI: switchtec: Fix stdev_release() crash after surprise hot remove Guilherme G. Piccoli <gpiccoli(a)igalia.com> PCI: Only override AMD USB controller if required Xiaowu.ding <xiaowu.ding(a)jaguarmicro.com> mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt Peter Robinson <pbrobinson(a)gmail.com> mfd: ti_am335x_tscadc: Fix TI SoC dependencies Oleksandr Tyshchenko <oleksandr_tyshchenko(a)epam.com> xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import Harshit Shah <harshitshah.opendev(a)gmail.com> i3c: master: cdns: Update maximum prescaler value for i2c clock Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time corruption Nathan Chancellor <nathan(a)kernel.org> um: net: Fix return type of uml_net_start_xmit() Benjamin Berg <benjamin(a)sipsolutions.net> um: Don't use vfprintf() for os_info() Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix naming clash between UML and scheduler Heiner Kallweit <hkallweit1(a)gmail.com> leds: trigger: panic: Don't register panic notifier if creating the trigger failed bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Let KFD sync with VM fences Alexander Stein <alexander.stein(a)ew.tq-group.com> clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: imx: scu: Fix memory leak in __imx_clk_gpr_scu() Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: make flip_timestamp_in_us a 64-bit variable Werner Fischer <devlists(a)wefi.net> watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kuan-Wei Chiu <visitorckw(a)gmail.com> clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() Wang, Beyond <Wang.Beyond(a)amd.com> drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap Rob Clark <robdclark(a)chromium.org> drm/msm/dpu: Ratelimit framedone timeout msgs Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: imx335: Fix hblank min/max values Su Hui <suhui(a)nfschina.com> media: ddbridge: fix an error code problem in ddb_probe Daniel Vacek <neelx(a)redhat.com> IB/ipoib: Fix mcast list locking Douglas Anderson <dianders(a)chromium.org> drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Chao Yu <chao(a)kernel.org> f2fs: fix to tag gcing flag on page during block migration Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Drop IRQF_SHARED Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: Intel: add HDA_ARL PCI ID support Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> PCI: add INTEL_HDA_ARL to pci_ids.h Michael Tretter <m.tretter(a)pengutronix.de> media: rockchip: rga: fix swizzling for RGB formats Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> media: stk1160: Fixed high volume of stk1160_dbg messages Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/mipi-dsi: Fix detach call without attach Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/framebuffer: Fix use of uninitialized variable Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/drm_file: fix use of uninitialized variable Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix write pointers on zoned device after roll forward Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Fix tiled display misalignment Jack Wang <jinpu.wang(a)ionos.com> RDMA/IPoIB: Fix error code return in ipoib_mcast_join Al Viro <viro(a)zeniv.linux.org.uk> fast_dput(): handle underflows gracefully Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Refer to correct stream index at loops Chao Yu <chao(a)kernel.org> f2fs: fix to check return value of f2fs_reserve_new_block() Suman Ghosh <sumang(a)marvell.com> octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry Andrii Staikov <andrii.staikov(a)intel.com> i40e: Fix VF disable behavior to block all traffic Lin Ma <linma(a)zju.edu.cn> bridge: cfm: fix enum typo in br_cc_ccm_tx_parse Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix possible multiple reject send Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: free beacon_ies when overridden from hidden BSS Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() Alexander Tsoy <alexander(a)tsoy.me> ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Mingyi Zhang <zhangmingyi5(a)huawei.com> libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos Zenm Chen <zenmchen(a)gmail.com> wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property Mao Jinlong <quic_jinlmao(a)quicinc.com> arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property Alex Lyakas <alex.lyakas(a)zadara.com> md: Whenassemble the array, consult the superblock of the freshest device Christoph Hellwig <hch(a)lst.de> block: prevent an integer overflow in bvec_try_merge_hw_page Tobias Waldekranz <tobias(a)waldekranz.com> net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23/28: Fix the DMA controller node name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx23-sansa: Use preferred i2c-gpios properties Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27-apf27dev: Fix LED name Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27: Pass timing0 Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25: Fix the iim compatible string Kees Cook <keescook(a)chromium.org> block/rnbd-srv: Check for unlikely string overflow Shannon Nelson <shannon.nelson(a)amd.com> ionic: pass opcode to devcmd_wait Fabio Estevam <festevam(a)denx.de> ARM: dts: imx1: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx27: Fix sram node Fabio Estevam <festevam(a)denx.de> ARM: dts: imx: Use flash@0,0 pattern Fabio Estevam <festevam(a)denx.de> ARM: dts: imx25/27-eukrea: Fix RTC node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3036 hdmi ports node Hou Tao <houtao1(a)huawei.com> bpf: Set uattr->batch.count as zero before batched update or deletion Hannes Reinecke <hare(a)suse.de> scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hannes Reinecke <hare(a)suse.de> scsi: libfc: Don't schedule abort twice Hou Tao <houtao1(a)huawei.com> bpf: Add map and need_defer parameters to .map_fd_put_ptr() Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix nand-controller #size-cells Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7s: Fix lcdif compatible Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7d: Fix coresight funnel ports ching Huang <ching2048(a)areca.com.tw> scsi: arcmsr: Support new PCI device IDs 1883 and 1886 Zhengchao Shao <shaozhengchao(a)huawei.com> bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk Ido Schimmel <idosch(a)nvidia.com> PCI: Add no PM reset quirk for NVIDIA Spectrum devices Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible file string name overflow when updating firmware Yafang Shao <laoar.shao(a)gmail.com> selftests/bpf: Fix issues in setup_classid_environment() Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix pyperf180 compilation failure with clang18 Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: satisfy compiler by having explicit return in btf test Shiji Yang <yangshiji66(a)outlook.com> wifi: rt2x00: restart beacon queue when hardware reset Baokun Li <libaokun1(a)huawei.com> ext4: avoid online resizing failures due to oversized flex bg Baokun Li <libaokun1(a)huawei.com> ext4: remove unnecessary check from alloc_flex_gd() Baokun Li <libaokun1(a)huawei.com> ext4: unify the type of flexbg_size to unsigned int Ye Bin <yebin10(a)huawei.com> ext4: fix inconsistent between segment fstrim and full fstrim Gabriel Krisman Bertazi <krisman(a)suse.de> ecryptfs: Reject casefold directory inodes Anna Schumaker <Anna.Schumaker(a)Netapp.com> SUNRPC: Fix a suspicious RCU usage warning Heiko Carstens <hca(a)linux.ibm.com> KVM: s390: fix setting of fpc register Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: handle setting of fpc register correctly Arnd Bergmann <arnd(a)arndb.de> arch: consolidate arch_irq_work_raise prototypes Edward Adam Davis <eadavis(a)qq.com> jfs: fix array-index-out-of-bounds in diNewExt Oleg Nesterov <oleg(a)redhat.com> rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() Oleg Nesterov <oleg(a)redhat.com> afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32/crc32 - fix parsing list of devices Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix cptvf driver cleanup Weichen Chen <weichen.chen(a)mediatek.com> pstore/ram: Fix crash when setting number of cpus to an odd number Edward Adam Davis <eadavis(a)qq.com> jfs: fix uaf in jfs_evict_inode Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix array-index-out-of-bounds in dbAdjTree Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix slab-out-of-bounds Read in dtSearch Osama Muhammad <osmtendev(a)gmail.com> UBSAN: array-index-out-of-bounds in dtSplitRoot Osama Muhammad <osmtendev(a)gmail.com> FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events Mukesh Ojha <quic_mojha(a)quicinc.com> PM / devfreq: Synchronize devfreq_monitor_[start/stop] Prarit Bhargava <prarit(a)redhat.com> ACPI: extlog: fix NULL pointer dereference check Dmitry Antipov <dmantipov(a)yandex.ru> PNP: ACPI: fix fortify warning Yuluo Qiu <qyl27(a)outlook.com> ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Chris Riches <chris.riches(a)nutanix.com> audit: Send netlink ACK before setting connection in auditd_set Rui Zhang <zr.zhang(a)vivo.com> regulator: core: Only increment use_count when enable_count changes Andrzej Hajda <andrzej.hajda(a)intel.com> debugobjects: Stop accessing objects after releasing hash bucket lock Greg KH <gregkh(a)linuxfoundation.org> perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Zhiquan Li <zhiquan1.li(a)intel.com> x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Naveen N Rao <naveen(a)kernel.org> powerpc/lib: Validate size for vector operations Stephen Rothwell <sfr(a)canb.auug.org.au> powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE Jun'ichi Nomura <junichi.nomura(a)nec.com> x86/boot: Ignore NMIs during very early boot Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Fix build error due to is_valid_bugaddr() Mark Rutland <mark.rutland(a)arm.com> drivers/perf: pmuv3: don't expose SW_INCR event in sysfs Huang Shijie <shijie(a)os.amperecomputing.com> arm64: irq: set the correct node for VMAP stack Kunwu Chan <chentao(a)kylinos.cn> powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Richard Palethorpe <rpalethorpe(a)suse.com> x86/entry/ia32: Ensure s32 is sign extended to s64 Tim Chen <tim.c.chen(a)linux.intel.com> tick/sched: Preserve number of idle sleeps across CPU hotplug events Xi Ruoyao <xry111(a)xry111.site> mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan Kamal Dasu <kamal.dasu(a)broadcom.com> spi: bcm-qspi: fix SFDP BFPT read by usig mspi read Li Lingfeng <lilingfeng3(a)huawei.com> block: Move checking GENHD_FL_NO_PART to bdev_add_partition() Wenhua Lin <Wenhua.Lin(a)unisoc.com> gpio: eic-sprd: Clear interrupt after set the interrupt type Fedor Pchelkin <pchelkin(a)ispras.ru> drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume Arnd Bergmann <arnd(a)arndb.de> drm/exynos: fix accidental on-stack copy of exynos_drm_plane Markus Niebel <Markus.Niebel(a)ew.tq-group.com> drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Refine computation of P-state for given frequency Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Drop redundant intel_pstate_get_hwp_cap() call Lin Ma <linma(a)zju.edu.cn> ksmbd: fix global oob in ksmbd_nl_policy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Josef Bacik <josef(a)toxicpanda.com> btrfs: add definition for EXTENT_TREE_V2 Christian Marangi <ansuelsmth(a)gmail.com> PM / devfreq: Fix buffer overflow in trans_stat_show Charan Teja Kalla <quic_charante(a)quicinc.com> mm/sparsemem: fix race in accessing memory_section->usage Rolf Eike Beer <eb(a)emlix.com> mm: use __pfn_to_section() instead of open coding it Zheng Wang <zyytlz.wz(a)163.com> media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB SS wakeup Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells' Paul Cercueil <paul(a)crapouillou.net> ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 Johan Hovold <johan+linaro(a)kernel.org> ARM: dts: qcom: sdx55: fix USB wakeup interrupt types Lukas Schauer <lukas(a)schauer.dev> pipe: wakeup wr_wait after setting max_usage Max Kellermann <max.kellermann(a)ionos.com> fs/pipe: move check to pipe_has_watch_queue() Krishna chaitanya chundru <quic_krichai(a)quicinc.com> bus: mhi: host: Add alignment check for event ring read pointer Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: host: Rename "struct mhi_tre" to "struct mhi_ring_element" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix possible deadlocks in core system-wide PM code Li zeming <zeming(a)nfschina.com> PM: core: Remove unnecessary (void *) conversions Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: simplify some error checking Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix atomic_flush check Dan Carpenter <dan.carpenter(a)linaro.org> drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm: Don't unref the same fb many times by mistake due to deadlock handling Mario Limonciello <mario.limonciello(a)amd.com> gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 Dave Chinner <dchinner(a)redhat.com> xfs: read only mounts with fsopen mount API are busted Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Check mailbox/SMT channel for consistency Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: reject QUEUE/DROP verdict parameters Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: fix a memory corruption Bernd Edlinger <bernd.edlinger(a)hotmail.de> exec: Fix error handling in begin_new_exec() Ilya Dryomov <idryomov(a)gmail.com> rbd: don't move requests to the running list on errors Omar Sandoval <osandov(a)fb.com> btrfs: don't abort filesystem when attempting to snapshot deleted subvolume Qu Wenruo <wqu(a)suse.com> btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args David Sterba <dsterba(a)suse.com> btrfs: don't warn if discard range is not aligned to sector Chung-Chiang Cheng <cccheng(a)synology.com> btrfs: tree-checker: fix inline ref size in error messages Fedor Pchelkin <pchelkin(a)ispras.ru> btrfs: ref-verify: free ref cache before clearing mount opt Omar Sandoval <osandov(a)fb.com> btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between reading a directory and adding entries to it Filipe Manana <fdmanana(a)suse.com> btrfs: refresh dir last index during a rewinddir(3) call Filipe Manana <fdmanana(a)suse.com> btrfs: set last dir index to the current last index when opening dir Filipe Manana <fdmanana(a)suse.com> btrfs: fix infinite directory reads Shenwei Wang <shenwei.wang(a)nxp.com> net: fec: fix the unhandled context fault from smmu Zhipeng Lu <alexious(a)zju.edu.cn> fjes: fix memleaks in fjes_hw_setup Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: fix the udp_tunnel_nic test Jenishkumar Maheshbhai Patel <jpatel2(a)marvell.com> net: mvpp2: clear BM pool before initialization Bernd Edlinger <bernd.edlinger(a)hotmail.de> net: stmmac: Wait a bit for the reset to take effect Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate NFPROTO_* family Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: restrict anonymous set and map names to 16 bytes Florian Westphal <fw(a)strlen.de> netfilter: nft_limit: reject configurations that cause integer overflow Kees Cook <keescook(a)chromium.org> overflow: Allow mixed type arguments Dinghao Liu <dinghao.liu(a)zju.edu.cn> net/mlx5e: fix a potential double-free in fs_any_create_groups Zhipeng Lu <alexious(a)zju.edu.cn> net/mlx5e: fix a double-free in arfs_create_groups Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Can't go to uplink vport on RX rule Shun Hao <shunh(a)nvidia.com> net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Use the right GVMI number for drop action Zhengchao Shao <shaozhengchao(a)huawei.com> ipv6: init the accept_queue's spinlocks in inet6_create Zhengchao Shao <shaozhengchao(a)huawei.com> netlink: fix potential sleeping issue in mqueue_flush_file Salvatore Dipietro <dipiets(a)amazon.com> tcp: Add memory barrier to tcp_push() David Howells <dhowells(a)redhat.com> afs: Hide silly-rename files from userspace Petr Pavlu <petr.pavlu(a)suse.com> tracing: Ensure visibility when inserting an element into tracing_map Sharath Srinivasan <sharath.srinivasan(a)oracle.com> net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv Kuniyuki Iwashima <kuniyu(a)amazon.com> llc: Drop support for ETH_P_TR_802_2. Eric Dumazet <edumazet(a)google.com> llc: make llc_ui_sendmsg() more robust against bonding changes Lin Ma <linma(a)zju.edu.cn> vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Wait for FLR to complete during probe Zhengchao Shao <shaozhengchao(a)huawei.com> tcp: make sure init the accept_queue's spinlocks once Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix illegal rmb_desc access in SMC-D connection dump Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Add missing set_freezable() for freezable kthread Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: send lease break notification on FILE_RENAME_INFORMATION Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't increment epoch if current state and request state are same Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential circular locking issue in smb2_set_ea() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: set v2 lease version on lease upgrade Al Viro <viro(a)zeniv.linux.org.uk> rename(): fix the locking of subdirectories Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Dave Airlie <airlied(a)redhat.com> nouveau/vmm: don't set addr on the fail path to avoid warning Mario Limonciello <mario.limonciello(a)amd.com> rtc: Adjust failure return code for cmos_set_alarm() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mmc: mmc_spi: remove custom DMA mapped buffers Avri Altman <avri.altman(a)wdc.com> mmc: core: Use mrq.sbc in close-ended ffu Vegard Nossum <vegard.nossum(a)oracle.com> scripts/get_abi: fix source path leak Alfred Piccioni <alpic(a)google.com> lsm: new security_file_ioctl_compat() hook Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8150: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sdm845: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180: fix USB wakeup interrupt types Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Introduce async_schedule_dev_nocall() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> async: Split async_schedule_node_domain() Helge Deller <deller(a)gmx.de> parisc/firmware: Fix F-extend for PDC addresses Bhaumik Bhatt <bbhatt(a)codeaurora.org> bus: mhi: host: Add spinlock to protect WP access when queueing TREs Qiang Yu <quic_qianyu(a)quicinc.com> bus: mhi: host: Drop chan lock before queuing buffers Serge Semin <fancer.lancer(a)gmail.com> mips: Fix max_mapnr being uninitialized on early stages Bingbu Cao <bingbu.cao(a)intel.com> media: ov9734: Enable runtime PM before registering async sub-device Xiaolei Wang <xiaolei.wang(a)windriver.com> rpmsg: virtio: Free driver_override when rpmsg_remove() Bingbu Cao <bingbu.cao(a)intel.com> media: imx355: Enable runtime PM before registering async sub-device Herbert Xu <herbert(a)gondor.apana.org.au> crypto: s390/aes - Fix buffer overread in CTR mode Herbert Xu <herbert(a)gondor.apana.org.au> hwrng: core - Fix page fault dead lock on mmap-ed hwrng Hongchen Zhang <zhanghongchen(a)loongson.cn> PM: hibernate: Enforce ordering during image compression/decompression Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Disallow identical driver names David Disseldorp <ddiss(a)suse.de> btrfs: sysfs: validate scrub_speed_max value Suraj Jitindar Singh <surajjs(a)amazon.com> ext4: allow for the last group to be marked as trimmed Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Simplify power management during async scan Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: fix NULL pointer in channel unregistration function Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Enable internal vref if external vref is not supplied Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Allow users to configure device events Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Set alert bit in config register Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: only v2 leases handle the directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix UAF issue in ksmbd_tcp_new_connection() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate mech token in session setup Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't allow O_TRUNC open on read-only share Fedor Pchelkin <pchelkin(a)ispras.ru> ksmbd: free ppace array on error in parse_dacl ------------- Diffstat: Documentation/ABI/testing/sysfs-class-devfreq | 3 + Documentation/ABI/testing/sysfs-class-net-queues | 22 +-- .../ABI/testing/sysfs-class-net-statistics | 48 ++--- Documentation/arm64/silicon-errata.rst | 7 + .../bindings/net/wireless/marvell-8xxx.txt | 4 +- Documentation/filesystems/directory-locking.rst | 29 +-- Documentation/filesystems/locking.rst | 5 +- Documentation/filesystems/porting.rst | 18 ++ Documentation/sound/soc/dapm.rst | 2 +- Makefile | 4 +- arch/Kconfig | 1 + arch/arm/boot/dts/exynos4210-i9100.dts | 8 + arch/arm/boot/dts/imx1-ads.dts | 2 +- arch/arm/boot/dts/imx1-apf9328.dts | 2 +- arch/arm/boot/dts/imx1.dtsi | 5 +- arch/arm/boot/dts/imx23-sansa.dts | 12 +- arch/arm/boot/dts/imx23.dtsi | 2 +- arch/arm/boot/dts/imx25-eukrea-cpuimx25.dtsi | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 +- .../imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 +- arch/arm/boot/dts/imx25-pdk.dts | 2 +- arch/arm/boot/dts/imx25.dtsi | 2 +- arch/arm/boot/dts/imx27-apf27dev.dts | 4 +- arch/arm/boot/dts/imx27-eukrea-cpuimx27.dtsi | 4 +- .../boot/dts/imx27-eukrea-mbimxsd27-baseboard.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-rdk.dts | 2 +- arch/arm/boot/dts/imx27-phytec-phycore-som.dtsi | 2 +- arch/arm/boot/dts/imx27.dtsi | 3 + arch/arm/boot/dts/imx28.dtsi | 2 +- arch/arm/boot/dts/imx7d.dtsi | 3 - arch/arm/boot/dts/imx7s.dtsi | 10 +- arch/arm/boot/dts/qcom-sdx55.dtsi | 10 +- arch/arm/boot/dts/rk3036.dtsi | 14 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 +++ arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 ++-- arch/arm64/boot/dts/qcom/sc7180.dtsi | 4 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 8 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/irq_work.h | 2 - arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/kernel/irq.c | 7 +- arch/arm64/kernel/perf_event.c | 6 +- arch/csky/include/asm/irq_work.h | 2 +- arch/mips/include/asm/checksum.h | 3 +- arch/mips/kernel/elf.c | 6 + arch/mips/mm/init.c | 12 +- arch/parisc/kernel/firmware.c | 4 +- arch/powerpc/include/asm/irq_work.h | 1 - arch/powerpc/include/asm/mmu.h | 4 + arch/powerpc/include/asm/mmzone.h | 8 - arch/powerpc/kernel/interrupt_64.S | 4 +- arch/powerpc/kernel/traps.c | 2 + arch/powerpc/lib/sstep.c | 10 + arch/powerpc/mm/book3s64/pgtable.c | 2 + arch/powerpc/mm/init-common.c | 5 +- arch/powerpc/mm/kasan/kasan_init_32.c | 1 + arch/powerpc/mm/mmu_decl.h | 5 + arch/riscv/include/asm/irq_work.h | 2 +- arch/s390/crypto/aes_s390.c | 4 +- arch/s390/crypto/paes_s390.c | 4 +- arch/s390/include/asm/irq_work.h | 2 - arch/s390/kernel/ptrace.c | 6 +- arch/s390/kvm/kvm-s390.c | 5 - arch/um/drivers/net_kern.c | 2 +- arch/um/include/shared/kern_util.h | 2 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/time.c | 32 +++- arch/um/os-Linux/helper.c | 6 +- arch/um/os-Linux/util.c | 19 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/boot/compressed/ident_map_64.c | 5 + arch/x86/boot/compressed/idt_64.c | 1 + arch/x86/boot/compressed/idt_handlers_64.S | 1 + arch/x86/boot/compressed/misc.h | 1 + arch/x86/include/asm/irq_work.h | 1 - arch/x86/include/asm/syscall_wrapper.h | 25 ++- arch/x86/kernel/cpu/mce/core.c | 16 ++ arch/x86/mm/ident_map.c | 23 ++- block/bio.c | 2 +- block/blk-iocost.c | 7 + block/blk-mq.c | 16 ++ block/ioctl.c | 2 - block/partitions/core.c | 5 + crypto/algapi.c | 1 + drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/acpi_video.c | 9 + drivers/acpi/apei/ghes.c | 29 ++- drivers/android/binder.c | 10 + drivers/atm/idt77252.c | 2 + drivers/base/arch_numa.c | 2 +- drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 160 ++++++++-------- drivers/base/power/runtime.c | 5 + drivers/block/rbd.c | 22 ++- drivers/block/rnbd/rnbd-srv.c | 19 +- drivers/bluetooth/hci_qca.c | 1 + drivers/bus/mhi/host/init.c | 6 +- drivers/bus/mhi/host/internal.h | 2 +- drivers/bus/mhi/host/main.c | 49 +++-- drivers/bus/moxtet.c | 7 + drivers/char/hw_random/core.c | 36 ++-- drivers/clk/hisilicon/clk-hi3620.c | 4 +- drivers/clk/imx/clk-imx8qxp.c | 24 ++- drivers/clk/imx/clk-scu.c | 4 +- drivers/clk/mmp/clk-of-pxa168.c | 3 + drivers/cpufreq/intel_pstate.c | 67 ++++--- drivers/crypto/ccp/sev-dev.c | 10 +- drivers/crypto/marvell/octeontx2/otx2_cptlf.c | 6 +- drivers/crypto/marvell/octeontx2/otx2_cptvf_main.c | 3 + drivers/crypto/stm32/stm32-crc32.c | 2 +- drivers/devfreq/devfreq.c | 83 ++++++--- drivers/dma-buf/dma-fence-unwrap.c | 176 ++++++++++++++++++ drivers/dma-buf/sync_file.c | 9 +- drivers/dma/dmaengine.c | 3 + drivers/dma/fsl-dpaa2-qdma/dpaa2-qdma.c | 10 +- drivers/dma/fsl-qdma.c | 27 +-- drivers/dma/ti/k3-udma.c | 10 +- drivers/firewire/core-device.c | 7 +- drivers/firmware/arm_scmi/common.h | 1 + drivers/firmware/arm_scmi/mailbox.c | 14 ++ drivers/firmware/arm_scmi/shmem.c | 6 + drivers/gpio/gpio-eic-sprd.c | 32 +++- drivers/gpio/gpiolib-acpi.c | 14 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 36 ++-- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 + drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 6 +- .../drm/amd/display/dc/dcn301/dcn301_resource.c | 6 +- .../drm/amd/display/dc/dcn302/dcn302_resource.c | 6 +- .../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 6 +- .../amd/pm/powerplay/hwmgr/process_pptables_v1_0.c | 2 +- drivers/gpu/drm/bridge/nxp-ptn3460.c | 6 +- drivers/gpu/drm/drm_fb_helper.c | 11 +- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 17 +- drivers/gpu/drm/drm_plane.c | 1 + drivers/gpu/drm/drm_prime.c | 2 +- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 ++ drivers/gpu/drm/exynos/exynos_drm_fimd.c | 4 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 + drivers/gpu/drm/msm/dp/dp_link.c | 12 +- drivers/gpu/drm/msm/dp/dp_reg.h | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 + drivers/gpu/drm/nouveau/nouveau_vmm.c | 3 + drivers/gpu/drm/panel/panel-simple.c | 2 + drivers/gpu/drm/scheduler/sched_main.c | 3 +- drivers/gpu/drm/tidss/tidss_crtc.c | 10 +- drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 8 +- drivers/hid/hid-apple.c | 33 +++- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-picolcd_fb.c | 2 +- drivers/hid/hid-quirks.c | 1 + drivers/hid/i2c-hid/i2c-hid-of.c | 1 + drivers/hid/wacom_sys.c | 63 +++++-- drivers/hid/wacom_wac.c | 9 +- drivers/hwmon/aspeed-pwm-tacho.c | 7 + drivers/hwmon/coretemp.c | 40 ++-- drivers/i2c/busses/i2c-i801.c | 19 +- drivers/i3c/master/i3c-master-cdns.c | 7 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad7091r-base.c | 173 ++++++++++++++++- drivers/iio/adc/ad7091r-base.h | 8 + drivers/iio/adc/ad7091r5.c | 29 +-- drivers/iio/industrialio-core.c | 5 +- drivers/iio/light/hid-sensor-als.c | 1 + drivers/iio/magnetometer/rm3100-core.c | 10 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 +- drivers/input/keyboard/atkbd.c | 13 +- drivers/input/serio/i8042-acpipnpio.h | 6 + drivers/irqchip/irq-brcmstb-l2.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 22 ++- drivers/leds/trigger/ledtrig-panic.c | 5 +- drivers/mailbox/arm_mhuv2.c | 3 +- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/md/md.c | 54 +++++- drivers/media/i2c/imx335.c | 4 +- drivers/media/i2c/imx355.c | 12 +- drivers/media/i2c/ov9734.c | 19 +- drivers/media/pci/ddbridge/ddbridge-main.c | 2 +- drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 6 +- drivers/media/platform/rockchip/rga/rga.c | 15 +- drivers/media/rc/bpf-lirc.c | 6 +- drivers/media/rc/ir_toy.c | 2 + drivers/media/rc/lirc_dev.c | 5 +- drivers/media/rc/rc-core-priv.h | 2 +- drivers/media/usb/stk1160/stk1160-video.c | 5 +- drivers/mfd/Kconfig | 1 + drivers/misc/fastrpc.c | 2 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 + drivers/misc/lkdtm/bugs.c | 2 +- drivers/mmc/core/block.c | 46 ++++- drivers/mmc/core/slot-gpio.c | 6 +- drivers/mmc/host/mmc_spi.c | 186 +------------------ drivers/net/bonding/bond_alb.c | 3 +- drivers/net/dsa/mv88e6xxx/chip.h | 4 +- drivers/net/dsa/mv88e6xxx/serdes.c | 8 +- drivers/net/dsa/mv88e6xxx/serdes.h | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 +-- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/google/gve/gve_tx_dqo.c | 5 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 32 ++++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 +++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 177 +++++++++--------- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 44 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 - drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 +++++------ drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 51 +----- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 44 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 +++++++-------- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 27 ++- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 13 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 14 +- .../mellanox/mlx5/core/en/fs_tt_redirect.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 26 +-- .../mellanox/mlx5/core/steering/dr_action.c | 19 +- .../mellanox/mlx5/core/steering/dr_domain.c | 2 +- .../ethernet/mellanox/mlx5/core/steering/dr_rule.c | 4 +- .../mellanox/mlx5/core/steering/dr_types.h | 7 +- .../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- .../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +- drivers/net/ethernet/pensando/ionic/ionic_dev.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_dev.h | 1 + drivers/net/ethernet/pensando/ionic/ionic_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h | 3 + .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 58 +++++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 + drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 3 + drivers/net/fjes/fjes_hw.c | 37 +++- drivers/net/hyperv/netvsc.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 4 +- drivers/net/ppp/ppp_async.c | 4 + drivers/net/virtio_net.c | 9 +- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 +- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 2 +- drivers/net/wireless/marvell/mwifiex/Kconfig | 5 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 67 ++++++- drivers/net/wireless/marvell/mwifiex/sdio.h | 8 + drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 + drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 ++ .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 ++ .../net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 +- drivers/net/xen-netback/netback.c | 100 +++++----- drivers/of/property.c | 2 +- drivers/of/unittest.c | 12 +- drivers/pci/pci.h | 2 +- drivers/pci/pcie/aer.c | 9 +- drivers/pci/quirks.c | 24 ++- drivers/pci/switch/switchtec.c | 25 ++- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 4 - drivers/phy/ti/phy-omap-usb2.c | 4 +- drivers/pnp/pnpacpi/rsparser.c | 12 +- drivers/regulator/core.c | 52 +++--- drivers/rpmsg/virtio_rpmsg_bus.c | 1 + drivers/rtc/rtc-cmos.c | 4 +- drivers/s390/net/qeth_l3_main.c | 9 +- drivers/scsi/arcmsr/arcmsr.h | 4 + drivers/scsi/arcmsr/arcmsr_hba.c | 6 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libfc/fc_fcp.c | 18 +- drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_init.c | 4 +- drivers/scsi/scsi_error.c | 9 +- drivers/scsi/scsi_lib.c | 4 +- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/storvsc_drv.c | 12 +- drivers/scsi/ufs/ufshcd.c | 14 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/spi/spi-ppc4xx.c | 5 - drivers/staging/fbtft/fbtft-core.c | 14 +- drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 13 ++ drivers/tty/serial/max310x.c | 33 +++- drivers/tty/tty_ioctl.c | 4 +- drivers/usb/core/hub.c | 34 ++-- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/ep0.c | 27 ++- drivers/usb/dwc3/gadget.c | 162 +++++++++++++--- drivers/usb/dwc3/gadget.h | 3 + drivers/usb/dwc3/host.c | 4 +- drivers/usb/gadget/function/f_mass_storage.c | 20 +- drivers/usb/host/xhci-plat.c | 3 + drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 1 + drivers/usb/serial/qcserial.c | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +- drivers/vhost/vhost.c | 5 +- drivers/video/fbdev/broadsheetfb.c | 14 +- drivers/video/fbdev/core/fb_defio.c | 168 +++++++++++++---- drivers/video/fbdev/core/fbmem.c | 4 + drivers/video/fbdev/hecubafb.c | 3 +- drivers/video/fbdev/hyperv_fb.c | 8 +- drivers/video/fbdev/metronomefb.c | 14 +- drivers/video/fbdev/sh_mobile_lcdcfb.c | 20 +- drivers/video/fbdev/smscufx.c | 9 +- drivers/video/fbdev/ssd1307fb.c | 3 +- drivers/video/fbdev/udlfb.c | 10 +- drivers/video/fbdev/xen-fbfront.c | 8 +- drivers/watchdog/it87_wdt.c | 14 +- drivers/xen/gntdev-dmabuf.c | 54 +++--- fs/afs/callback.c | 3 +- fs/afs/dir.c | 8 + fs/afs/server.c | 7 +- fs/btrfs/ctree.h | 22 +++ fs/btrfs/delayed-inode.c | 5 +- fs/btrfs/delayed-inode.h | 1 + fs/btrfs/disk-io.c | 13 +- fs/btrfs/extent-tree.c | 3 +- fs/btrfs/inode.c | 172 ++++++++++------- fs/btrfs/ioctl.c | 12 ++ fs/btrfs/qgroup.c | 14 ++ fs/btrfs/ref-verify.c | 6 +- fs/btrfs/send.c | 2 +- fs/btrfs/sysfs.c | 9 +- fs/btrfs/tree-checker.c | 2 +- fs/ceph/caps.c | 12 +- fs/cifs/smb2misc.c | 2 +- fs/cifs/smb2ops.c | 14 +- fs/cifs/smb2pdu.c | 13 +- fs/cifs/smb2pdu.h | 42 +++-- fs/dcache.c | 7 +- fs/ecryptfs/inode.c | 8 + fs/exec.c | 3 + fs/ext4/mballoc.c | 26 ++- fs/ext4/move_extent.c | 6 +- fs/ext4/resize.c | 37 ++-- fs/f2fs/compress.c | 4 +- fs/f2fs/file.c | 2 + fs/f2fs/recovery.c | 25 ++- fs/hugetlbfs/inode.c | 13 +- fs/ioctl.c | 3 +- fs/jfs/jfs_dmap.c | 57 +++--- fs/jfs/jfs_dtree.c | 7 +- fs/jfs/jfs_imap.c | 3 + fs/jfs/jfs_mount.c | 6 +- fs/kernfs/dir.c | 12 ++ fs/ksmbd/asn1.c | 5 + fs/ksmbd/connection.c | 7 +- fs/ksmbd/connection.h | 2 +- fs/ksmbd/ksmbd_netlink.h | 3 +- fs/ksmbd/oplock.c | 22 ++- fs/ksmbd/smb2pdu.c | 53 +++--- fs/ksmbd/smbacl.c | 11 +- fs/ksmbd/transport_ipc.c | 4 +- fs/ksmbd/transport_rdma.c | 11 +- fs/ksmbd/transport_tcp.c | 13 +- fs/namei.c | 60 +++--- fs/nfsd/nfs4state.c | 61 +++--- fs/nilfs2/dat.c | 27 ++- fs/nilfs2/file.c | 8 +- fs/nilfs2/recovery.c | 7 +- fs/nilfs2/segment.c | 8 +- fs/ntfs3/fsntfs.c | 16 +- fs/ntfs3/index.c | 3 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/pipe.c | 19 +- fs/pstore/ram.c | 1 + fs/ubifs/dir.c | 2 + fs/xfs/xfs_super.c | 27 ++- include/asm-generic/numa.h | 2 + include/drm/drm_color_mgmt.h | 1 + include/drm/drm_fb_helper.h | 3 +- include/drm/drm_mipi_dsi.h | 2 + include/linux/async.h | 2 + include/linux/bpf.h | 6 +- include/linux/dma-fence.h | 19 ++ include/linux/dmaengine.h | 3 +- include/linux/fb.h | 18 +- include/linux/hrtimer.h | 4 +- include/linux/irq_work.h | 3 + include/linux/lsm_hook_defs.h | 2 + include/linux/mmc/sdio_ids.h | 1 + include/linux/mmzone.h | 18 +- include/linux/netfilter/ipset/ip_set.h | 4 + include/linux/overflow.h | 72 ++++---- include/linux/pci_ids.h | 1 + include/linux/pipe_fs_i.h | 16 ++ include/linux/pm_runtime.h | 4 + include/linux/security.h | 9 + include/linux/syscalls.h | 1 + include/net/af_unix.h | 20 +- include/net/inet_connection_sock.h | 8 + include/net/llc_pdu.h | 6 +- include/net/netfilter/nf_tables.h | 2 + include/uapi/linux/btrfs.h | 4 + include/uapi/linux/netfilter/nf_tables.h | 2 + kernel/async.c | 85 ++++++--- kernel/audit.c | 31 +++- kernel/bpf/arraymap.c | 12 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/map_in_map.c | 2 +- kernel/bpf/map_in_map.h | 2 +- kernel/bpf/syscall.c | 6 + kernel/events/core.c | 38 ++-- kernel/power/swap.c | 38 ++-- kernel/sched/membarrier.c | 9 + kernel/time/clocksource.c | 25 ++- kernel/time/hrtimer.c | 17 +- kernel/time/tick-sched.c | 5 + kernel/trace/ring_buffer.c | 2 +- kernel/trace/trace.c | 78 ++++---- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/tracing_map.c | 7 +- lib/debugobjects.c | 204 ++++++++------------- lib/mpi/ec.c | 3 + mm/page-writeback.c | 2 +- mm/sparse.c | 17 +- net/8021q/vlan_netlink.c | 4 + net/bluetooth/l2cap_core.c | 3 +- net/bridge/br_cfm_netlink.c | 2 +- net/bridge/br_multicast.c | 20 +- net/bridge/br_private.h | 4 +- net/can/j1939/j1939-priv.h | 3 +- net/can/j1939/main.c | 2 +- net/can/j1939/socket.c | 46 +++-- net/core/request_sock.c | 3 - net/core/skbuff.c | 3 +- net/hsr/hsr_device.c | 4 +- net/ipv4/af_inet.c | 9 +- net/ipv4/inet_connection_sock.c | 4 + net/ipv4/ip_output.c | 12 +- net/ipv4/ip_tunnel_core.c | 2 +- net/ipv4/tcp.c | 13 +- net/ipv6/addrconf_core.c | 21 ++- net/ipv6/af_inet6.c | 3 + net/ipv6/ip6_tunnel.c | 28 ++- net/llc/af_llc.c | 26 ++- net/llc/llc_core.c | 7 - net/mac80211/tx.c | 3 +- net/mptcp/protocol.c | 3 - net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +- net/netfilter/ipset/ip_set_core.c | 39 +++- net/netfilter/ipset/ip_set_hash_gen.h | 19 +- net/netfilter/ipset/ip_set_list_set.c | 13 +- net/netfilter/nf_log.c | 7 +- net/netfilter/nf_tables_api.c | 34 ++-- net/netfilter/nft_chain_filter.c | 11 +- net/netfilter/nft_compat.c | 23 ++- net/netfilter/nft_ct.c | 27 +++ net/netfilter/nft_flow_offload.c | 5 + net/netfilter/nft_limit.c | 23 ++- net/netfilter/nft_nat.c | 5 + net/netfilter/nft_rt.c | 5 + net/netfilter/nft_set_pipapo.c | 108 +++++------ net/netfilter/nft_set_pipapo.h | 18 +- net/netfilter/nft_set_pipapo_avx2.c | 17 +- net/netfilter/nft_set_rbtree.c | 6 +- net/netfilter/nft_socket.c | 5 + net/netfilter/nft_synproxy.c | 7 +- net/netfilter/nft_tproxy.c | 5 + net/netfilter/nft_tunnel.c | 1 + net/netfilter/nft_xfrm.c | 5 + net/netlink/af_netlink.c | 2 +- net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 49 +++-- net/rds/af_rds.c | 2 +- net/rxrpc/conn_event.c | 8 + net/rxrpc/conn_service.c | 3 +- net/smc/smc_diag.c | 2 +- net/sunrpc/xprtmultipath.c | 17 +- net/tipc/bearer.c | 6 + net/unix/af_unix.c | 14 +- net/unix/diag.c | 2 +- net/unix/garbage.c | 12 ++ net/wireless/scan.c | 4 + scripts/decode_stacktrace.sh | 60 +++++- scripts/get_abi.pl | 2 +- scripts/link-vmlinux.sh | 9 +- scripts/mod/sumversion.c | 7 +- security/security.c | 32 +++- security/selinux/hooks.c | 28 +++ security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + sound/hda/hdac_stream.c | 9 +- sound/hda/intel-dsp-config.c | 10 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 133 +++++++++++++- sound/pci/hda/patch_cs8409.c | 1 + sound/pci/hda/patch_realtek.c | 3 + sound/soc/codecs/lpass-wsa-macro.c | 7 - sound/soc/codecs/rt5645.c | 1 + sound/soc/codecs/wcd938x.c | 2 +- sound/usb/quirks.c | 4 + tools/build/feature/test-libopencsd.c | 4 +- tools/lib/bpf/libbpf.c | 2 + tools/lib/subcmd/help.c | 18 +- tools/testing/selftests/bpf/cgroup_helpers.c | 18 +- tools/testing/selftests/bpf/prog_tests/btf.c | 1 + tools/testing/selftests/bpf/prog_tests/tailcalls.c | 55 ------ tools/testing/selftests/bpf/progs/pyperf180.c | 22 +++ .../selftests/bpf/progs/tailcall_bpf2bpf6.c | 42 ----- .../drivers/net/netdevsim/udp_tunnel_nic.sh | 9 + tools/testing/selftests/net/pmtu.sh | 34 ++-- tools/testing/selftests/net/setup_veth.sh | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 14 +- tools/testing/selftests/net/udpgso_bench_rx.c | 2 +- tools/testing/selftests/sgx/test_encl.lds | 6 +- 527 files changed, 5153 insertions(+), 2726 deletions(-)

1 year, 4 months

18
505
0 0

[PATCH v3] clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs

by Gabor Juhos

The clk_alpha_pll_stromer_set_rate() function writes inproper values into the ALPHA_VAL{,_U} registers which results in wrong clock rates when the alpha value is used. The broken behaviour can be seen on IPQ5018 for example, when dynamic scaling sets the CPU frequency to 800000 KHz. In this case the CPU cores are running only at 792031 KHz: # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq 800000 # cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq 792031 This happens because the function ignores the fact that the alpha value calculated by the alpha_pll_round_rate() function is only 32 bits wide which must be extended to 40 bits if it is used on a hardware which supports 40 bits wide values. Extend the clk_alpha_pll_stromer_set_rate() function to convert the alpha value to 40 bits before wrinting that into the registers in order to ensure that the hardware really uses the requested rate. After the change the CPU frequency is correct: # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq 800000 # cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq 800000 Cc: stable(a)vger.kernel.org Fixes: e47a4f55f240 ("clk: qcom: clk-alpha-pll: Add support for Stromer PLLs") Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v3: - remove constants' comparison (Konrad) - Link to v2: https://lore.kernel.org/r/20240326-alpha-pll-fix-stromer-set-rate-v2-1-48ae… Changes in v2: - fix subject prefix - rebase on v6.9-rc1 - Link to v1: https://lore.kernel.org/r/20240324-alpha-pll-fix-stromer-set-rate-v1-1-335b… Depends on the following patch: https://lore.kernel.org/r/20240315-apss-ipq-pll-ipq5018-hang-v2-1-6fe30ada2… --- drivers/clk/qcom/clk-alpha-pll.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index 8a412ef47e16..8a8abb429577 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -2490,6 +2490,8 @@ static int clk_alpha_pll_stromer_set_rate(struct clk_hw *hw, unsigned long rate, rate = alpha_pll_round_rate(rate, prate, &l, &a, ALPHA_REG_BITWIDTH); regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + + a <<= ALPHA_REG_BITWIDTH - ALPHA_BITWIDTH; regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL_U(pll), a >> ALPHA_BITWIDTH); --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240324-alpha-pll-fix-stromer-set-rate-472376e624f0 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 4 months

2
1
0 0

[PATCH v2] clk: qcom: apss-ipq-pll: use stromer ops for IPQ5018 to fix boot failure

by Gabor Juhos

Booting v6.8 results in a hang on various IPQ5018 based boards. Investigating the problem showed that the hang happens when the clk_alpha_pll_stromer_plus_set_rate() function tries to write into the PLL_MODE register of the APSS PLL. Checking the downstream code revealed that it uses [1] stromer specific operations for IPQ5018, whereas in the current code the stromer plus specific operations are used. The ops in the 'ipq_pll_stromer_plus' clock definition can't be changed since that is needed for IPQ5332, so add a new alpha pll clock declaration which uses the correct stromer ops and use this new clock for IPQ5018 to avoid the boot failure. Also, change pll_type in 'ipq5018_pll_data' to CLK_ALPHA_PLL_TYPE_STROMER to better reflect that it is a Stromer PLL and change the apss_ipq_pll_probe() function accordingly. 1. https://git.codelinaro.org/clo/qsdk/oss/kernel/linux-ipq-5.4/-/blob/NHSS.QS… Cc: stable(a)vger.kernel.org Fixes: 50492f929486 ("clk: qcom: apss-ipq-pll: add support for IPQ5018") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v2: - extend commit description due to the changes - add a comment about why CLK_ALPHA_PLL_TYPE_STROMER_PLUS register offsets are used - constify hw clock init data (Stephen) - change pll_type in ipq5018_pll_data to CLK_ALPHA_PLL_TYPE_STROMER (Konrad) - Link to v1: https://lore.kernel.org/r/20240311-apss-ipq-pll-ipq5018-hang-v1-1-8ed42b7a9… --- Based on v6.8. --- drivers/clk/qcom/apss-ipq-pll.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/drivers/clk/qcom/apss-ipq-pll.c b/drivers/clk/qcom/apss-ipq-pll.c index 678b805f13d45..dfffec2f06ae7 100644 --- a/drivers/clk/qcom/apss-ipq-pll.c +++ b/drivers/clk/qcom/apss-ipq-pll.c @@ -55,6 +55,29 @@ static struct clk_alpha_pll ipq_pll_huayra = { }, }; +static struct clk_alpha_pll ipq_pll_stromer = { + .offset = 0x0, + /* + * Reuse CLK_ALPHA_PLL_TYPE_STROMER_PLUS register offsets. + * Although this is a bit confusing, but the offset values + * are correct nevertheless. + */ + .regs = ipq_pll_offsets[CLK_ALPHA_PLL_TYPE_STROMER_PLUS], + .flags = SUPPORTS_DYNAMIC_UPDATE, + .clkr = { + .enable_reg = 0x0, + .enable_mask = BIT(0), + .hw.init = &(const struct clk_init_data) { + .name = "a53pll", + .parent_data = &(const struct clk_parent_data) { + .fw_name = "xo", + }, + .num_parents = 1, + .ops = &clk_alpha_pll_stromer_ops, + }, + }, +}; + static struct clk_alpha_pll ipq_pll_stromer_plus = { .offset = 0x0, .regs = ipq_pll_offsets[CLK_ALPHA_PLL_TYPE_STROMER_PLUS], @@ -144,8 +167,8 @@ struct apss_pll_data { }; static const struct apss_pll_data ipq5018_pll_data = { - .pll_type = CLK_ALPHA_PLL_TYPE_STROMER_PLUS, - .pll = &ipq_pll_stromer_plus, + .pll_type = CLK_ALPHA_PLL_TYPE_STROMER, + .pll = &ipq_pll_stromer, .pll_config = &ipq5018_pll_config, }; @@ -203,7 +226,8 @@ static int apss_ipq_pll_probe(struct platform_device *pdev) if (data->pll_type == CLK_ALPHA_PLL_TYPE_HUAYRA) clk_alpha_pll_configure(data->pll, regmap, data->pll_config); - else if (data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER_PLUS) + else if (data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER || + data->pll_type == CLK_ALPHA_PLL_TYPE_STROMER_PLUS) clk_stromer_pll_configure(data->pll, regmap, data->pll_config); ret = devm_clk_register_regmap(dev, &data->pll->clkr); --- base-commit: e8f897f4afef0031fe618a8e94127a0934896aba change-id: 20240311-apss-ipq-pll-ipq5018-hang-74d9a8f47136 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 year, 4 months

3
3
0 0

Linux 6.8.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.8 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/head.S | 5 arch/arm64/mm/pageattr.c | 3 arch/x86/include/asm/barrier.h | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 5 arch/x86/kvm/mmu/tdp_mmu.c | 21 - arch/x86/kvm/vmx/vmx.c | 24 + arch/x86/kvm/x86.c | 2 block/bdev.c | 29 + block/ioctl.c | 3 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 161 +++++++-- drivers/clk/mediatek/clk-mt7988-infracfg.c | 2 drivers/clk/mediatek/clk-mtk.c | 15 drivers/comedi/drivers/vmk80xx.c | 35 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++-- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 drivers/gpu/drm/i915/display/intel_cdclk.c | 37 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/radeon/radeon_atombios.c | 8 drivers/gpu/drm/ttm/ttm_pool.c | 38 +- drivers/gpu/drm/v3d/v3d_irq.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 + drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 + drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +- drivers/gpu/drm/xe/display/intel_fb_bo.c | 8 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/interconnect/core.c | 8 drivers/interconnect/qcom/x1e80100.c | 26 - drivers/iommu/iommufd/Kconfig | 1 drivers/misc/cardreader/rtsx_pcr.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/mei/platform-vsc.c | 17 drivers/misc/mei/vsc-tp.c | 84 +++- drivers/misc/mei/vsc-tp.h | 3 drivers/net/dsa/mt7530.c | 38 +- drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 drivers/net/ethernet/mediatek/mtk_wed.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 - drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 1 drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 ++- drivers/net/ethernet/realtek/r8169.h | 4 drivers/net/ethernet/realtek/r8169_leds.c | 23 - drivers/net/ethernet/realtek/r8169_main.c | 7 drivers/net/ethernet/renesas/ravb.h | 6 drivers/net/ethernet/renesas/ravb_main.c | 93 ++--- drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 - drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 + drivers/net/tun.c | 18 - drivers/net/usb/ax88179_178a.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 + drivers/s390/net/ism_drv.c | 37 +- drivers/scsi/scsi_lib.c | 7 drivers/thermal/thermal_debugfs.c | 1 drivers/thunderbolt/domain.c | 5 drivers/thunderbolt/icm.c | 2 drivers/thunderbolt/lc.c | 45 ++ drivers/thunderbolt/nhi.c | 19 - drivers/thunderbolt/path.c | 13 drivers/thunderbolt/switch.c | 178 ++++++++-- drivers/thunderbolt/tb.c | 44 +- drivers/thunderbolt/tb.h | 10 drivers/thunderbolt/tb_regs.h | 6 drivers/thunderbolt/usb4.c | 52 ++ drivers/tty/serial/8250/8250_dw.c | 6 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/serial_base.h | 4 drivers/tty/serial/serial_core.c | 23 + drivers/tty/serial/serial_port.c | 34 + drivers/tty/serial/stm32-usart.c | 13 drivers/ufs/host/ufs-qcom.c | 8 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 4 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/misc/onboard_usb_hub.c | 6 drivers/usb/serial/option.c | 40 ++ drivers/usb/typec/tcpm/tcpm.c | 4 drivers/virt/vmgenid.c | 2 fs/btrfs/extent_io.c | 20 - fs/fuse/dir.c | 1 fs/nfsd/nfs4xdr.c | 47 +- fs/nilfs2/dir.c | 2 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/squashfs/inode.c | 5 fs/sysfs/file.c | 2 include/asm-generic/barrier.h | 8 include/linux/blkdev.h | 2 include/linux/bootconfig.h | 7 include/linux/gpio/property.h | 1 include/linux/shmem_fs.h | 9 include/linux/swapops.h | 65 +-- include/linux/udp.h | 2 include/net/netfilter/nf_flow_table.h | 12 include/net/netfilter/nf_tables.h | 14 include/net/sch_generic.h | 1 include/trace/events/rpcgss.h | 4 init/main.c | 2 io_uring/io_uring.c | 26 - kernel/fork.c | 33 - kernel/sched/sched.h | 20 - lib/bootconfig.c | 19 - mm/gup.c | 54 +-- mm/huge_memory.c | 6 mm/hugetlb.c | 10 mm/internal.h | 10 mm/madvise.c | 17 mm/memory-failure.c | 18 - mm/shmem.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/core/dev.c | 6 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 82 ++++ net/netfilter/nft_lookup.c | 1 net/netfilter/nft_set_bitmap.c | 4 net/netfilter/nft_set_hash.c | 8 net/netfilter/nft_set_pipapo.c | 43 +- net/netfilter/nft_set_pipapo.h | 6 net/netfilter/nft_set_pipapo_avx2.c | 59 +-- net/netfilter/nft_set_rbtree.c | 4 net/sched/sch_generic.c | 1 net/unix/af_unix.c | 12 sound/core/seq/seq_ump_convert.c | 2 sound/pci/hda/patch_realtek.c | 7 sound/pci/hda/tas2781_hda_i2c.c | 4 tools/perf/ui/browsers/annotate.c | 2 tools/perf/util/annotate.c | 3 tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/iommu/config | 2 tools/testing/selftests/net/tcp_ao/lib/proc.c | 2 tools/testing/selftests/net/tcp_ao/lib/setup.c | 12 tools/testing/selftests/net/tcp_ao/rst.c | 23 - tools/testing/selftests/net/tcp_ao/setsockopt-closed.c | 2 tools/testing/selftests/net/udpgso.c | 2 tools/testing/selftests/powerpc/papr_vpd/papr_vpd.c | 2 178 files changed, 1902 insertions(+), 827 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alex Deucher (1): drm/radeon: make -fstrict-flex-arrays=3 happy Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Andy Shevchenko (2): gpiolib: swnode: Remove wrong header inclusion serial: core: Clearing the circular buffer before NULLifying it Ard Biesheuvel (1): arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: fix port mirroring for MT7988 SoC switch net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Asbjørn Sloth Tønnesen (2): net: sparx5: flower: fix fragment flags handling octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Bart Van Assche (1): scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christian König (2): drm/amdgpu: remove invalid resource->start check v2 drm/ttm: stop pooling cached NUMA pages v2 Christoph Hellwig (1): block: propagate partition scanning errors to the BLKRRPART ioctl Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniel Golle (1): clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Danny Lin (1): fuse: fix leaked ENOSYS error on first statx call Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Hildenbrand (1): mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly David Matlack (1): KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Dmitry Safonov (4): selftests/tcp_ao: Make RST tests less flaky selftests/tcp_ao: Zero-init tcp_ao_info_opt selftests/tcp_ao: Fix fscanf() call for format-security selftests/tcp_ao: Printing fixes to confirm with format-security Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Eric Dumazet (1): net/sched: Fix mirred deadlock on device recursion Fabio Estevam (1): usb: misc: onboard_usb_hub: Disable the USB hub clock on failure Felix Fietkau (1): net: ethernet: mtk_eth_soc: fix WED + wifi reset Felix Kuehling (1): drm/amdkfd: Fix memory leak in create_process failure Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (2): netfilter: nft_set_pipapo: constify lookup fn args where possible netfilter: nft_set_pipapo: do not free live element Gerd Bayer (1): s390/ism: Properly fix receive message buffer allocation Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.8.8 Hans de Goede (1): serial: 8250_dw: Revert: Do not reclock if already at correct rate Heiner Kallweit (2): r8169: fix LED-related deadlock on module removal r8169: add missing conditional compiling for call to r8169_remove_leds Huayu Zhang (1): ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 Jason A. Donenfeld (2): Revert "vmgenid: emit uevent when VMGENID updates" random: handle creditable entropy from atomic process context Jason Gunthorpe (1): iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Konrad Dybcio (1): interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Kyle Tso (1): usb: typec: tcpm: Correct the PDO counting in pd_set Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Lokesh Gidra (1): userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Maarten Lankhorst (1): drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init Manivannan Sadhasivam (1): scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Marcin Szycik (1): ice: Fix checking for unsupported keys on non-tunnel device Mario Limonciello (1): platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Mathieu Desnoyers (1): sched: Add missing memory barrier in switch_mm_cid Mauro Carvalho Chehab (1): ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Maíra Canal (1): drm/v3d: Don't increment `enabled_ns` twice Miaohe Lin (2): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled fork: defer linking file vma until vma is fully initialized Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (2): ice: tc: check src_vsi in case of traffic from VF ice: tc: allow zero flags in parsing tc flower Mika Westerberg (2): thunderbolt: Do not create DisplayPort tunnels on adapters of the same router thunderbolt: Reset only non-USB4 host routers in resume Mike Tipton (1): interconnect: Don't access req_list while it's being manipulated Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Muhammad Usama Anjum (1): iommufd: Add config needed for iommufd_fail_nth Namhyung Kim (2): perf annotate: Make sure to call symbol__annotate2() in TUI perf lock contention: Add a missing NULL check Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Naohiro Aota (1): btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Nathan Lynch (1): selftests/powerpc/papr-vpd: Fix missing variable initialization Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Niklas Söderlund (1): ravb: Group descriptor types used in Rx ring Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Oscar Salvador (1): mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Pablo Neira Ayuso (7): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: nft_set_pipapo: walk over current view on netlink dump netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple netfilter: nf_tables: missing iterator type in lookup walk netfilter: nf_tables: restore set elements when delete set fails netfilter: nf_tables: fix memleak in map from abort path Paul Barker (2): net: ravb: Count packets instead of descriptors in R-Car RX path net: ravb: Allow RX loop to move past DMA mapping errors Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Peter Xu (1): mm/userfaultfd: allow hugetlb change protection upon poison entry Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Qu Wenruo (1): btrfs: do not wait for short bulk allocation Rafael J. Wysocki (1): thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() Rick Edgecombe (1): KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Ricky Wu (1): misc: rtsx: Fix rts5264 driver status incorrect when card removed Sakari Ailus (2): Revert "mei: vsc: Call wake_up() in the threaded IRQ handler" mei: vsc: Unregister interrupt handler for system suspend Samuel Thibault (1): speakup: Avoid crash on very long word Sanath S (4): thunderbolt: Introduce tb_port_reset() thunderbolt: Introduce tb_path_deactivate_hop() thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers thunderbolt: Reset topology created by the boot firmware Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Serge Semin (3): net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only net: stmmac: Fix max-speed being ignored on queue re-init net: stmmac: Fix IP-cores specific MAC capabilities Shay Drory (3): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation net/mlx5: Restore mistakenly dropped parts in register devlink flow net/mlx5: E-switch, store eswitch pointer before registering devlink_param Shenghao Ding (2): ALSA: hda/tas2781: correct the register for pow calibrated data ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Sumanth Korikkar (1): mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Takashi Iwai (1): ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Tony Lindgren (2): serial: core: Fix regression when runtime PM is not enabled serial: core: Fix missing shutdown and startup for serial base port Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vasily Gorbik (1): NFSD: fix endianness issue in nfsd4_encode_fattr4 Ville Syrjälä (1): drm/i915/cdclk: Fix voltage_level programming edge case Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Yuri Benditovich (1): net: change maximum number of UDP segments to 128 Zack Rusin (3): drm/vmwgfx: Fix prime import/export drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 4 months

1
1
0 0

Linux 6.6.29

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.29 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 MAINTAINERS | 2 Makefile | 2 arch/arm/mach-omap2/pdata-quirks.c | 10 arch/arm64/include/asm/tlbflush.h | 40 arch/arm64/kernel/head.S | 5 arch/arm64/mm/pageattr.c | 3 arch/powerpc/include/asm/ftrace.h | 10 arch/powerpc/include/asm/sections.h | 1 arch/powerpc/kernel/trace/ftrace.c | 12 arch/powerpc/kernel/trace/ftrace_64_pg.c | 5 arch/powerpc/kernel/vmlinux.lds.S | 2 arch/x86/include/asm/barrier.h | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/mmu/tdp_mmu.c | 21 arch/x86/kvm/vmx/vmx.c | 24 arch/x86/kvm/x86.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 195 drivers/clk/mediatek/clk-mtk.c | 15 drivers/comedi/drivers/vmk80xx.c | 35 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/display/intel_atomic.c | 1 drivers/gpu/drm/i915/display/intel_cdclk.c | 37 drivers/gpu/drm/i915/display/intel_crtc.c | 96 drivers/gpu/drm/i915/display/intel_crtc.h | 6 drivers/gpu/drm/i915/display/intel_display.c | 43 drivers/gpu/drm/i915/display/intel_display_device.h | 1 drivers/gpu/drm/i915/display/intel_display_types.h | 2 drivers/gpu/drm/i915/display/intel_dp.c | 13 drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 drivers/gpu/drm/i915/i915_vma.c | 42 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 8 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 95 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.h | 3 drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/radeon/radeon_atombios.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/interconnect/core.c | 8 drivers/media/common/videobuf2/videobuf2-core.c | 9 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 38 drivers/net/dsa/mt7530.h | 5 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 drivers/net/ethernet/mediatek/mtk_wed.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 drivers/net/ethernet/stmicro/stmmac/common.h | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 drivers/net/tun.c | 18 drivers/net/usb/ax88179_178a.c | 4 drivers/net/virtio_net.c | 25 drivers/pci/bus.c | 49 drivers/pci/pci.c | 78 drivers/pci/pci.h | 4 drivers/pci/pcie/aspm.c | 21 drivers/pci/pcie/dpc.c | 5 drivers/pci/quirks.c | 8 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 drivers/s390/net/ism_drv.c | 37 drivers/scsi/scsi_lib.c | 7 drivers/thunderbolt/domain.c | 5 drivers/thunderbolt/icm.c | 2 drivers/thunderbolt/lc.c | 45 drivers/thunderbolt/nhi.c | 19 drivers/thunderbolt/path.c | 13 drivers/thunderbolt/switch.c | 178 drivers/thunderbolt/tb.c | 38 drivers/thunderbolt/tb.h | 10 drivers/thunderbolt/tb_regs.h | 6 drivers/thunderbolt/usb4.c | 52 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/serial_base.h | 4 drivers/tty/serial/serial_core.c | 21 drivers/tty/serial/serial_port.c | 34 drivers/tty/serial/stm32-usart.c | 13 drivers/ufs/host/ufs-qcom.c | 8 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 15 drivers/usb/core/port.c | 4 drivers/usb/core/quirks.c | 7 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 11 drivers/usb/host/xhci.c | 23 drivers/usb/host/xhci.h | 9 drivers/usb/serial/option.c | 40 fs/ceph/addr.c | 22 fs/ceph/cache.c | 2 fs/ceph/caps.c | 53 fs/ceph/crypto.c | 2 fs/ceph/debugfs.c | 4 fs/ceph/dir.c | 24 fs/ceph/export.c | 10 fs/ceph/file.c | 26 fs/ceph/inode.c | 14 fs/ceph/ioctl.c | 8 fs/ceph/mds_client.c | 41 fs/ceph/mds_client.h | 3 fs/ceph/mdsmap.c | 3 fs/ceph/snap.c | 18 fs/ceph/super.c | 22 fs/ceph/super.h | 13 fs/ceph/xattr.c | 12 fs/fuse/dir.c | 1 fs/nilfs2/dir.c | 2 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsglob.h | 3 fs/smb/client/cifsproto.h | 20 fs/smb/client/connect.c | 131 fs/smb/client/dfs.c | 51 fs/smb/client/dfs.h | 33 fs/smb/client/dfs_cache.c | 53 fs/smb/client/misc.c | 7 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/sysfs/file.c | 2 include/asm-generic/barrier.h | 8 include/linux/bootconfig.h | 7 include/linux/ceph/mdsmap.h | 5 include/linux/gpio/property.h | 1 include/linux/pci.h | 5 include/linux/shmem_fs.h | 9 include/linux/swapops.h | 65 include/linux/udp.h | 2 include/linux/usb/hcd.h | 5 include/linux/usb/quirks.h | 3 include/net/netfilter/nf_flow_table.h | 12 include/trace/events/rpcgss.h | 4 include/uapi/linux/pci_regs.h | 1 init/main.c | 2 io_uring/io_uring.c | 26 kernel/sched/sched.h | 20 lib/bootconfig.c | 19 mm/hugetlb.c | 10 mm/memory-failure.c | 18 mm/shmem.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 16 net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 sound/core/seq/seq_ump_convert.c | 2 sound/pci/hda/patch_realtek.c | 3 sound/pci/hda/tas2781_hda_i2c.c | 4 sound/soc/ti/omap3pandora.c | 63 sound/usb/Makefile | 2 sound/usb/mixer_quirks.c | 9 sound/usb/mixer_scarlett2.c | 4391 ++++++++++ sound/usb/mixer_scarlett2.h | 7 sound/usb/mixer_scarlett_gen2.c | 4274 --------- sound/usb/mixer_scarlett_gen2.h | 7 tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 tools/testing/selftests/kselftest.h | 18 tools/testing/selftests/net/udpgso.c | 2 tools/testing/selftests/timers/posix_timers.c | 156 205 files changed, 6733 insertions(+), 5414 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alex Deucher (1): drm/radeon: make -fstrict-flex-arrays=3 happy Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Andy Shevchenko (2): gpiolib: swnode: Remove wrong header inclusion serial: core: Clearing the circular buffer before NULLifying it Ard Biesheuvel (1): arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: fix port mirroring for MT7988 SoC switch net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Asbjørn Sloth Tønnesen (2): net: sparx5: flower: fix fragment flags handling octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Bart Van Assche (1): scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Bjorn Helgaas (1): PCI/DPC: Use FIELD_GET() Breno Leitao (1): virtio_net: Do not send RSS key if it is not supported Brenton Simpson (1): drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christian König (1): drm/amdgpu: remove invalid resource->start check v2 Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Danny Lin (1): fuse: fix leaked ENOSYS error on first statx call Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Matlack (1): KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Dillon Varone (1): drm/amd/display: Do not recursively call manual trigger programming Dmitry Baryshkov (2): drm/msm/dpu: populate SSPP scaler block version drm/panel: visionox-rm69299: don't unregister DSI device Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Felix Fietkau (1): net: ethernet: mtk_eth_soc: fix WED + wifi reset Felix Kuehling (1): drm/amdkfd: Fix memory leak in create_process failure Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Gavin Shan (1): arm64: tlb: Fix TLBI RANGE operand Geoffrey D. Bennett (7): ALSA: scarlett2: Move USB IDs out from device_info struct ALSA: scarlett2: Add support for Clarett 8Pre USB ALSA: scarlett2: Default mixer driver to enabled ALSA: scarlett2: Add correct product series name to messages ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Gerd Bayer (1): s390/ism: Properly fix receive message buffer allocation Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.6.29 Hans Verkuil (1): media: videobuf2: request more buffers for vb2_read Hardik Gajjar (2): usb: xhci: Add timeout argument in address_device USB HCD callback usb: new quirk to reduce the SET_ADDRESS request timeout Ilpo Järvinen (1): PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Janusz Krzysztofik (1): drm/i915/vma: Fix UAF on destroy against retire race Jason A. Donenfeld (1): random: handle creditable entropy from atomic process context Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Johan Hovold (1): PCI/ASPM: Fix deadlock when enabling ASPM John Stultz (1): selftests: timers: Fix posix_timers ksft_print_msg() warning Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Linus Walleij (1): ASoC: ti: Convert Pandora ASoC to GPIO descriptors Manivannan Sadhasivam (1): scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Marcin Szycik (1): ice: Fix checking for unsupported keys on non-tunnel device Mario Limonciello (1): platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Brown (1): selftests: timers: Convert posix_timers test to generate KTAP output Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Mathieu Desnoyers (1): sched: Add missing memory barrier in switch_mm_cid Mauro Carvalho Chehab (1): ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Miaohe Lin (1): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (2): ice: tc: check src_vsi in case of traffic from VF ice: tc: allow zero flags in parsing tc flower Mika Westerberg (1): thunderbolt: Reset only non-USB4 host routers in resume Mike Tipton (1): interconnect: Don't access req_list while it's being manipulated Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namhyung Kim (1): perf lock contention: Add a missing NULL check Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Naveen N Rao (1): powerpc/ftrace: Ignore ftrace locations in exit text sections NeilBrown (1): ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Oleg Nesterov (2): selftests/timers/posix_timers: Reimplement check_timer_distribution() selftests: kselftest: Fix build failure with NOLIBC Oscar Salvador (1): mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Paulo Alcantara (4): smb: client: remove extra @chan_count check in __cifs_put_smb_ses() smb: client: fix UAF in smb2_reconnect_server() smb: client: guarantee refcounted children from parent session smb: client: refresh referral without acquiring refpath_lock Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Peter Xu (1): mm/userfaultfd: allow hugetlb change protection upon poison entry Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Ryan Roberts (1): arm64/mm: Modify range-based tlbi to decrement scale Samuel Thibault (1): speakup: Avoid crash on very long word Sanath S (4): thunderbolt: Introduce tb_port_reset() thunderbolt: Introduce tb_path_deactivate_hop() thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers thunderbolt: Reset topology created by the boot firmware Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Serge Semin (3): net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only net: stmmac: Fix max-speed being ignored on queue re-init net: stmmac: Fix IP-cores specific MAC capabilities Shay Drory (2): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation net/mlx5: E-switch, store eswitch pointer before registering devlink_param Shenghao Ding (2): ALSA: hda/tas2781: correct the register for pow calibrated data ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steve French (1): smb3: show beginning time for per share stats Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Sumanth Korikkar (1): mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Takashi Iwai (1): ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Tony Lindgren (1): serial: core: Fix missing shutdown and startup for serial base port Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Ville Syrjälä (9): drm/i915: Fix FEC pipe A vs. DDI A mixup drm/i915/mst: Reject FEC+MST on ICL drm/i915/cdclk: Fix voltage_level programming edge case drm/i915: Change intel_pipe_update_{start,end}() calling convention drm/i915: Extract intel_crtc_vblank_evade_scanlines() drm/i915: Enable VRR later during fastsets drm/i915: Adjust seamless_m_n flag behaviour drm/i915: Disable live M/N updates when using bigjoiner drm/i915/mst: Limit MST+DSC to TGL+ Vishal Badole (1): clk: Show active consumers of clocks in debugfs Xiubo Li (2): ceph: pass the mdsc to several helpers ceph: rename _to_client() to _to_fs_client() Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Yuri Benditovich (1): net: change maximum number of UDP segments to 128 Zack Rusin (3): drm/vmwgfx: Fix prime import/export drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 4 months

1
1
0 0

Linux 6.1.88

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.88 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 MAINTAINERS | 2 Makefile | 2 arch/arm/mach-omap2/board-n8x0.c | 5 arch/arm/mach-omap2/common-board-devices.h | 2 arch/arm/mach-omap2/pdata-quirks.c | 11 arch/arm64/mm/pageattr.c | 3 arch/x86/boot/Makefile | 2 arch/x86/boot/compressed/Makefile | 2 arch/x86/boot/compressed/misc.c | 1 arch/x86/boot/compressed/sev.c | 3 arch/x86/boot/compressed/vmlinux.lds.S | 6 arch/x86/boot/header.S | 211 arch/x86/boot/setup.ld | 14 arch/x86/boot/tools/build.c | 273 arch/x86/include/asm/boot.h | 1 arch/x86/include/asm/init.h | 2 arch/x86/include/asm/kvm_host.h | 1 arch/x86/include/asm/mem_encrypt.h | 8 arch/x86/include/asm/page_types.h | 12 arch/x86/include/asm/sev.h | 10 arch/x86/kernel/amd_gart_64.c | 2 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kernel/head64.c | 7 arch/x86/kernel/platform-quirks.c | 1 arch/x86/kernel/sev-shared.c | 23 arch/x86/kernel/sev.c | 11 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/vmx/vmx.c | 24 arch/x86/kvm/x86.c | 2 arch/x86/mm/mem_encrypt_boot.S | 4 arch/x86/mm/mem_encrypt_identity.c | 58 arch/x86/mm/pat/set_memory.c | 6 arch/x86/mm/pti.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/char/random.c | 10 drivers/clk/clk.c | 201 drivers/clk/mediatek/clk-gate.c | 23 drivers/clk/mediatek/clk-gate.h | 7 drivers/clk/mediatek/clk-mt2701-aud.c | 4 drivers/clk/mediatek/clk-mt2701-eth.c | 4 drivers/clk/mediatek/clk-mt2701-g3d.c | 2 drivers/clk/mediatek/clk-mt2701-hif.c | 4 drivers/clk/mediatek/clk-mt2701-mm.c | 4 drivers/clk/mediatek/clk-mt2701.c | 22 drivers/clk/mediatek/clk-mt2712-mm.c | 4 drivers/clk/mediatek/clk-mt2712.c | 24 drivers/clk/mediatek/clk-mt6765.c | 13 drivers/clk/mediatek/clk-mt6779-mm.c | 4 drivers/clk/mediatek/clk-mt6779.c | 21 drivers/clk/mediatek/clk-mt6795-infracfg.c | 3 drivers/clk/mediatek/clk-mt6795-mm.c | 3 drivers/clk/mediatek/clk-mt6795-pericfg.c | 6 drivers/clk/mediatek/clk-mt6795-topckgen.c | 6 drivers/clk/mediatek/clk-mt6797-mm.c | 4 drivers/clk/mediatek/clk-mt6797.c | 7 drivers/clk/mediatek/clk-mt7622-aud.c | 4 drivers/clk/mediatek/clk-mt7622-eth.c | 8 drivers/clk/mediatek/clk-mt7622-hif.c | 8 drivers/clk/mediatek/clk-mt7622.c | 22 drivers/clk/mediatek/clk-mt7629-eth.c | 7 drivers/clk/mediatek/clk-mt7629-hif.c | 8 drivers/clk/mediatek/clk-mt7629.c | 18 drivers/clk/mediatek/clk-mt7986-eth.c | 10 drivers/clk/mediatek/clk-mt7986-infracfg.c | 7 drivers/clk/mediatek/clk-mt7986-topckgen.c | 3 drivers/clk/mediatek/clk-mt8135.c | 18 drivers/clk/mediatek/clk-mt8167-aud.c | 2 drivers/clk/mediatek/clk-mt8167-img.c | 2 drivers/clk/mediatek/clk-mt8167-mfgcfg.c | 2 drivers/clk/mediatek/clk-mt8167-mm.c | 4 drivers/clk/mediatek/clk-mt8167-vdec.c | 3 drivers/clk/mediatek/clk-mt8167.c | 12 drivers/clk/mediatek/clk-mt8173-mm.c | 4 drivers/clk/mediatek/clk-mt8173.c | 34 drivers/clk/mediatek/clk-mt8183-audio.c | 4 drivers/clk/mediatek/clk-mt8183-mm.c | 4 drivers/clk/mediatek/clk-mt8183.c | 36 drivers/clk/mediatek/clk-mt8186-mcu.c | 3 drivers/clk/mediatek/clk-mt8186-mm.c | 3 drivers/clk/mediatek/clk-mt8186-topckgen.c | 9 drivers/clk/mediatek/clk-mt8192-aud.c | 3 drivers/clk/mediatek/clk-mt8192-mm.c | 3 drivers/clk/mediatek/clk-mt8192.c | 90 drivers/clk/mediatek/clk-mt8195-apmixedsys.c | 3 drivers/clk/mediatek/clk-mt8195-topckgen.c | 9 drivers/clk/mediatek/clk-mt8195-vdo0.c | 3 drivers/clk/mediatek/clk-mt8195-vdo1.c | 3 drivers/clk/mediatek/clk-mt8365-mm.c | 5 drivers/clk/mediatek/clk-mt8365.c | 14 drivers/clk/mediatek/clk-mt8516-aud.c | 2 drivers/clk/mediatek/clk-mt8516.c | 12 drivers/clk/mediatek/clk-mtk.c | 127 drivers/clk/mediatek/clk-mtk.h | 13 drivers/clk/mediatek/clk-mux.c | 14 drivers/clk/mediatek/clk-mux.h | 3 drivers/comedi/drivers/vmk80xx.c | 35 drivers/firmware/efi/libstub/Makefile | 7 drivers/firmware/efi/libstub/x86-stub.c | 58 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 78 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/i915_vma.c | 42 drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/hid/hid-ids.h | 2 drivers/hid/hid-kye.c | 62 drivers/hid/hid-quirks.c | 6 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 58 drivers/net/dsa/mt7530.h | 6 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 drivers/net/tun.c | 18 drivers/net/usb/ax88179_178a.c | 4 drivers/pci/bus.c | 49 drivers/pci/pci.c | 78 drivers/pci/pci.h | 4 drivers/pci/pcie/aspm.c | 21 drivers/pci/pcie/dpc.c | 5 drivers/pci/quirks.c | 68 drivers/pci/switch/switchtec.c | 158 drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 drivers/thunderbolt/quirks.c | 2 drivers/thunderbolt/switch.c | 48 drivers/thunderbolt/tb.c | 4 drivers/thunderbolt/tb.h | 3 drivers/thunderbolt/usb4.c | 13 drivers/tty/serial/mxs-auart.c | 8 drivers/tty/serial/pmac_zilog.c | 14 drivers/tty/serial/stm32-usart.c | 13 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 15 drivers/usb/core/port.c | 4 drivers/usb/core/quirks.c | 7 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/host/pci-quirks.c | 4 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-ring.c | 11 drivers/usb/host/xhci.c | 23 drivers/usb/host/xhci.h | 9 drivers/usb/serial/option.c | 40 fs/nilfs2/dir.c | 2 fs/smb/common/smb2pdu.h | 2 fs/smb/server/server.c | 13 fs/smb/server/smb2pdu.c | 4 fs/smb/server/vfs.c | 5 fs/sysfs/file.c | 2 include/linux/bootconfig.h | 7 include/linux/pci.h | 5 include/linux/pci_ids.h | 2 include/linux/switchtec.h | 1 include/linux/usb/hcd.h | 5 include/linux/usb/quirks.h | 3 include/net/dsa.h | 8 include/net/netfilter/nf_flow_table.h | 12 include/trace/events/rpcgss.h | 4 include/uapi/linux/pci_regs.h | 1 init/main.c | 2 io_uring/io_uring.c | 16 lib/bootconfig.c | 19 mm/memory-failure.c | 18 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/dsa/dsa2.c | 24 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_tables_api.c | 16 net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 sound/pci/hda/patch_realtek.c | 1 sound/soc/ti/omap3pandora.c | 63 sound/usb/Makefile | 2 sound/usb/mixer_quirks.c | 9 sound/usb/mixer_scarlett2.c | 4391 ++++++++++ sound/usb/mixer_scarlett2.h | 7 sound/usb/mixer_scarlett_gen2.c | 4274 --------- sound/usb/mixer_scarlett_gen2.h | 7 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 198 files changed, 6276 insertions(+), 5630 deletions(-) Ai Chao (1): ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Alexey Izbyshev (1): io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Alvaro Karsz (1): PCI: Avoid FLR for SolidRun SNET DPU rev 1 AngeloGioacchino Del Regno (6): clk: mediatek: mt8192: Correctly unregister and free clocks on failure clk: mediatek: mt8192: Propagate struct device for gate clocks clk: mediatek: clk-gate: Propagate struct device with mtk_clk_register_gates() clk: mediatek: clk-mtk: Propagate struct device for composites clk: mediatek: clk-mux: Propagate struct device for mtk-mux clk: mediatek: clk-mtk: Extend mtk_clk_simple_probe() Ard Biesheuvel (20): x86/efi: Drop EFI stub .bss from .data section x86/efi: Disregard setup header of loaded image x86/efistub: Reinstate soft limit for initrd loading x86/efi: Drop alignment flags from PE section headers x86/boot: Remove the 'bugger off' message x86/boot: Omit compression buffer from PE/COFF image memory footprint x86/boot: Drop redundant code setting the root device x86/boot: Drop references to startup_64 x86/boot: Grab kernel_info offset from zoffset header directly x86/boot: Set EFI handover offset directly in header asm x86/boot: Define setup size in linker script x86/boot: Derive file size from _edata symbol x86/boot: Construct PE/COFF .text section from assembler x86/boot: Drop PE/COFF .reloc section x86/boot: Split off PE/COFF .data section x86/boot: Increase section and file alignment to 4k/512 x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute Arnd Bergmann (1): x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Bjorn Helgaas (1): PCI/DPC: Use FIELD_GET() Brenton Simpson (1): drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Carlos Llamas (1): binder: check offset alignment in binder_get_object() Carolina Jubran (1): net/mlx5e: Prevent deadlock while disabling aRFS Christophe JAILLET (1): usb: pci-quirks: Reduce the length of a spinlock section in usb_amd_find_chipset_info() Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores David Yang (1): HID: kye: Sort kye devices Dillon Varone (1): drm/amd/display: Do not recursively call manual trigger programming Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Dmitry Torokhov (1): ARM: omap2: n8x0: stop instantiating codec platform data Emil Kronborg (1): serial: mxs-auart: add spinlock around changing cts state Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Geoffrey D. Bennett (7): ALSA: scarlett2: Move USB IDs out from device_info struct ALSA: scarlett2: Add support for Clarett 8Pre USB ALSA: scarlett2: Default mixer driver to enabled ALSA: scarlett2: Add correct product series name to messages ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 6.1.88 Hardik Gajjar (2): usb: xhci: Add timeout argument in address_device USB HCD callback usb: new quirk to reduce the SET_ADDRESS request timeout Hawking Zhang (1): drm/amdgpu: fix incorrect active rb bitmap for gfx11 Hou Wenlong (2): x86/head/64: Add missing __head annotation to startup_64_load_idt() x86/head/64: Move the __head definition to <asm/init.h> Ilpo Järvinen (1): PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Janusz Krzysztofik (1): drm/i915/vma: Fix UAF on destroy against retire race Jason A. Donenfeld (1): random: handle creditable entropy from atomic process context Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Johan Hovold (1): PCI/ASPM: Fix deadlock when enabling ASPM Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid writing the mac address before first reading Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Kelvin Cao (2): PCI: switchtec: Use normal comment style PCI: switchtec: Add support for PCIe Gen5 devices Konrad Dybcio (1): clk: Print an info line before disabling unused clocks Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Linus Walleij (1): ASoC: ti: Convert Pandora ASoC to GPIO descriptors Maciej W. Rozycki (1): PCI: Execute quirk_enable_clear_retrain_link() earlier Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Miaohe Lin (1): mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Michal Swiatkowski (1): ice: tc: allow zero flags in parsing tc flower Mika Westerberg (2): thunderbolt: Log function name of the called quirk thunderbolt: Add debug log for link controller power quirk Mike Pastore (1): PCI: Delay after FLR of Solidigm P44 Pro NVMe Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namjae Jeon (3): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Pasha Tatashin (1): x86/mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Pin-yen Lin (1): clk: mediatek: Do a runtime PM get on controllers during probe Qiang Zhang (1): bootconfig: use memblock_free_late to free xbc memory to buddy Samuel Thibault (1): speakup: Avoid crash on very long word Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (2): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible KVM: x86/pmu: Disable support for adaptive PEBS Shay Drory (1): net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused clk: Get runtime PM before walking tree for clk_summary Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Tim Huang (1): drm/amdgpu: fix incorrect number of active RBs for gfx11 Uwe Kleine-König (2): serial: stm32: Return IRQ_NONE in the ISR if no handling happend serial: stm32: Reset .throttled state in .startup() Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vishal Badole (1): clk: Show active consumers of clocks in debugfs Vladimir Oltean (1): net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yu Zhe (1): clk: remove unnecessary (void*) conversions Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Zack Rusin (3): drm/vmwgfx: Enable DMA mappings with SEV drm/vmwgfx: Sort primary plane formats by order of preference drm/vmwgfx: Fix crtc's atomic check conditional Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 4 months

1
1
0 0

Linux 5.15.157

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.157 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/nfs/exporting.rst | 7 Makefile | 2 arch/arm64/mm/pageattr.c | 3 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/cpu/bugs.c | 11 arch/x86/kernel/cpu/cpuid-deps.c | 6 arch/x86/kvm/cpuid.c | 1 arch/x86/kvm/cpuid.h | 10 arch/x86/kvm/lapic.c | 3 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/x86.c | 2 drivers/accessibility/speakup/main.c | 2 drivers/android/binder.c | 4 drivers/clk/clk.c | 154 +++++++--- drivers/comedi/drivers/vmk80xx.c | 35 -- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++-- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 drivers/infiniband/core/cm.c | 11 drivers/infiniband/hw/mlx5/mad.c | 3 drivers/infiniband/sw/rxe/rxe.c | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mt7530.c | 60 ++- drivers/net/dsa/mt7530.h | 6 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 + drivers/net/tun.c | 18 - drivers/s390/cio/device.c | 13 drivers/s390/cio/qdio_main.c | 28 + drivers/thunderbolt/switch.c | 48 ++- drivers/thunderbolt/tb.c | 4 drivers/thunderbolt/tb.h | 3 drivers/thunderbolt/usb4.c | 13 drivers/tty/serial/pmac_zilog.c | 14 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 4 drivers/usb/dwc2/hcd_ddma.c | 4 drivers/usb/gadget/function/f_ncm.c | 4 drivers/usb/serial/option.c | 40 ++ fs/btrfs/delayed-inode.c | 3 fs/ksmbd/ksmbd_netlink.h | 3 fs/ksmbd/mgmt/share_config.c | 7 fs/ksmbd/smb2ops.c | 10 fs/ksmbd/smb2pdu.c | 3 fs/ksmbd/transport_ipc.c | 37 ++ fs/lockd/svclock.c | 4 fs/nfsd/nfs4state.c | 10 fs/nilfs2/dir.c | 2 fs/sysfs/file.c | 2 include/linux/bpf.h | 9 include/linux/bpf_verifier.h | 4 include/linux/exportfs.h | 14 include/net/dsa.h | 8 include/net/net_namespace.h | 6 include/net/netfilter/nf_flow_table.h | 33 ++ include/net/netns/flow_table.h | 14 include/trace/events/rpcgss.h | 4 init/main.c | 2 kernel/bpf/btf.c | 93 ++++-- kernel/bpf/verifier.c | 66 +++- kernel/kprobes.c | 18 - kernel/trace/trace_events_trigger.c | 6 net/bridge/br_input.c | 15 net/bridge/br_netfilter_hooks.c | 6 net/bridge/br_private.h | 1 net/bridge/netfilter/nf_conntrack_bridge.c | 14 net/dsa/dsa2.c | 24 + net/netfilter/Kconfig | 9 net/netfilter/Makefile | 1 net/netfilter/nf_flow_table_core.c | 62 +++- net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 10 net/netfilter/nf_flow_table_offload.c | 17 - net/netfilter/nf_flow_table_procfs.c | 80 +++++ net/netfilter/nf_tables_api.c | 16 - net/netfilter/nft_set_pipapo.c | 14 net/unix/af_unix.c | 12 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 6 79 files changed, 971 insertions(+), 319 deletions(-) Alan Stern (1): fs: sysfs: Fix reference leak in sysfs_break_active_protection() Alexander Usyskin (1): mei: me: disable RPL-S on SPS and IGN firmwares Arınç ÜNAL (4): net: dsa: mt7530: fix mirroring frames received on local port net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Boris Burkov (1): btrfs: record delayed inode root in transaction Carlos Llamas (1): binder: check offset alignment in binder_get_object() Chuanhong Guo (1): USB: serial: option: add support for Fibocom FM650/FG650 Chuck Lever (1): Revert "lockd: introduce safe async lock op" Claudiu Beznea (1): clk: remove extra empty line Coia Prant (1): USB: serial: option: add Lonsung U8300/U9300 product Daniel Borkmann (4): bpf: Generalize check_ctx_reg for reuse with other types bpf: Generally fix helper register offset check bpf: Fix out of bounds access for ringbuf helpers bpf: Fix ringbuf memory type confusion when passing to helpers Daniele Palmas (1): USB: serial: option: add Telit FN920C04 rmnet compositions Dave Airlie (1): nouveau: fix instmem race condition around ptr stores Dmitry Baryshkov (1): drm/panel: visionox-rm69299: don't unregister DSI device Eric Biggers (1): x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Finn Thain (1): serial/pmac_zilog: Remove flawed mitigation for rx irq flood Florian Westphal (1): netfilter: nft_set_pipapo: do not free live element Gil Fine (2): thunderbolt: Avoid notify PM core about runtime PM resume thunderbolt: Fix wake configurations after device unplug Greg Kroah-Hartman (2): Revert "usb: cdc-wdm: close race between read and workqueue" Linux 5.15.157 Jeongjun Park (1): nilfs2: fix OOB in nilfs_set_de_type Jerry Meng (1): USB: serial: option: support Quectel EM060K sub-models Josh Poimboeuf (1): x86/bugs: Fix BHI retpoline check Kai-Heng Feng (1): usb: Disable USB3 LPM at shutdown Konrad Dybcio (1): clk: Print an info line before disabling unused clocks Kumar Kartikeya Dwivedi (1): bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support Kuniyuki Iwashima (2): af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). af_unix: Don't peek OOB data without MSG_OOB. Lei Chen (1): tun: limit printing rate when illegal packet received by tun dev Mark Zhang (1): RDMA/cm: Print the old state when cm_destroy_id gets timeout Michael Guralnik (1): RDMA/mlx5: Fix port number for counter query in multi-port configuration Mikhail Kobuk (1): drm: nv04: Fix out of bounds access Minas Harutyunyan (1): usb: dwc2: host: Fix dereference issue in DDMA completion flow. Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Zhandarovich (1): comedi: vmk80xx: fix incomplete endpoint checking Norihiko Hama (1): usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Pablo Neira Ayuso (3): netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: flowtable: validate pppoe header netfilter: flowtable: incorrect pppoe tuple Peter Oberparleiter (2): s390/qdio: handle deferred cc1 s390/cio: fix race condition during online processing Samuel Thibault (1): speakup: Avoid crash on very long word Sandipan Das (1): KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson (1): KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Siddh Raman Pant (1): Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Siddharth Vadapalli (1): net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Stephen Boyd (4): clk: Remove prepare_lock hold assertion in __clk_release() clk: Mark 'all_lists' as const clk: Initialize struct clk_core kref earlier clk: Get runtime PM before walking tree during disable_unused Steven Rostedt (Google) (1): SUNRPC: Fix rpcgss_context trace event acceptor field Vanillan Wang (1): USB: serial: option: add Rolling RW101-GL and RW135-GL support Vlad Buslov (1): netfilter: nf_flow_table: count pending offload workqueue tasks Vladimir Oltean (1): net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Yanjun.Zhu (1): RDMA/rxe: Fix the problem "mutex_destroy missing" Yaxiong Tian (1): arm64: hibernate: Fix level3 translation fault in swsusp_save() Yuanhe Shu (1): selftests/ftrace: Limit length in subsystem-enable tests Yuntao Wang (1): init/main.c: Fix potential static_command_line memory overflow Zack Rusin (1): drm/vmwgfx: Sort primary plane formats by order of preference Zheng Yejian (1): kprobes: Fix possible use-after-free issue on kprobe registration Ziyang Xuan (2): netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() bolan wang (1): USB: serial: option: add Fibocom FM135-GL variants xinhui pan (1): drm/amdgpu: validate the parameters of bo mapping operations more clearly

1 year, 4 months

1
1
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042720-safeness-stowaway-2308@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042718-handset-kitty-0a0e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042707--b5a0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ring-buffer: Only update pages_touched when a new page is" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ffe3986fece696cf65e0ef99e74c75f848be8e30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042706--0fec@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ffe3986fece6 ("ring-buffer: Only update pages_touched when a new page is touched") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ffe3986fece696cf65e0ef99e74c75f848be8e30 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Tue, 9 Apr 2024 15:13:09 -0400 Subject: [PATCH] ring-buffer: Only update pages_touched when a new page is touched The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } }

1 year, 4 months

1
0
0 0

[PATCH 5.15 00/71] 5.15.157-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.157 release. There are 71 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.157-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.157-rc1 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Vladimir Oltean <olteanv(a)gmail.com> net: dsa: introduce preferred_default_local_cpu_port and use on MT7530 Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Vlad Buslov <vladbu(a)nvidia.com> netfilter: nf_flow_table: count pending offload workqueue tasks Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Chuck Lever <chuck.lever(a)oracle.com> Revert "lockd: introduce safe async lock op" Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix ringbuf memory type confusion when passing to helpers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix out of bounds access for ringbuf helpers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Generally fix helper register offset check Daniel Borkmann <daniel(a)iogearbox.net> bpf: Generalize check_ctx_reg for reuse with other types Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails ------------- Diffstat: Documentation/filesystems/nfs/exporting.rst | 7 - Makefile | 4 +- arch/arm64/mm/pageattr.c | 3 - arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 ++ arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/x86.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/comedi/drivers/vmk80xx.c | 35 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++---- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 60 +++++--- drivers/net/dsa/mt7530.h | 6 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 +++ drivers/net/tun.c | 18 +-- drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 +++- drivers/thunderbolt/switch.c | 50 +++++-- drivers/thunderbolt/tb.c | 4 +- drivers/thunderbolt/tb.h | 3 +- drivers/thunderbolt/usb4.c | 13 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ fs/btrfs/delayed-inode.c | 3 + fs/ksmbd/ksmbd_netlink.h | 3 +- fs/ksmbd/mgmt/share_config.c | 7 +- fs/ksmbd/smb2ops.c | 10 +- fs/ksmbd/smb2pdu.c | 3 +- fs/ksmbd/transport_ipc.c | 37 +++++ fs/lockd/svclock.c | 4 +- fs/nfsd/nfs4state.c | 10 +- fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/bpf.h | 9 +- include/linux/bpf_verifier.h | 4 +- include/linux/exportfs.h | 14 -- include/net/dsa.h | 8 ++ include/net/net_namespace.h | 6 + include/net/netfilter/nf_flow_table.h | 33 ++++- include/net/netns/flow_table.h | 14 ++ include/trace/events/rpcgss.h | 4 +- init/main.c | 2 + kernel/bpf/btf.c | 93 ++++++++++--- kernel/bpf/verifier.c | 66 ++++++--- kernel/kprobes.c | 18 ++- kernel/trace/trace_events_trigger.c | 6 +- net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/dsa/dsa2.c | 24 +++- net/netfilter/Kconfig | 9 ++ net/netfilter/Makefile | 1 + net/netfilter/nf_flow_table_core.c | 62 ++++++++- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_flow_table_offload.c | 17 ++- net/netfilter/nf_flow_table_procfs.c | 80 +++++++++++ net/netfilter/nf_tables_api.c | 16 ++- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- 79 files changed, 973 insertions(+), 321 deletions(-)

1 year, 4 months

10
82
0 0

[PATCH 3/3] net: bcmgenet: synchronize UMAC_CMD access

by Doug Berger

The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev, -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH 2/3] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()

by Doug Berger

The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true); -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH 1/3] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access

by Doug Berger

The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name); -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH 6.6 000/158] 6.6.29-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.29 release. There are 158 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.29-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.29-rc1 Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Fix deadlock when enabling ASPM Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Ignore ftrace locations in exit text sections Breno Leitao <leitao(a)debian.org> virtio_net: Do not send RSS key if it is not supported Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Qiang Zhang <qiang4.zhang(a)intel.com> bootconfig: use memblock_free_late to free xbc memory to buddy Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix prime import/export Christian König <christian.koenig(a)amd.com> drm/amdgpu: remove invalid resource->start check v2 Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix memory leak in create_process failure xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Danny Lin <danny(a)orbstack.dev> fuse: fix leaked ENOSYS error on first statx call Sumanth Korikkar <sumanthk(a)linux.ibm.com> mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Peter Xu <peterx(a)redhat.com> mm/userfaultfd: allow hugetlb change protection upon poison entry Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Ard Biesheuvel <ardb(a)kernel.org> arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H David Matlack <dmatlack(a)google.com> KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Disable support for adaptive PEBS Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Add missing memory barrier in switch_mm_cid Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Tony Lindgren <tony(a)atomide.com> serial: core: Fix missing shutdown and startup for serial base port Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: core: Clearing the circular buffer before NULLifying it Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Reset .throttled state in .startup() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Return IRQ_NONE in the ISR if no handling happend Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Mauro Carvalho Chehab <mchehab(a)kernel.org> ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: correct the register for pow calibrated data Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Shay Drory <shayd(a)nvidia.com> net/mlx5: E-switch, store eswitch pointer before registering devlink_param Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: Do a runtime PM get on controllers during probe Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree for clk_summary Vishal Badole <badolevishal1116(a)gmail.com> clk: Show active consumers of clocks in debugfs Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Don't access req_list while it's being manipulated Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: new quirk to reduce the SET_ADDRESS request timeout Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Brenton Simpson <appsforartists(a)google.com> drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Use FIELD_GET() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add correct product series name to messages Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Default mixer driver to enabled Sanath S <Sanath.S(a)amd.com> thunderbolt: Reset topology created by the boot firmware Sanath S <Sanath.S(a)amd.com> thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_path_deactivate_hop() Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_port_reset() Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: handle HAS_IOPORT dependency for UHCI handoff Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: handle HAS_IOPORT dependency for AMD quirk Niklas Schnelle <schnelle(a)linux.ibm.com> usb: pci-quirks: group AMD specific quirk code together Linus Walleij <linus.walleij(a)linaro.org> ASoC: ti: Convert Pandora ASoC to GPIO descriptors Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add support for Clarett 8Pre USB Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Move USB IDs out from device_info struct Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: make -fstrict-flex-arrays=3 happy Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Add a missing NULL check Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Felix Fietkau <nbd(a)nbd.name> net: ethernet: mtk_eth_soc: fix WED + wifi reset Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: swnode: Remove wrong header inclusion Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: Properly fix receive message buffer allocation Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix port mirroring for MT7988 SoC switch Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix checking for unsupported keys on non-tunnel device Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: allow zero flags in parsing tc flower Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: check src_vsi in case of traffic from VF Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix IP-cores specific MAC capabilities Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix max-speed being ignored on queue re-init Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only Asbjørn Sloth Tønnesen <ast(a)fiberby.net> octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent deadlock while disabling aRFS Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: sparx5: flower: fix fragment flags handling Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Gavin Shan <gshan(a)redhat.com> arm64: tlb: Fix TLBI RANGE operand Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Modify range-based tlbi to decrement scale Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid writing the mac address before first reading Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle creditable entropy from atomic process context Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Alexey Izbyshev <izbyshev(a)ispras.ru> io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: videobuf2: request more buffers for vb2_read Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: populate SSPP scaler block version John Stultz <jstultz(a)google.com> selftests: timers: Fix posix_timers ksft_print_msg() warning NeilBrown <neilb(a)suse.de> ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Xiubo Li <xiubli(a)redhat.com> ceph: rename _to_client() to _to_fs_client() Xiubo Li <xiubli(a)redhat.com> ceph: pass the mdsc to several helpers Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Oleg Nesterov <oleg(a)redhat.com> selftests/timers/posix_timers: Reimplement check_timer_distribution() Mark Brown <broonie(a)kernel.org> selftests: timers: Convert posix_timers test to generate KTAP output Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable live M/N updates when using bigjoiner Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Adjust seamless_m_n flag behaviour Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Enable VRR later during fastsets Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Extract intel_crtc_vblank_evade_scanlines() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Change intel_pipe_update_{start,end}() calling convention Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix voltage_level programming edge case Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix FEC pipe A vs. DDI A mixup Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Steve French <stfrench(a)microsoft.com> smb3: show beginning time for per share stats Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Paulo Alcantara <pc(a)manguebit.com> smb: client: remove extra @chan_count check in __cifs_put_smb_ses() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + MAINTAINERS | 2 +- Makefile | 4 +- arch/arm/mach-omap2/pdata-quirks.c | 10 + arch/arm64/include/asm/tlbflush.h | 40 ++-- arch/arm64/kernel/head.S | 5 + arch/arm64/mm/pageattr.c | 3 - arch/powerpc/include/asm/ftrace.h | 10 +- arch/powerpc/include/asm/sections.h | 1 + arch/powerpc/kernel/trace/ftrace.c | 12 + arch/powerpc/kernel/trace/ftrace_64_pg.c | 5 + arch/powerpc/kernel/vmlinux.lds.S | 2 + arch/x86/include/asm/barrier.h | 3 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 + arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/mmu/tdp_mmu.c | 21 +- arch/x86/kvm/vmx/vmx.c | 24 +- arch/x86/kvm/x86.c | 2 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/char/random.c | 10 +- drivers/clk/clk.c | 195 ++++++++++++---- drivers/clk/mediatek/clk-mtk.c | 15 ++ drivers/comedi/drivers/vmk80xx.c | 35 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 +++--- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 - drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/display/intel_atomic.c | 1 + drivers/gpu/drm/i915/display/intel_cdclk.c | 37 ++- drivers/gpu/drm/i915/display/intel_crtc.c | 96 +++++--- drivers/gpu/drm/i915/display/intel_crtc.h | 6 +- drivers/gpu/drm/i915/display/intel_display.c | 43 ++-- .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_display_types.h | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 13 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/i915_vma.c | 42 +++- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 8 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 8 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 8 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 95 ++++++-- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.h | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/radeon/radeon_atombios.c | 8 +- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 ++- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 +++ drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 ++-- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/interconnect/core.c | 8 + drivers/media/common/videobuf2/videobuf2-core.c | 9 +- drivers/misc/mei/pci-me.c | 2 +- drivers/net/dsa/mt7530.c | 38 ++- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 +- .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 +- drivers/net/ethernet/mediatek/mtk_wed.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 ++- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- .../ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 +++-- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 +-- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 ++ drivers/net/tun.c | 18 +- drivers/net/usb/ax88179_178a.c | 4 +- drivers/net/virtio_net.c | 27 ++- drivers/pci/bus.c | 49 ++-- drivers/pci/pci.c | 78 ++++--- drivers/pci/pci.h | 4 +- drivers/pci/pcie/aspm.c | 21 +- drivers/pci/pcie/dpc.c | 5 +- drivers/pci/quirks.c | 8 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 ++- drivers/s390/net/ism_drv.c | 37 ++- drivers/scsi/scsi_lib.c | 7 +- drivers/thunderbolt/domain.c | 5 +- drivers/thunderbolt/icm.c | 2 +- drivers/thunderbolt/lc.c | 45 ++++ drivers/thunderbolt/nhi.c | 19 +- drivers/thunderbolt/path.c | 13 ++ drivers/thunderbolt/switch.c | 180 +++++++++++++-- drivers/thunderbolt/tb.c | 30 ++- drivers/thunderbolt/tb.h | 10 +- drivers/thunderbolt/tb_regs.h | 6 + drivers/thunderbolt/usb4.c | 52 ++++- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/tty/serial/serial_base.h | 4 + drivers/tty/serial/serial_core.c | 21 +- drivers/tty/serial/serial_port.c | 34 +++ drivers/tty/serial/stm32-usart.c | 13 +- drivers/ufs/host/ufs-qcom.c | 8 +- drivers/usb/Kconfig | 10 + drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hcd-pci.c | 3 +- drivers/usb/core/hub.c | 15 +- drivers/usb/core/port.c | 4 +- drivers/usb/core/quirks.c | 7 + drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/host/pci-quirks.c | 144 ++++++------ drivers/usb/host/pci-quirks.h | 34 ++- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/host/xhci.c | 23 +- drivers/usb/host/xhci.h | 9 +- drivers/usb/serial/option.c | 40 ++++ fs/ceph/addr.c | 22 +- fs/ceph/cache.c | 2 +- fs/ceph/caps.c | 53 +++-- fs/ceph/crypto.c | 2 +- fs/ceph/debugfs.c | 4 +- fs/ceph/dir.c | 24 +- fs/ceph/export.c | 10 +- fs/ceph/file.c | 26 +-- fs/ceph/inode.c | 14 +- fs/ceph/ioctl.c | 8 +- fs/ceph/mds_client.c | 41 ++-- fs/ceph/mds_client.h | 3 +- fs/ceph/mdsmap.c | 3 +- fs/ceph/snap.c | 18 +- fs/ceph/super.c | 22 +- fs/ceph/super.h | 13 +- fs/ceph/xattr.c | 12 +- fs/fuse/dir.c | 1 + fs/nilfs2/dir.c | 2 +- fs/smb/client/cifs_debug.c | 6 +- fs/smb/client/cifsglob.h | 3 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 135 ++++++----- fs/smb/client/dfs.c | 51 ++-- fs/smb/client/dfs.h | 33 ++- fs/smb/client/dfs_cache.c | 53 ++--- fs/smb/client/misc.c | 7 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/server.c | 13 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/vfs.c | 5 + fs/sysfs/file.c | 2 + include/asm-generic/barrier.h | 8 + include/linux/bootconfig.h | 7 +- include/linux/ceph/mdsmap.h | 5 +- include/linux/gpio/property.h | 1 - include/linux/pci.h | 5 + include/linux/shmem_fs.h | 9 + include/linux/swapops.h | 65 +++--- include/linux/udp.h | 2 +- include/linux/usb/hcd.h | 22 +- include/linux/usb/quirks.h | 3 + include/net/netfilter/nf_flow_table.h | 12 +- include/trace/events/rpcgss.h | 4 +- include/uapi/linux/pci_regs.h | 1 + init/main.c | 2 + io_uring/io_uring.c | 26 +-- kernel/sched/sched.h | 20 +- lib/bootconfig.c | 19 +- mm/hugetlb.c | 10 +- mm/memory-failure.c | 18 +- mm/shmem.c | 6 - net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_tables_api.c | 16 +- net/netfilter/nft_set_pipapo.c | 14 +- net/unix/af_unix.c | 12 +- sound/core/seq/seq_ump_convert.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/hda/tas2781_hda_i2c.c | 4 +- sound/soc/ti/omap3pandora.c | 63 ++--- sound/usb/Makefile | 2 +- sound/usb/mixer_quirks.c | 9 +- .../{mixer_scarlett_gen2.c => mixer_scarlett2.c} | 257 +++++++++++++++------ sound/usb/mixer_scarlett2.h | 7 + sound/usb/mixer_scarlett_gen2.h | 7 - tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/kselftest.h | 13 ++ tools/testing/selftests/net/udpgso.c | 2 +- tools/testing/selftests/timers/posix_timers.c | 156 ++++++------- 208 files changed, 2654 insertions(+), 1290 deletions(-)

1 year, 4 months

11
170
0 0

[PATCH net v2 3/3] net: bcmgenet: synchronize UMAC_CMD access

by Doug Berger

The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev, -- 2.34.1

1 year, 4 months

2
3
0 0

+ kmsan-compiler_types-declare-__no_sanitize_or_inline.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kmsan: compiler_types: declare __no_sanitize_or_inline has been added to the -mm mm-hotfixes-unstable branch. Its filename is kmsan-compiler_types-declare-__no_sanitize_or_inline.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Potapenko <glider(a)google.com> Subject: kmsan: compiler_types: declare __no_sanitize_or_inline Date: Fri, 26 Apr 2024 11:16:22 +0200 It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not __always_inline the annotated function. Link: https://lkml.kernel.org/r/20240426091622.3846771-1-glider@google.com Fixes: 5de0ce85f5a4 ("kmsan: mark noinstr as __no_sanitize_memory") Signed-off-by: Alexander Potapenko <glider(a)google.com> Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Cc: <stable(a)vger.kernel.org> Reviewed-by: Marco Elver <elver(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/include/linux/compiler_types.h~kmsan-compiler_types-declare-__no_sanitize_or_inline +++ a/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif _ Patches currently in -mm which might be from glider(a)google.com are kmsan-compiler_types-declare-__no_sanitize_or_inline.patch

1 year, 4 months

1
0
0 0

+ mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() Date: Fri, 26 Apr 2024 19:29:38 +0800 See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found issue when test ext4 large folio. INFO: task DataXceiver for:7494 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200 Call trace: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 migrate_pages_batch+0x378/0x918 migrate_pages+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174/0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 splice_direct_to_actor+0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 Link: https://lkml.kernel.org/r/20240426112938.124740-1-wangkefeng.wang@huawei.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Zhang Yi <yi.zhang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/readahead.c~mm-use-memalloc_nofs_save-in-page_cache_ra_order +++ a/mm/readahead.c @@ -490,6 +490,7 @@ void page_cache_ra_order(struct readahea pgoff_t index = readahead_index(ractl); pgoff_t limit = (i_size_read(mapping->host) - 1) >> PAGE_SHIFT; pgoff_t mark = index + ra->size - ra->async_size; + unsigned int nofs; int err = 0; gfp_t gfp = readahead_gfp_mask(mapping); @@ -504,6 +505,8 @@ void page_cache_ra_order(struct readahea new_order = min_t(unsigned int, new_order, ilog2(ra->size)); } + /* See comment in page_cache_ra_unbounded() */ + nofs = memalloc_nofs_save(); filemap_invalidate_lock_shared(mapping); while (index <= limit) { unsigned int order = new_order; @@ -527,6 +530,7 @@ void page_cache_ra_order(struct readahea read_pages(ractl); filemap_invalidate_unlock_shared(mapping); + memalloc_nofs_restore(nofs); /* * If there were already pages in the page cache, then we may have _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch arm64-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch arm-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch mm-move-mm-counter-updating-out-of-set_pte_range.patch mm-filemap-batch-mm-counter-updating-in-filemap_map_pages.patch mm-swapfile-check-usable-swap-device-in-__folio_throttle_swaprate.patch mm-memory-check-userfaultfd_wp-in-vmf_orig_pte_uffd_wp.patch

1 year, 4 months

1
0
0 0

[PATCH net v2 2/3] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()

by Doug Berger

The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true); -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH net v2 1/3] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access

by Doug Berger

The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name); -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH v2] serial: kgdboc: Fix NMI-safety problems from keyboard reset code

by Daniel Thompson

Currently, when kdb is compiled with keyboard support, then we will use schedule_work() to provoke reset of the keyboard status. Unfortunately schedule_work() gets called from the kgdboc post-debug-exception handler. That risks deadlock since schedule_work() is not NMI-safe and, even on platforms where the NMI is not directly used for debugging, the debug trap can have NMI-like behaviour depending on where breakpoints are placed. Fix this by using the irq work system, which is NMI-safe, to defer the call to schedule_work() to a point when it is safe to call. Reported-by: Liuye <liu.yeC(a)h3c.com> Closes: https://lore.kernel.org/all/20240228025602.3087748-1-liu.yeC@h3c.com/ Cc: stable(a)vger.kernel.org Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- @Greg: I'm assuming this could/should go via your tree but feel free to share an ack if you want me to hoover it up instead. Changes in v2: - Fix typo in the big comment (thanks Doug) - Link to v1: https://lore.kernel.org/r/20240419-kgdboc_fix_schedule_work-v1-1-ff19881677… --- drivers/tty/serial/kgdboc.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c index 7ce7bb1640054..58ea1e1391cee 100644 --- a/drivers/tty/serial/kgdboc.c +++ b/drivers/tty/serial/kgdboc.c @@ -19,6 +19,7 @@ #include <linux/console.h> #include <linux/vt_kern.h> #include <linux/input.h> +#include <linux/irq_work.h> #include <linux/module.h> #include <linux/platform_device.h> #include <linux/serial_core.h> @@ -48,6 +49,25 @@ static struct kgdb_io kgdboc_earlycon_io_ops; static int (*earlycon_orig_exit)(struct console *con); #endif /* IS_BUILTIN(CONFIG_KGDB_SERIAL_CONSOLE) */ +/* + * When we leave the debug trap handler we need to reset the keyboard status + * (since the original keyboard state gets partially clobbered by kdb use of + * the keyboard). + * + * The path to deliver the reset is somewhat circuitous. + * + * To deliver the reset we register an input handler, reset the keyboard and + * then deregister the input handler. However, to get this done right, we do + * have to carefully manage the calling context because we can only register + * input handlers from task context. + * + * In particular we need to trigger the action from the debug trap handler with + * all its NMI and/or NMI-like oddities. To solve this the kgdboc trap exit code + * (the "post_exception" callback) uses irq_work_queue(), which is NMI-safe, to + * schedule a callback from a hardirq context. From there we have to defer the + * work again, this time using schedule_work(), to get a callback using the + * system workqueue, which runs in task context. + */ #ifdef CONFIG_KDB_KEYBOARD static int kgdboc_reset_connect(struct input_handler *handler, struct input_dev *dev, @@ -99,10 +119,17 @@ static void kgdboc_restore_input_helper(struct work_struct *dummy) static DECLARE_WORK(kgdboc_restore_input_work, kgdboc_restore_input_helper); +static void kgdboc_queue_restore_input_helper(struct irq_work *unused) +{ + schedule_work(&kgdboc_restore_input_work); +} + +static DEFINE_IRQ_WORK(kgdboc_restore_input_irq_work, kgdboc_queue_restore_input_helper); + static void kgdboc_restore_input(void) { if (likely(system_state == SYSTEM_RUNNING)) - schedule_work(&kgdboc_restore_input_work); + irq_work_queue(&kgdboc_restore_input_irq_work); } static int kgdboc_register_kbd(char **cptr) @@ -133,6 +160,7 @@ static void kgdboc_unregister_kbd(void) i--; } } + irq_work_sync(&kgdboc_restore_input_irq_work); flush_work(&kgdboc_restore_input_work); } #else /* ! CONFIG_KDB_KEYBOARD */ --- base-commit: 0bbac3facb5d6cc0171c45c9873a2dc96bea9680 change-id: 20240419-kgdboc_fix_schedule_work-f0cb44b8a354 Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

1 year, 4 months

2
2
0 0

[PATCH v3 0/7] kdb: Refactor and fix bugs in kdb_read()

by Daniel Thompson

Inspired by a patch from [Justin][1] I took a closer look at kdb_read(). Despite Justin's patch being a (correct) one-line manipulation it was a tough patch to review because the surrounding code was hard to read and it looked like there were unfixed problems. This series isn't enough to make kdb_read() beautiful but it does make it shorter, easier to reason about and fixes two buffer overflows and a screen redraw problem! [1]: https://lore.kernel.org/all/20240403-strncpy-kernel-debug-kdb-kdb_io-c-v1-1… Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- Changes in v3: - Collected tags from v2 - Added comment to describe the hidden depths of kdb_position_cursor() (thanks Doug) - Fixed a couple of typos in the patch descriptions (thanks Doug) - Link to v2: https://lore.kernel.org/r/20240422-kgdb_read_refactor-v2-0-ed51f7d145fe@lin… Changes in v2: - No code changes! - I belatedly realized that one of the cleanups actually fixed a buffer overflow so there are changes to Cc: (to add stable@...) and to one of the patch descriptions. - Link to v1: https://lore.kernel.org/r/20240416-kgdb_read_refactor-v1-0-b18c2d01076d@lin… --- Daniel Thompson (7): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() kdb: Replace double memcpy() with memmove() in kdb_read() kdb: Simplify management of tmpbuffer in kdb_read() kernel/debug/kdb/kdb_io.c | 153 +++++++++++++++++++++++----------------------- 1 file changed, 78 insertions(+), 75 deletions(-) --- base-commit: dccce9b8780618986962ba37c373668bcf426866 change-id: 20240415-kgdb_read_refactor-2ea2dfc15dbb Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

1 year, 4 months

1
6
0 0

[PATCH 2/2] drm/nouveau/gsp: Use the sg allocator for level 2 of radix3

by Lyude Paul

Currently we allocate all 3 levels of radix3 page tables using nvkm_gsp_mem_ctor(), which uses dma_alloc_coherent() for allocating all of the relevant memory. This can end up failing in scenarios where the system has very high memory fragmentation, and we can't find enough contiguous memory to allocate level 2 of the page table. Currently, this can result in runtime PM issues on systems where memory fragmentation is high - as we'll fail to allocate the page table for our suspend/resume buffer: kworker/10:2: page allocation failure: order:7, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 10 PID: 479809 Comm: kworker/10:2 Not tainted 6.8.6-201.ChopperV6.fc39.x86_64 #1 Hardware name: SLIMBOOK Executive/Executive, BIOS N.1.10GRU06 02/02/2024 Workqueue: pm pm_runtime_work Call Trace: <TASK> dump_stack_lvl+0x64/0x80 warn_alloc+0x165/0x1e0 ? __alloc_pages_direct_compact+0xb3/0x2b0 __alloc_pages_slowpath.constprop.0+0xd7d/0xde0 __alloc_pages+0x32d/0x350 __dma_direct_alloc_pages.isra.0+0x16a/0x2b0 dma_direct_alloc+0x70/0x270 nvkm_gsp_radix3_sg+0x5e/0x130 [nouveau] r535_gsp_fini+0x1d4/0x350 [nouveau] nvkm_subdev_fini+0x67/0x150 [nouveau] nvkm_device_fini+0x95/0x1e0 [nouveau] nvkm_udevice_fini+0x53/0x70 [nouveau] nvkm_object_fini+0xb9/0x240 [nouveau] nvkm_object_fini+0x75/0x240 [nouveau] nouveau_do_suspend+0xf5/0x280 [nouveau] nouveau_pmops_runtime_suspend+0x3e/0xb0 [nouveau] pci_pm_runtime_suspend+0x67/0x1e0 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 __rpm_callback+0x41/0x170 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_callback+0x5d/0x70 ? __pfx_pci_pm_runtime_suspend+0x10/0x10 rpm_suspend+0x120/0x6a0 pm_runtime_work+0x98/0xb0 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 Luckily, we don't actually need to allocate coherent memory for the page table thanks to being able to pass the GPU a radix3 page table for suspend/resume data. So, let's rewrite nvkm_gsp_radix3_sg() to use the sg allocator for level 2. We continue using coherent allocations for lvl0 and 1, since they only take a single page. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- .../gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 71 ++++++++++++------- 2 files changed, 47 insertions(+), 28 deletions(-) diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h index 6f5d376d8fcc1..a11d16a16c3b2 100644 --- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h +++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h @@ -15,7 +15,9 @@ struct nvkm_gsp_mem { }; struct nvkm_gsp_radix3 { - struct nvkm_gsp_mem mem[3]; + struct nvkm_gsp_mem lvl0; + struct nvkm_gsp_mem lvl1; + struct sg_table lvl2; }; int nvkm_gsp_sg(struct nvkm_device *, u64 size, struct sg_table *); diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c index 9858c1438aa7f..2bf9077d37118 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c @@ -1624,7 +1624,7 @@ r535_gsp_wpr_meta_init(struct nvkm_gsp *gsp) meta->magic = GSP_FW_WPR_META_MAGIC; meta->revision = GSP_FW_WPR_META_REVISION; - meta->sysmemAddrOfRadix3Elf = gsp->radix3.mem[0].addr; + meta->sysmemAddrOfRadix3Elf = gsp->radix3.lvl0.addr; meta->sizeOfRadix3Elf = gsp->fb.wpr2.elf.size; meta->sysmemAddrOfBootloader = gsp->boot.fw.addr; @@ -1919,8 +1919,9 @@ nvkm_gsp_sg(struct nvkm_device *device, u64 size, struct sg_table *sgt) static void nvkm_gsp_radix3_dtor(struct nvkm_gsp *gsp, struct nvkm_gsp_radix3 *rx3) { - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) - nvkm_gsp_mem_dtor(gsp, &rx3->mem[i]); + nvkm_gsp_sg_free(gsp->subdev.device, &rx3->lvl2); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } /** @@ -1960,36 +1961,52 @@ static int nvkm_gsp_radix3_sg(struct nvkm_gsp *gsp, struct sg_table *sgt, u64 size, struct nvkm_gsp_radix3 *rx3) { - u64 addr; + struct sg_dma_page_iter sg_dma_iter; + struct scatterlist *sg; + size_t bufsize; + u64 *pte; + int ret, i, page_idx = 0; - for (int i = ARRAY_SIZE(rx3->mem) - 1; i >= 0; i--) { - u64 *ptes; - size_t bufsize; - int ret, idx; - - bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); - ret = nvkm_gsp_mem_ctor(gsp, bufsize, &rx3->mem[i]); - if (ret) - return ret; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl0); + if (ret) + return ret; - ptes = rx3->mem[i].data; - if (i == 2) { - struct scatterlist *sgl; + ret = nvkm_gsp_mem_ctor(gsp, GSP_PAGE_SIZE, &rx3->lvl1); + if (ret) + goto lvl1_fail; - for_each_sgtable_dma_sg(sgt, sgl, idx) { - for (int j = 0; j < sg_dma_len(sgl) / GSP_PAGE_SIZE; j++) - *ptes++ = sg_dma_address(sgl) + (GSP_PAGE_SIZE * j); - } - } else { - for (int j = 0; j < size / GSP_PAGE_SIZE; j++) - *ptes++ = addr + GSP_PAGE_SIZE * j; + // Allocate level 2 + bufsize = ALIGN((size / GSP_PAGE_SIZE) * sizeof(u64), GSP_PAGE_SIZE); + ret = nvkm_gsp_sg(gsp->subdev.device, bufsize, &rx3->lvl2); + if (ret) + goto lvl2_fail; + + // Write the bus address of level 1 to level 0 + pte = rx3->lvl0.data; + *pte = rx3->lvl1.addr; + + // Write the bus address of each page in level 2 to level 1 + pte = rx3->lvl1.data; + for_each_sgtable_dma_page(&rx3->lvl2, &sg_dma_iter, 0) + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + + // Finally, write the bus address of each page in sgt to level 2 + for_each_sgtable_sg(&rx3->lvl2, sg, i) { + pte = sg_virt(sg); + for_each_sgtable_dma_page(sgt, &sg_dma_iter, page_idx) { + *pte++ = sg_page_iter_dma_address(&sg_dma_iter); + page_idx++; } + } - size = rx3->mem[i].size; - addr = rx3->mem[i].addr; + if (ret) { +lvl2_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl1); +lvl1_fail: + nvkm_gsp_mem_dtor(gsp, &rx3->lvl0); } - return 0; + return ret; } int @@ -2021,7 +2038,7 @@ r535_gsp_fini(struct nvkm_gsp *gsp, bool suspend) sr = gsp->sr.meta.data; sr->magic = GSP_FW_SR_META_MAGIC; sr->revision = GSP_FW_SR_META_REVISION; - sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.mem[0].addr; + sr->sysmemAddrOfSuspendResumeData = gsp->sr.radix3.lvl0.addr; sr->sizeOfSuspendResumeData = len; mbox0 = lower_32_bits(gsp->sr.meta.addr); -- 2.44.0

1 year, 4 months

1
0
0 0

[PATCH] arm64: tegra: correct Tegra132 I2C alias

by Krzysztof Kozlowski

There is no such device as "as3722@40", because its name is "pmic". Use phandles for aliases to fix relying on full node path. This corrects aliases for RTC devices and also fixes dtc W=1 warning: tegra132-norrin.dts:12.3-36: Warning (alias_paths): /aliases:rtc0: aliases property is not a valid node (/i2c@7000d000/as3722@40) Fixes: 0f279ebdf3ce ("arm64: tegra: Add NVIDIA Tegra132 Norrin support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> --- arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 ++-- arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts b/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts index 14d58859bb55..683ac124523b 100644 --- a/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts +++ b/arch/arm64/boot/dts/nvidia/tegra132-norrin.dts @@ -9,8 +9,8 @@ / { compatible = "nvidia,norrin", "nvidia,tegra132", "nvidia,tegra124"; aliases { - rtc0 = "/i2c@7000d000/as3722@40"; - rtc1 = "/rtc@7000e000"; + rtc0 = &as3722; + rtc1 = &tegra_rtc; serial0 = &uarta; }; diff --git a/arch/arm64/boot/dts/nvidia/tegra132.dtsi b/arch/arm64/boot/dts/nvidia/tegra132.dtsi index 7e24a212c7e4..5bcccfef3f7f 100644 --- a/arch/arm64/boot/dts/nvidia/tegra132.dtsi +++ b/arch/arm64/boot/dts/nvidia/tegra132.dtsi @@ -572,7 +572,7 @@ spi@7000de00 { status = "disabled"; }; - rtc@7000e000 { + tegra_rtc: rtc@7000e000 { compatible = "nvidia,tegra124-rtc", "nvidia,tegra20-rtc"; reg = <0x0 0x7000e000 0x0 0x100>; interrupts = <GIC_SPI 2 IRQ_TYPE_LEVEL_HIGH>; -- 2.34.1

1 year, 4 months

3
2
0 0

[PATCH] perf/x86/intel: Add a distinct name for Granite Rapids

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> Currently, the Sapphire Rapids and Granite Rapids share the same PMU name, sapphire_rapids. Because from the kernel’s perspective, GNR is similar to SPR. The only key difference is that they support different extra MSRs. The code path and the PMU name are shared. However, from end users' perspective, they are quite different. Besides the extra MSRs, GNR has a newer PEBS format, supports Retire Latency, supports new CPUID enumeration architecture, doesn't required the load-latency AUX event, has additional TMA Level 1 Architectural Events, etc. The differences can be enumerated by CPUID or the PERF_CAPABILITIES MSR. They weren't reflected in the model-specific kernel setup. But it is worth to have a distinct PMU name for GNR. Fixes: a6742cb90b56 ("perf/x86/intel: Fix the FRONTEND encoding on GNR and MTL") Suggested-by: Ahmad Yasin <ahmad.yasin(a)intel.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index f3315f13f920..da38a16b2cbc 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -6768,12 +6768,17 @@ __init int intel_pmu_init(void) case INTEL_FAM6_EMERALDRAPIDS_X: x86_pmu.flags |= PMU_FL_MEM_LOADS_AUX; x86_pmu.extra_regs = intel_glc_extra_regs; + pr_cont("Sapphire Rapids events, "); + name = "sapphire_rapids"; fallthrough; case INTEL_FAM6_GRANITERAPIDS_X: case INTEL_FAM6_GRANITERAPIDS_D: intel_pmu_init_glc(NULL); - if (!x86_pmu.extra_regs) + if (!x86_pmu.extra_regs) { x86_pmu.extra_regs = intel_rwc_extra_regs; + pr_cont("Granite Rapids events, "); + name = "granite_rapids"; + } x86_pmu.pebs_ept = 1; x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = glc_get_event_constraints; @@ -6784,8 +6789,6 @@ __init int intel_pmu_init(void) td_attr = glc_td_events_attrs; tsx_attr = glc_tsx_events_attrs; intel_pmu_pebs_data_source_skl(true); - pr_cont("Sapphire Rapids events, "); - name = "sapphire_rapids"; break; case INTEL_FAM6_ALDERLAKE: -- 2.35.1

1 year, 4 months

1
0
0 0

[PATCH] Bluetooth: qca: fix invalid device address check

by Johan Hovold

Qualcomm Bluetooth controllers may not have been provisioned with a valid device address and instead end up using the default address 00:00:00:00:5a:ad. This was previously believed to be due to lack of persistent storage for the address but it may also be due to integrators opting to not use the on-chip OTP memory and instead store the address elsewhere (e.g. in storage managed by secure world firmware). According to Qualcomm, at least WCN6750, WCN6855 and WCN7850 have on-chip OTP storage for the address. As the device type alone cannot be used to determine when the address is valid, instead read back the address during setup() and only set the HCI_QUIRK_USE_BDADDR_PROPERTY flag when needed. This specifically makes sure that controllers that have been provisioned with an address do not start as unconfigured. Reported-by: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Link: https://lore.kernel.org/r/124a7d54-5a18-4be7-9a76-a12017f6cce5@quicinc.com/ Fixes: 5971752de44c ("Bluetooth: hci_qca: Set HCI_QUIRK_USE_BDADDR_PROPERTY for wcn3990") Fixes: e668eb1e1578 ("Bluetooth: hci_core: Don't stop BT if the BD address missing in dts") Fixes: 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk") Cc: stable(a)vger.kernel.org # 6.5 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 38 +++++++++++++++++++++++++++++++++++++ drivers/bluetooth/hci_qca.c | 2 -- 2 files changed, 38 insertions(+), 2 deletions(-) Matthias and Doug, As Chromium is the only known user of the 'local-bd-address' property, could you please confirm that your controllers use the 00:00:00:00:5a:ad address by default so that the quirk continues to be set as intended? Johan diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 19cfc342fc7b..216826c31ee3 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -15,6 +15,8 @@ #define VERSION "0.1" +#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) + int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) { @@ -612,6 +614,38 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) } EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); +static int qca_check_bdaddr(struct hci_dev *hdev) +{ + struct hci_rp_read_bd_addr *bda; + struct sk_buff *skb; + int err; + + if (bacmp(&hdev->public_addr, BDADDR_ANY)) + return 0; + + skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, + HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) { + err = PTR_ERR(skb); + bt_dev_err(hdev, "Failed to read device address (%d)", err); + return err; + } + + if (skb->len != sizeof(*bda)) { + bt_dev_err(hdev, "Device address length mismatch"); + kfree_skb(skb); + return -EIO; + } + + bda = (struct hci_rp_read_bd_addr *)skb->data; + if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT)) + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + kfree_skb(skb); + + return 0; +} + static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, struct qca_btsoc_version ver, u8 rom_ver, u16 bid) { @@ -818,6 +852,10 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, break; } + err = qca_check_bdaddr(hdev); + if (err) + return err; + bt_dev_info(hdev, "QCA setup on UART is completed"); return 0; diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index ecbc52eaf101..92fa20f5ac7d 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1905,8 +1905,6 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - qcadev = serdev_device_get_drvdata(hu->serdev); if (qcadev->bdaddr_property_broken) set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks); -- 2.43.2

1 year, 4 months

5
14
0 0

[PATCH 4/6] HID: i2c-hid: elan: fix reset suspend current leakage

by Johan Hovold

The Elan eKTH5015M touch controller found on the Lenovo ThinkPad X13s shares the VCC33 supply with other peripherals that may remain powered during suspend (e.g. when enabled as wakeup sources). The reset line is also wired so that it can be left deasserted when the supply is off. This is important as it avoids holding the controller in reset for extended periods of time when it remains powered, which can lead to increased power consumption, and also avoids leaking current through the X13s reset circuitry during suspend (and after driver unbind). Use the new 'no-reset-on-power-off' devicetree property to determine when reset needs to be asserted on power down. Notably this also avoids wasting power on machine variants without a touchscreen for which the driver would otherwise exit probe with reset asserted. Fixes: bd3cba00dcc6 ("HID: i2c-hid: elan: Add support for Elan eKTH6915 i2c-hid touchscreens") Cc: stable(a)vger.kernel.org # 6.0 Cc: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 37 ++++++++++++++++++++------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/drivers/hid/i2c-hid/i2c-hid-of-elan.c b/drivers/hid/i2c-hid/i2c-hid-of-elan.c index 5b91fb106cfc..8a905027d5e9 100644 --- a/drivers/hid/i2c-hid/i2c-hid-of-elan.c +++ b/drivers/hid/i2c-hid/i2c-hid-of-elan.c @@ -31,6 +31,7 @@ struct i2c_hid_of_elan { struct regulator *vcc33; struct regulator *vccio; struct gpio_desc *reset_gpio; + bool no_reset_on_power_off; const struct elan_i2c_hid_chip_data *chip_data; }; @@ -40,17 +41,17 @@ static int elan_i2c_hid_power_up(struct i2chid_ops *ops) container_of(ops, struct i2c_hid_of_elan, ops); int ret; + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + if (ihid_elan->vcc33) { ret = regulator_enable(ihid_elan->vcc33); if (ret) - return ret; + goto err_deassert_reset; } ret = regulator_enable(ihid_elan->vccio); - if (ret) { - regulator_disable(ihid_elan->vcc33); - return ret; - } + if (ret) + goto err_disable_vcc33; if (ihid_elan->chip_data->post_power_delay_ms) msleep(ihid_elan->chip_data->post_power_delay_ms); @@ -60,6 +61,15 @@ static int elan_i2c_hid_power_up(struct i2chid_ops *ops) msleep(ihid_elan->chip_data->post_gpio_reset_on_delay_ms); return 0; + +err_disable_vcc33: + if (ihid_elan->vcc33) + regulator_disable(ihid_elan->vcc33); +err_deassert_reset: + if (ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 0); + + return ret; } static void elan_i2c_hid_power_down(struct i2chid_ops *ops) @@ -67,7 +77,14 @@ static void elan_i2c_hid_power_down(struct i2chid_ops *ops) struct i2c_hid_of_elan *ihid_elan = container_of(ops, struct i2c_hid_of_elan, ops); - gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + /* + * Do not assert reset when the hardware allows for it to remain + * deasserted regardless of the state of the (shared) power supply to + * avoid wasting power when the supply is left on. + */ + if (!ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + if (ihid_elan->chip_data->post_gpio_reset_off_delay_ms) msleep(ihid_elan->chip_data->post_gpio_reset_off_delay_ms); @@ -87,12 +104,14 @@ static int i2c_hid_of_elan_probe(struct i2c_client *client) ihid_elan->ops.power_up = elan_i2c_hid_power_up; ihid_elan->ops.power_down = elan_i2c_hid_power_down; - /* Start out with reset asserted */ - ihid_elan->reset_gpio = - devm_gpiod_get_optional(&client->dev, "reset", GPIOD_OUT_HIGH); + ihid_elan->reset_gpio = devm_gpiod_get_optional(&client->dev, "reset", + GPIOD_ASIS); if (IS_ERR(ihid_elan->reset_gpio)) return PTR_ERR(ihid_elan->reset_gpio); + ihid_elan->no_reset_on_power_off = of_property_read_bool(client->dev.of_node, + "no-reset-on-power-off"); + ihid_elan->vccio = devm_regulator_get(&client->dev, "vccio"); if (IS_ERR(ihid_elan->vccio)) return PTR_ERR(ihid_elan->vccio); -- 2.43.2

1 year, 4 months

3
4
0 0

[PATCH v2] kmsan: compiler_types: declare __no_sanitize_or_inline

by Alexander Potapenko

It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not __always_inline the annotated function. Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Fixes: 5de0ce85f5a4 ("kmsan: mark noinstr as __no_sanitize_memory") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marco Elver <elver(a)google.com> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 0caf354cb94b5..a6a28952836cb 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

1
0
0 0

[PATCH] drm/vmwgfx: Fix invalid reads in fence signaled events

by Zack Rusin

Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8b7de6aa8468 ("vmwgfx: Rework fence event action") Reported-by: zdi-disclosures(a)trendmicro.com # ZDI-CAN-23566 Cc: David Airlie <airlied(a)gmail.com> CC: Daniel Vetter <daniel(a)ffwll.ch> Cc: Zack Rusin <zack.rusin(a)broadcom.com> Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v3.4+ --- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 2a0cda324703..5efc6a766f64 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -991,7 +991,7 @@ static int vmw_event_fence_action_create(struct drm_file *file_priv, } event->event.base.type = DRM_VMW_EVENT_FENCE_SIGNALED; - event->event.base.length = sizeof(*event); + event->event.base.length = sizeof(event->event); event->event.user_data = user_data; ret = drm_event_reserve_init(dev, file_priv, &event->base, &event->event.base); -- 2.40.1

1 year, 4 months

3
2
0 0

[PATCH] drm/vmwgfx: Fix Legacy Display Unit

by Ian Forbes

Legacy DU was broken by the referenced fixes commit because the placement and the busy_placement no longer pointed to the same object. This was later fixed indirectly by commit a78a8da51b36c7a0c0c16233f91d60aac03a5a49 ("drm/ttm: replace busy placement with flags v6") in v6.9. Fixes: 39985eea5a6d ("drm/vmwgfx: Abstract placement selection") Signed-off-by: Ian Forbes <ian.forbes(a)broadcom.com> Cc: <stable(a)vger.kernel.org> # v6.4+ --- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index 2bfac3aad7b7..98e73eb0ccf1 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -204,6 +204,7 @@ int vmw_bo_pin_in_start_of_vram(struct vmw_private *dev_priv, VMW_BO_DOMAIN_VRAM, VMW_BO_DOMAIN_VRAM); buf->places[0].lpfn = PFN_UP(bo->resource->size); + buf->busy_places[0].lpfn = PFN_UP(bo->resource->size); ret = ttm_bo_validate(bo, &buf->placement, &ctx); /* For some reason we didn't end up at the start of vram */ -- 2.34.1

1 year, 4 months

3
2
0 0

FAILED: patch "[PATCH] fork: defer linking file vma until vma is fully initialized" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042319-freeing-degree-ca0d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 35e351780fa9 ("fork: defer linking file vma until vma is fully initialized") d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 35e351780fa9d8240dd6f7e4f245f9ea37e96c19 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Wed, 10 Apr 2024 17:14:41 +0800 Subject: [PATCH] fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/fork.c b/kernel/fork.c index 39a5046c2f0b..aebb3e6c96dc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out;

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] drm/xe/vm: prevent UAF with asid based lookup" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x ca7c52ac7ad384bcf299d89482c45fec7cd00da9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042358-esteemed-fastball-c2d8@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: ca7c52ac7ad3 ("drm/xe/vm: prevent UAF with asid based lookup") 0eb2a18a8fad ("drm/xe: Implement VM snapshot support for BO's and userptr") be7d51c5b468 ("drm/xe: Add batch buffer addresses to devcoredump") 4376cee62092 ("drm/xe: Print more device information in devcoredump") 98fefec8c381 ("drm/xe: Change devcoredump functions parameters to xe_sched_job") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ca7c52ac7ad384bcf299d89482c45fec7cd00da9 Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Fri, 12 Apr 2024 12:31:45 +0100 Subject: [PATCH] drm/xe/vm: prevent UAF with asid based lookup The asid is only erased from the xarray when the vm refcount reaches zero, however this leads to potential UAF since the xe_vm_get() only works on a vm with refcount != 0. Since the asid is allocated in the vm create ioctl, rather erase it when closing the vm, prior to dropping the potential last ref. This should also work when user closes driver fd without explicit vm destroy. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1594 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240412113144.259426-4-matth… (cherry picked from commit 83967c57320d0d01ae512f10e79213f81e4bf594) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 62d1ef8867a8..3d4c8f342e21 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1577,6 +1577,16 @@ void xe_vm_close_and_put(struct xe_vm *vm) xe->usm.num_vm_in_fault_mode--; else if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe->usm.num_vm_in_non_fault_mode--; + + if (vm->usm.asid) { + void *lookup; + + xe_assert(xe, xe->info.has_asid); + xe_assert(xe, !(vm->flags & XE_VM_FLAG_MIGRATION)); + + lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); + xe_assert(xe, lookup == vm); + } mutex_unlock(&xe->usm.lock); for_each_tile(tile, xe, id) @@ -1592,24 +1602,15 @@ static void vm_destroy_work_func(struct work_struct *w) struct xe_device *xe = vm->xe; struct xe_tile *tile; u8 id; - void *lookup; /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); mutex_destroy(&vm->snap_mutex); - if (!(vm->flags & XE_VM_FLAG_MIGRATION)) { + if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe_device_mem_access_put(xe); - if (xe->info.has_asid && vm->usm.asid) { - mutex_lock(&xe->usm.lock); - lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); - xe_assert(xe, lookup == vm); - mutex_unlock(&xe->usm.lock); - } - } - for_each_tile(tile, xe, id) XE_WARN_ON(vm->pt_root[id]);

1 year, 4 months

3
2
0 0

[PATCH v1] chrome/cros_ec: Handle events during suspend after resume completion

by Karthikeyan Ramasubramanian

On boards where EC IRQ is not wake capable, EC does not trigger IRQ to signal any non-wake events until EC receives host resume event. Commit 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") separated enabling IRQ and sending resume event host command into early_resume and resume_complete stages respectively. This separation leads to host not handling certain events posted during a small time window between early_resume and resume_complete stages. This change moves handling all events that happened during suspend after sending host resume event. Fixes: 47ea0ddb1f56 ("platform/chrome: cros_ec_lpc: Separate host command and irq disable") Cc: stable(a)vger.kernel.org Cc: Lalith Rajendran <lalithkraj(a)chromium.org> Cc: chrome-platform(a)lists.linux.dev Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- drivers/platform/chrome/cros_ec.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c index badc68bbae8cc..41714df053916 100644 --- a/drivers/platform/chrome/cros_ec.c +++ b/drivers/platform/chrome/cros_ec.c @@ -432,6 +432,12 @@ static void cros_ec_send_resume_event(struct cros_ec_device *ec_dev) void cros_ec_resume_complete(struct cros_ec_device *ec_dev) { cros_ec_send_resume_event(ec_dev); + /* + * Let the mfd devices know about events that occur during + * suspend. This way the clients know what to do with them. + */ + cros_ec_report_events_during_suspend(ec_dev); + } EXPORT_SYMBOL(cros_ec_resume_complete); @@ -442,12 +448,6 @@ static void cros_ec_enable_irq(struct cros_ec_device *ec_dev) if (ec_dev->wake_enabled) disable_irq_wake(ec_dev->irq); - - /* - * Let the mfd devices know about events that occur during - * suspend. This way the clients know what to do with them. - */ - cros_ec_report_events_during_suspend(ec_dev); } /** @@ -475,8 +475,9 @@ EXPORT_SYMBOL(cros_ec_resume_early); */ int cros_ec_resume(struct cros_ec_device *ec_dev) { - cros_ec_enable_irq(ec_dev); - cros_ec_send_resume_event(ec_dev); + cros_ec_resume_early(ec_dev); + cros_ec_resume_complete(ec_dev); + return 0; } EXPORT_SYMBOL(cros_ec_resume); -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

2
1
0 0

[merged mm-nonmm-stable] ocfs2-use-coarse-time-for-new-created-files.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: use coarse time for new created files has been removed from the -mm tree. Its filename was ocfs2-use-coarse-time-for-new-created-files.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: use coarse time for new created files Date: Mon, 8 Apr 2024 16:20:41 +0800 The default atime related mount option is '-o realtime' which means file atime should be updated if atime <= ctime or atime <= mtime. atime should be updated in the following scenario, but it is not: ========================================================== $ rm /mnt/testfile; $ echo test > /mnt/testfile $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 $ sleep 5 $ cat /mnt/testfile > /dev/null $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 ========================================================== And the reason the atime in the test is not updated is that ocfs2 calls ktime_get_real_ts64() in __ocfs2_mknod_locked during file creation. Then inode_set_ctime_current() is called in inode_set_ctime_current() calls ktime_get_coarse_real_ts64() to get current time. ktime_get_real_ts64() is more accurate than ktime_get_coarse_real_ts64(). In my test box, I saw ctime set by ktime_get_coarse_real_ts64() is less than ktime_get_real_ts64() even ctime is set later. The ctime of the new inode is smaller than atime. The call trace is like: ocfs2_create ocfs2_mknod __ocfs2_mknod_locked .... ktime_get_real_ts64 <------- set atime,ctime,mtime, more accurate ocfs2_populate_inode ... ocfs2_init_acl ocfs2_acl_set_mode inode_set_ctime_current current_time ktime_get_coarse_real_ts64 <-------less accurate ocfs2_file_read_iter ocfs2_inode_lock_atime ocfs2_should_update_atime atime <= ctime ? <-------- false, ctime < atime due to accuracy So here call ktime_get_coarse_real_ts64 to set inode time coarser while creating new files. It may lower the accuracy of file times. But it's not a big deal since we already use coarse time in other places like ocfs2_update_inode_atime and inode_set_ctime_current. Link: https://lkml.kernel.org/r/20240408082041.20925-5-glass.su@suse.com Fixes: c62c38f6b91b ("ocfs2: replace CURRENT_TIME macro") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/ocfs2/namei.c~ocfs2-use-coarse-time-for-new-created-files +++ a/fs/ocfs2/namei.c @@ -566,7 +566,7 @@ static int __ocfs2_mknod_locked(struct i fe->i_last_eb_blk = 0; strcpy(fe->i_signature, OCFS2_INODE_SIGNATURE); fe->i_flags |= cpu_to_le32(OCFS2_VALID_FL); - ktime_get_real_ts64(&ts); + ktime_get_coarse_real_ts64(&ts); fe->i_atime = fe->i_ctime = fe->i_mtime = cpu_to_le64(ts.tv_sec); fe->i_mtime_nsec = fe->i_ctime_nsec = fe->i_atime_nsec = _ Patches currently in -mm which might be from glass.su(a)suse.com are

1 year, 4 months

1
0
0 0

[merged mm-nonmm-stable] ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link has been removed from the -mm tree. Its filename was ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link Date: Mon, 8 Apr 2024 16:20:40 +0800 transaction id should be updated in ocfs2_unlink and ocfs2_link. Otherwise, inode link will be wrong after journal replay even fsync was called before power failure: ======================================================================= $ touch testdir/bar $ ln testdir/bar testdir/bar_link $ fsync testdir/bar $ stat -c %h $SCRATCH_MNT/testdir/bar 1 $ stat -c %h $SCRATCH_MNT/testdir/bar 1 ======================================================================= Link: https://lkml.kernel.org/r/20240408082041.20925-4-glass.su@suse.com Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ocfs2/namei.c~ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link +++ a/fs/ocfs2/namei.c @@ -797,6 +797,7 @@ static int ocfs2_link(struct dentry *old ocfs2_set_links_count(fe, inode->i_nlink); fe->i_ctime = cpu_to_le64(inode_get_ctime_sec(inode)); fe->i_ctime_nsec = cpu_to_le32(inode_get_ctime_nsec(inode)); + ocfs2_update_inode_fsync_trans(handle, inode, 0); ocfs2_journal_dirty(handle, fe_bh); err = ocfs2_add_entry(handle, dentry, inode, @@ -993,6 +994,7 @@ static int ocfs2_unlink(struct inode *di drop_nlink(inode); drop_nlink(inode); ocfs2_set_links_count(fe, inode->i_nlink); + ocfs2_update_inode_fsync_trans(handle, inode, 0); ocfs2_journal_dirty(handle, fe_bh); inode_set_mtime_to_ts(dir, inode_set_ctime_current(dir)); _ Patches currently in -mm which might be from glass.su(a)suse.com are

1 year, 4 months

1
0
0 0

[merged mm-nonmm-stable] ocfs2-fix-races-between-hole-punching-and-aiodio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix races between hole punching and AIO+DIO has been removed from the -mm tree. Its filename was ocfs2-fix-races-between-hole-punching-and-aiodio.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: fix races between hole punching and AIO+DIO Date: Mon, 8 Apr 2024 16:20:39 +0800 After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block", fstests/generic/300 become from always failed to sometimes failed: ======================================================================== [ 473.293420 ] run fstests generic/300 [ 475.296983 ] JBD2: Ignoring recovery information on journal [ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode. [ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found [ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 494.292018 ] OCFS2: File system is now read-only. [ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30 [ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3 fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072 ========================================================================= In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten extents to a list. extents are also inserted into extent tree in ocfs2_write_begin_nolock. Then another thread call fallocate to puch a hole at one of the unwritten extent. The extent at cpos was removed by ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list found there is no such extent at the cpos. T1 T2 T3 inode lock ... insert extents ... inode unlock ocfs2_fallocate __ocfs2_change_file_space inode lock lock ip_alloc_sem ocfs2_remove_inode_range inode ocfs2_remove_btree_range ocfs2_remove_extent ^---remove the extent at cpos 78723 ... unlock ip_alloc_sem inode unlock ocfs2_dio_end_io ocfs2_dio_end_io_write lock ip_alloc_sem ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_search_extent_list ^---failed to find extent ... unlock ip_alloc_sem In most filesystems, fallocate is not compatible with racing with AIO+DIO, so fix it by adding to wait for all dio before fallocate/punch_hole like ext4. Link: https://lkml.kernel.org/r/20240408082041.20925-3-glass.su@suse.com Fixes: b25801038da5 ("ocfs2: Support xfs style space reservation ioctls") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/file.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ocfs2/file.c~ocfs2-fix-races-between-hole-punching-and-aiodio +++ a/fs/ocfs2/file.c @@ -1936,6 +1936,8 @@ static int __ocfs2_change_file_space(str inode_lock(inode); + /* Wait all existing dio workers, newcomers will block on i_rwsem */ + inode_dio_wait(inode); /* * This prevents concurrent writes on other nodes */ _ Patches currently in -mm which might be from glass.su(a)suse.com are

1 year, 4 months

1
0
0 0

[merged mm-stable] mm-hugetlb-pass-correct-order_per_bit-to-cma_declare_contiguous_nid.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid has been removed from the -mm tree. Its filename was mm-hugetlb-pass-correct-order_per_bit-to-cma_declare_contiguous_nid.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Frank van der Linden <fvdl(a)google.com> Subject: mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid Date: Thu, 4 Apr 2024 16:25:15 +0000 The hugetlb_cma code passes 0 in the order_per_bit argument to cma_declare_contiguous_nid (the alignment, computed using the page order, is correctly passed in). This causes a bit in the cma allocation bitmap to always represent a 4k page, making the bitmaps potentially very large, and slower. It would create bitmaps that would be pretty big. E.g. for a 4k page size on x86, hugetlb_cma=64G would mean a bitmap size of (64G / 4k) / 8 == 2M. With HUGETLB_PAGE_ORDER as order_per_bit, as intended, this would be (64G / 2M) / 8 == 4k. So, that's quite a difference. Also, this restricted the hugetlb_cma area to ((PAGE_SIZE << MAX_PAGE_ORDER) * 8) * PAGE_SIZE (e.g. 128G on x86) , since bitmap_alloc uses normal page allocation, and is thus restricted by MAX_PAGE_ORDER. Specifying anything about that would fail the CMA initialization. So, correctly pass in the order instead. Link: https://lkml.kernel.org/r/20240404162515.527802-2-fvdl@google.com Fixes: cf11e85fc08c ("mm: hugetlb: optionally allocate gigantic hugepages using cma") Signed-off-by: Frank van der Linden <fvdl(a)google.com> Acked-by: Roman Gushchin <roman.gushchin(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Marek Szyprowski <m.szyprowski(a)samsung.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-pass-correct-order_per_bit-to-cma_declare_contiguous_nid +++ a/mm/hugetlb.c @@ -7794,9 +7794,9 @@ void __init hugetlb_cma_reserve(int orde * huge page demotion. */ res = cma_declare_contiguous_nid(0, size, 0, - PAGE_SIZE << HUGETLB_PAGE_ORDER, - 0, false, name, - &hugetlb_cma[nid], nid); + PAGE_SIZE << HUGETLB_PAGE_ORDER, + HUGETLB_PAGE_ORDER, false, name, + &hugetlb_cma[nid], nid); if (res) { pr_warn("hugetlb_cma: reservation failed: err %d, node %d", res, nid); _ Patches currently in -mm which might be from fvdl(a)google.com are

1 year, 4 months

1
0
0 0

[merged mm-stable] mm-cma-drop-incorrect-alignment-check-in-cma_init_reserved_mem.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/cma: drop incorrect alignment check in cma_init_reserved_mem has been removed from the -mm tree. Its filename was mm-cma-drop-incorrect-alignment-check-in-cma_init_reserved_mem.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Frank van der Linden <fvdl(a)google.com> Subject: mm/cma: drop incorrect alignment check in cma_init_reserved_mem Date: Thu, 4 Apr 2024 16:25:14 +0000 cma_init_reserved_mem uses IS_ALIGNED to check if the size represented by one bit in the cma allocation bitmask is aligned with CMA_MIN_ALIGNMENT_BYTES (pageblock size). However, this is too strict, as this will fail if order_per_bit > pageblock_order, which is a valid configuration. We could check IS_ALIGNED both ways, but since both numbers are powers of two, no check is needed at all. Link: https://lkml.kernel.org/r/20240404162515.527802-1-fvdl@google.com Fixes: de9e14eebf33 ("drivers: dma-contiguous: add initialization from device tree") Signed-off-by: Frank van der Linden <fvdl(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Marek Szyprowski <m.szyprowski(a)samsung.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/cma.c | 4 ---- 1 file changed, 4 deletions(-) --- a/mm/cma.c~mm-cma-drop-incorrect-alignment-check-in-cma_init_reserved_mem +++ a/mm/cma.c @@ -182,10 +182,6 @@ int __init cma_init_reserved_mem(phys_ad if (!size || !memblock_is_region_reserved(base, size)) return -EINVAL; - /* alignment should be aligned with order_per_bit */ - if (!IS_ALIGNED(CMA_MIN_ALIGNMENT_PAGES, 1 << order_per_bit)) - return -EINVAL; - /* ensure minimal alignment required by mm core */ if (!IS_ALIGNED(base | size, CMA_MIN_ALIGNMENT_BYTES)) return -EINVAL; _ Patches currently in -mm which might be from fvdl(a)google.com are

1 year, 4 months

1
0
0 0

[PATCH v5.10 v5.15] net/mlx5e: Fix a race in command alloc flow

by Samasth Norway Ananda

From: Shifeng Li <lishifeng(a)sangfor.com.cn> [ Upstream commit 8f5100da56b3980276234e812ce98d8f075194cd ] Fix a cmd->ent use after free due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entry while another process running command flush flow takes refcount to this command entry. The process which handles commands flush may see this command as needed to be flushed if the other process allocated a ent->idx but didn't set ent to cmd->ent_arr in cmd_work_handler(). Fix it by moving the assignment of cmd->ent_arr into the spin lock. [70013.081955] BUG: KASAN: use-after-free in mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.081967] Write of size 4 at addr ffff88880b1510b4 by task kworker/26:1/1433361 [70013.081968] [70013.082028] Workqueue: events aer_isr [70013.082053] Call Trace: [70013.082067] dump_stack+0x8b/0xbb [70013.082086] print_address_description+0x6a/0x270 [70013.082102] kasan_report+0x179/0x2c0 [70013.082173] mlx5_cmd_trigger_completions+0x1e2/0x4c0 [mlx5_core] [70013.082267] mlx5_cmd_flush+0x80/0x180 [mlx5_core] [70013.082304] mlx5_enter_error_state+0x106/0x1d0 [mlx5_core] [70013.082338] mlx5_try_fast_unload+0x2ea/0x4d0 [mlx5_core] [70013.082377] remove_one+0x200/0x2b0 [mlx5_core] [70013.082409] pci_device_remove+0xf3/0x280 [70013.082439] device_release_driver_internal+0x1c3/0x470 [70013.082453] pci_stop_bus_device+0x109/0x160 [70013.082468] pci_stop_and_remove_bus_device+0xe/0x20 [70013.082485] pcie_do_fatal_recovery+0x167/0x550 [70013.082493] aer_isr+0x7d2/0x960 [70013.082543] process_one_work+0x65f/0x12d0 [70013.082556] worker_thread+0x87/0xb50 [70013.082571] kthread+0x2e9/0x3a0 [70013.082592] ret_from_fork+0x1f/0x40 The logical relationship of this error is as follows: aer_recover_work | ent->work -------------------------------------------+------------------------------ aer_recover_work_func | |- pcie_do_recovery | |- report_error_detected | |- mlx5_pci_err_detected |cmd_work_handler |- mlx5_enter_error_state | |- cmd_alloc_index |- enter_error_state | |- lock cmd->alloc_lock |- mlx5_cmd_flush | |- clear_bit |- mlx5_cmd_trigger_completions| |- unlock cmd->alloc_lock |- lock cmd->alloc_lock | |- vector = ~dev->cmd.vars.bitmask |- for_each_set_bit | |- cmd_ent_get(cmd->ent_arr[i]) (UAF) |- unlock cmd->alloc_lock | |- cmd->ent_arr[ent->idx]=ent The cmd->ent_arr[ent->idx] assignment and the bit clearing are not protected by the cmd->alloc_lock in cmd_work_handler(). Fixes: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") Reviewed-by: Moshe Shemesh <moshe(a)nvidia.com> Signed-off-by: Shifeng Li <lishifeng(a)sangfor.com.cn> Signed-off-by: Saeed Mahameed <saeedm(a)nvidia.com> [Samasth: backport for 5.10.y and 5.15.y] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Conflicts: drivers/net/ethernet/mellanox/mlx5/core/cmd.c conflict caused due to the absence of commit 58db72869a9f ("net/mlx5: Re-organize mlx5_cmd struct") which is structural change of code and is not necessary for this patch. --- commit: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler") is present from linux-5.4.y onwards but the current commit which fixes it is only present from linux-6.1.y. Would be nice to get an opinion from the author or maintainer. --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c index 41c15a65fb45..8d5dd8aba8cd 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -114,15 +114,18 @@ static u8 alloc_token(struct mlx5_cmd *cmd) return token; } -static int cmd_alloc_index(struct mlx5_cmd *cmd) +static int cmd_alloc_index(struct mlx5_cmd *cmd, struct mlx5_cmd_work_ent *ent) { unsigned long flags; int ret; spin_lock_irqsave(&cmd->alloc_lock, flags); ret = find_first_bit(&cmd->bitmask, cmd->max_reg_cmds); - if (ret < cmd->max_reg_cmds) + if (ret < cmd->max_reg_cmds) { clear_bit(ret, &cmd->bitmask); + ent->idx = ret; + cmd->ent_arr[ent->idx] = ent; + } spin_unlock_irqrestore(&cmd->alloc_lock, flags); return ret < cmd->max_reg_cmds ? ret : -ENOMEM; @@ -924,7 +927,7 @@ static void cmd_work_handler(struct work_struct *work) sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem; down(sem); if (!ent->page_queue) { - alloc_ret = cmd_alloc_index(cmd); + alloc_ret = cmd_alloc_index(cmd, ent); if (alloc_ret < 0) { mlx5_core_err_rl(dev, "failed to allocate command entry\n"); if (ent->callback) { @@ -939,15 +942,14 @@ static void cmd_work_handler(struct work_struct *work) up(sem); return; } - ent->idx = alloc_ret; } else { ent->idx = cmd->max_reg_cmds; spin_lock_irqsave(&cmd->alloc_lock, flags); clear_bit(ent->idx, &cmd->bitmask); + cmd->ent_arr[ent->idx] = ent; spin_unlock_irqrestore(&cmd->alloc_lock, flags); } - cmd->ent_arr[ent->idx] = ent; lay = get_inst(cmd, ent->idx); ent->lay = lay; memset(lay, 0, sizeof(*lay)); -- 2.43.0

1 year, 4 months

1
0
0 0

kernel BUG at net/sunrpc/svc.c:570 after updating from v5.15.153 to v5.15.155

by Chris Packham

Hi Jeff, Chuck, Greg, After updating one of our builds along the 5.15.y LTS branch our testing caught a new kernel bug. Output below. I haven't dug into it yet but wondered if it rang any bells. Thanks, Chris [ 91.605109] ------------[ cut here ]------------ [ 91.605122] kernel BUG at net/sunrpc/svc.c:570! [ 91.605129] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 91.610643] Modules linked in: mvcpss(O) platform_driver(O) ipifwd(O) xt_l2tp xt_hashlimit xt_conntrack xt_addrtype xt_LOG xt_CHECKSUM wp512 vxlan veth twofish_generic twofish_common sr9800 smsc95xx smsc75xx smsc sm3_generic sha512_arm64 sha3_generic serpent_generic rtl8150 rpcsec_gss_krb5 rmd160 poly1305_generic plusb pegasus optee_rng nbd microchip md4 md_mod mcs7830 lrw libpoly1305 lan78xx l2tp_ip6 l2tp_ip l2tp_eth l2tp_netlink l2tp_core udp_tunnel ipt_REJECT nf_reject_ipv4 ip6table_nat ip6table_mangle ip6table_filter ip6t_ipv6header ip6t_REJECT ip6_udp_tunnel ip6_tables dm9601 dm_zero dm_mirror dm_region_hash dm_log dm_mod diag tipc cuse cts cpufreq_powersave cpufreq_conservative chacha_generic chacha20poly1305 chacha_neon libchacha cast6_generic cast5_generic cast_common camellia_generic blowfish_generic blowfish_common auth_rpcgss oid_registry at25 arm_smccc_trng aes_neon_blk idprom_mtd(O) idprom_i2c(O) epi3_boardinfo_i2c(O) x250(O) psuslot_epi3_register(O) psuslot_gpio_group(O) [ 91.610809] psuslot(O) [ 91.611822] watchdog: watchdog1: watchdog did not stop! [ 91.697065] gpiopins_boardinfo(O) idprom(O) epi3_boardinfo(O) boardinfo(O) i2c_gpio i2c_algo_bit i2c_mv64xxx pluggable(O) led_enable(O) omap_rng rng_core atl_reset(O) sbsa_gwdt uio_pdrv_genirq [ 91.697096] CPU: 2 PID: 1770 Comm: nfsd Kdump: loaded Tainted: G O 5.15.155 #1 [ 91.697103] Hardware name: Allied Telesis x250-28XTm (DT) [ 91.697107] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 91.697112] pc : svc_destroy+0x84/0xac [ 91.701202] watchdog: watchdog0: watchdog did not stop! [ 91.702215] lr : svc_destroy+0x2c/0xac [ 91.702220] sp : ffff80000bb3bde0 [ 91.702223] x29: ffff80000bb3bde0 x28: 0000000000000000 x27: 0000000000000000 [ 91.746095] x26: 0000000000000000 x25: ffff00000dbfaa40 x24: ffff000016c14000 [ 91.746101] x23: ffff800008395c00 x22: ffff00000ee9f284 x21: ffff00000eea9e10 [ 91.746108] x20: ffff00000eea9e00 x19: ffff00000eea9e14 x18: ffff800008e99000 [ 91.769526] x17: 0000000000000006 x16: 0000000000000000 x15: 0000000000000001 [ 91.776782] x14: 00000000fffffffd x13: fffffc0000000000 x12: ffff800076bc2000 [ 91.784031] x11: ffff00007fba5c10 x10: ffff800076bc2000 x9 : ffff8000092207c0 [ 91.784038] x8 : fffffc000055eb08 x7 : ffff00000ef6c4c0 x6 : fffffc0001f872c8 [ 91.795823] x5 : 0000000000000100 x4 : ffff00007fbaeda8 x3 : 0000000000000000 [ 91.801684] x2 : 0000000000000000 x1 : ffff00000d8f8018 x0 : ffff00000eea9e30 [ 91.807545] Call trace: [ 91.810088] svc_destroy+0x84/0xac [ 91.813586] svc_exit_thread+0x108/0x15c [ 91.816998] nfsd+0x178/0x1a0 [ 91.818673] kthread+0x150/0x160 [ 91.820610] ret_from_fork+0x10/0x20 [ 91.820620] Code: a94153f3 a8c27bfd d50323bf d65f03c0 (d4210000) [ 91.820629] SMP: stopping secondary CPUs [ 91.830433] Starting crashdump kernel... [ 91.833064] Bye!

1 year, 4 months

4
10
0 0

[PATCH 3/3] net: bcmgenet: synchronize UMAC_CMD access

by Doug Berger

The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev, -- 2.34.1

1 year, 4 months

1
0
0 0

[PATCH 2/3] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()

by Doug Berger

The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true); -- 2.34.1

1 year, 4 months

1
0
0 0

[PATCH 1/3] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access

by Doug Berger

The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name); -- 2.34.1

1 year, 4 months

1
0
0 0

+ kmsan-compiler_types-declare-__no_sanitize_or_inline.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kmsan: compiler_types: declare __no_sanitize_or_inline has been added to the -mm mm-hotfixes-unstable branch. Its filename is kmsan-compiler_types-declare-__no_sanitize_or_inline.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Potapenko <glider(a)google.com> Subject: kmsan: compiler_types: declare __no_sanitize_or_inline Date: Thu, 25 Apr 2024 11:28:59 +0200 It turned out that KMSAN instruments READ_ONCE_NOCHECK(), resulting in false positive reports, because __no_sanitize_or_inline enforced inlining. Properly declare __no_sanitize_or_inline under __SANITIZE_MEMORY__, so that it does not inline the annotated function. Link: https://lkml.kernel.org/r/20240425092859.3370297-1-glider@google.com Reported-by: syzbot+355c5bb8c1445c871ee8(a)syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/000000000000826ac1061675b0e3@google.com Signed-off-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marco Elver <elver(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler_types.h | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/include/linux/compiler_types.h~kmsan-compiler_types-declare-__no_sanitize_or_inline +++ a/include/linux/compiler_types.h @@ -278,6 +278,17 @@ struct ftrace_likely_data { # define __no_kcsan #endif +#ifdef __SANITIZE_MEMORY__ +/* + * Similarly to KASAN and KCSAN, KMSAN loses function attributes of inlined + * functions, therefore disabling KMSAN checks also requires disabling inlining. + * + * __no_sanitize_or_inline effectively prevents KMSAN from reporting errors + * within the function and marks all its outputs as initialized. + */ +# define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused +#endif + #ifndef __no_sanitize_or_inline #define __no_sanitize_or_inline __always_inline #endif _ Patches currently in -mm which might be from glider(a)google.com are kmsan-compiler_types-declare-__no_sanitize_or_inline.patch mm-kmsan-implement-kmsan_memmove.patch instrumentedh-add-instrument_memcpy_before-instrument_memcpy_after.patch x86-call-instrumentation-hooks-from-copy_mcc.patch

1 year, 4 months

1
0
0 0

[PATCH 6.8 000/158] 6.8.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.8 release. There are 158 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Apr 2024 21:38:28 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.8-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.8-rc1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: common: use struct_group_attr instead of struct_group for network_open_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530 Miaohe Lin <linmiaohe(a)huawei.com> fork: defer linking file vma until vma is fully initialized Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Qiang Zhang <qiang4.zhang(a)intel.com> bootconfig: use memblock_free_late to free xbc memory to buddy Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix crtc's atomic check conditional Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Sort primary plane formats by order of preference Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix prime import/export Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init Christian König <ckoenig.leichtzumerken(a)gmail.com> drm/ttm: stop pooling cached NUMA pages v2 Christian König <christian.koenig(a)amd.com> drm/amdgpu: remove invalid resource->start check v2 Felix Kuehling <felix.kuehling(a)amd.com> drm/amdkfd: Fix memory leak in create_process failure xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Danny Lin <danny(a)orbstack.dev> fuse: fix leaked ENOSYS error on first statx call Sumanth Korikkar <sumanthk(a)linux.ibm.com> mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Peter Xu <peterx(a)redhat.com> mm/userfaultfd: allow hugetlb change protection upon poison entry David Hildenbrand <david(a)redhat.com> mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly Yuntao Wang <ytcoode(a)gmail.com> init/main.c: Fix potential static_command_line memory overflow Yaxiong Tian <tianyaxiong(a)kylinos.cn> arm64: hibernate: Fix level3 translation fault in swsusp_save() Ard Biesheuvel <ardb(a)kernel.org> arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H David Matlack <dmatlack(a)google.com> KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Rick Edgecombe <rick.p.edgecombe(a)intel.com> KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Sandipan Das <sandipan.das(a)amd.com> KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Disable support for adaptive PEBS Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Add missing memory barrier in switch_mm_cid Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: disable RPL-S on SPS and IGN firmwares Sakari Ailus <sakari.ailus(a)linux.intel.com> mei: vsc: Unregister interrupt handler for system suspend Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Correct the PDO counting in pd_set Norihiko Hama <Norihiko.Hama(a)alpsalpine.com> usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Sakari Ailus <sakari.ailus(a)linux.intel.com> Revert "mei: vsc: Call wake_up() in the threaded IRQ handler" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Tony Lindgren <tony(a)atomide.com> serial: core: Fix missing shutdown and startup for serial base port Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: core: Clearing the circular buffer before NULLifying it Tony Lindgren <tony(a)atomide.com> serial: core: Fix regression when runtime PM is not enabled Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Reset .throttled state in .startup() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: stm32: Return IRQ_NONE in the ISR if no handling happend Hans de Goede <hdegoede(a)redhat.com> serial: 8250_dw: Revert: Do not reclock if already at correct rate Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Do not create DisplayPort tunnels on adapters of the same router Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix wake configurations after device unplug Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Avoid notify PM core about runtime PM resume Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: Fix rts5264 driver status incorrect when card removed Fabio Estevam <festevam(a)denx.de> usb: misc: onboard_usb_hub: Disable the USB hub clock on failure Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC Mauro Carvalho Chehab <mchehab(a)kernel.org> ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: correct the register for pow calibrated data Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages Shay Drory <shayd(a)nvidia.com> net/mlx5: E-switch, store eswitch pointer before registering devlink_param Christoph Hellwig <hch(a)lst.de> block: propagate partition scanning errors to the BLKRRPART ioctl Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI retpoline check Nathan Lynch <nathanl(a)linux.ibm.com> selftests/powerpc/papr-vpd: Fix missing variable initialization Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port Pin-yen Lin <treapking(a)chromium.org> clk: mediatek: Do a runtime PM get on controllers during probe Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree for clk_summary Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Mike Tipton <quic_mdtipton(a)quicinc.com> interconnect: Don't access req_list while it's being manipulated Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() Huayu Zhang <zhanghuayu1233(a)qq.com> ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: make -fstrict-flex-arrays=3 happy Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/panel: visionox-rm69299: don't unregister DSI device Sanath S <Sanath.S(a)amd.com> thunderbolt: Reset topology created by the boot firmware Sanath S <Sanath.S(a)amd.com> thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_path_deactivate_hop() Sanath S <Sanath.S(a)amd.com> thunderbolt: Introduce tb_port_reset() Lokesh Gidra <lokeshgidra(a)google.com> userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Maíra Canal <mcanal(a)igalia.com> drm/v3d: Don't increment `enabled_ns` twice Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Muhammad Usama Anjum <usama.anjum(a)collabora.com> iommufd: Add config needed for iommufd_fail_nth Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix race condition during online processing Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/qdio: handle deferred cc1 Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Add a missing NULL check Namhyung Kim <namhyung(a)kernel.org> perf annotate: Make sure to call symbol__annotate2() in TUI Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Mark Zhang <markzhang(a)nvidia.com> RDMA/cm: Print the old state when cm_destroy_id gets timeout Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Vasily Gorbik <gor(a)linux.ibm.com> NFSD: fix endianness issue in nfsd4_encode_fattr4 Siddharth Vadapalli <s-vadapalli(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Allow RX loop to move past DMA mapping errors Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Count packets instead of descriptors in R-Car RX path Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> ravb: Group descriptor types used in Rx ring Felix Fietkau <nbd(a)nbd.name> net: ethernet: mtk_eth_soc: fix WED + wifi reset Eric Dumazet <edumazet(a)google.com> net/sched: Fix mirred deadlock on device recursion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix memleak in map from abort path Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: swnode: Remove wrong header inclusion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restore set elements when delete set fails Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: missing iterator type in lookup walk Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: Properly fix receive message buffer allocation Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix port mirroring for MT7988 SoC switch Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix mirroring frames received on local port Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix checking for unsupported keys on non-tunnel device Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: allow zero flags in parsing tc flower Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: tc: check src_vsi in case of traffic from VF Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix IP-cores specific MAC capabilities Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Fix max-speed being ignored on queue re-init Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only Dmitry Safonov <0x7f454c46(a)gmail.com> selftests/tcp_ao: Printing fixes to confirm with format-security Dmitry Safonov <0x7f454c46(a)gmail.com> selftests/tcp_ao: Fix fscanf() call for format-security Dmitry Safonov <0x7f454c46(a)gmail.com> selftests/tcp_ao: Zero-init tcp_ao_info_opt Dmitry Safonov <0x7f454c46(a)gmail.com> selftests/tcp_ao: Make RST tests less flaky Asbjørn Sloth Tønnesen <ast(a)fiberby.net> octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent deadlock while disabling aRFS Shay Drory <shayd(a)nvidia.com> net/mlx5: Restore mistakenly dropped parts in register devlink flow Shay Drory <shayd(a)nvidia.com> net/mlx5: Lag, restore buckets number to default after hash LAG deactivation Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: sparx5: flower: fix fragment flags handling Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't peek OOB data without MSG_OOB. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: incorrect pppoe tuple Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate pppoe header Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: do not free live element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: walk over current view on netlink dump Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: constify lookup fn args where possible Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: br_netfilter: skip conntrack input hook for promisc packets Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add missing conditional compiling for call to r8169_remove_leds Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix LED-related deadlock on module removal Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid writing the mac address before first reading Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle creditable entropy from atomic process context Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Steven Rostedt (Google) <rostedt(a)goodmis.org> SUNRPC: Fix rpcgss_context trace event acceptor field Jason A. Donenfeld <Jason(a)zx2c4.com> Revert "vmgenid: emit uevent when VMGENID updates" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix voltage_level programming edge case Alexey Izbyshev <izbyshev(a)ispras.ru> io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/head.S | 5 + arch/arm64/mm/pageattr.c | 3 - arch/x86/include/asm/barrier.h | 3 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/bugs.c | 11 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/cpuid.h | 10 ++ arch/x86/kvm/lapic.c | 3 +- arch/x86/kvm/mmu/mmu.c | 5 +- arch/x86/kvm/mmu/tdp_mmu.c | 21 ++- arch/x86/kvm/vmx/vmx.c | 24 ++- arch/x86/kvm/x86.c | 2 +- block/bdev.c | 29 ++-- block/ioctl.c | 3 +- drivers/accessibility/speakup/main.c | 2 +- drivers/android/binder.c | 4 +- drivers/char/random.c | 10 +- drivers/clk/clk.c | 161 ++++++++++++++---- drivers/clk/mediatek/clk-mt7988-infracfg.c | 2 +- drivers/clk/mediatek/clk-mtk.c | 15 ++ drivers/comedi/drivers/vmk80xx.c | 35 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 72 ++++++--- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 4 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 37 +++-- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 - drivers/gpu/drm/radeon/radeon_atombios.c | 8 +- drivers/gpu/drm/ttm/ttm_pool.c | 38 +++-- drivers/gpu/drm/v3d/v3d_irq.c | 4 - drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++ drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++-- drivers/gpu/drm/xe/display/intel_fb_bo.c | 8 +- drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/interconnect/core.c | 8 + drivers/interconnect/qcom/x1e80100.c | 26 --- drivers/iommu/iommufd/Kconfig | 1 + drivers/misc/cardreader/rtsx_pcr.c | 2 +- drivers/misc/mei/pci-me.c | 2 +- drivers/misc/mei/platform-vsc.c | 17 +- drivers/misc/mei/vsc-tp.c | 84 +++++++--- drivers/misc/mei/vsc-tp.h | 3 + drivers/net/dsa/mt7530.c | 38 +++-- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 +- .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 +- drivers/net/ethernet/mediatek/mtk_wed.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 27 ++-- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 9 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 1 - .../ethernet/microchip/sparx5/sparx5_tc_flower.c | 61 ++++--- drivers/net/ethernet/realtek/r8169.h | 4 +- drivers/net/ethernet/realtek/r8169_leds.c | 23 ++- drivers/net/ethernet/realtek/r8169_main.c | 7 +- drivers/net/ethernet/renesas/ravb.h | 6 +- drivers/net/ethernet/renesas/ravb_main.c | 93 ++++++----- drivers/net/ethernet/stmicro/stmmac/common.h | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 7 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 18 +-- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 29 ++-- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 18 +++ drivers/net/tun.c | 18 ++- drivers/net/usb/ax88179_178a.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++ drivers/s390/cio/device.c | 13 +- drivers/s390/cio/qdio_main.c | 28 +++- drivers/s390/net/ism_drv.c | 37 +++-- drivers/scsi/scsi_lib.c | 7 +- drivers/thermal/thermal_debugfs.c | 1 + drivers/thunderbolt/domain.c | 5 +- drivers/thunderbolt/icm.c | 2 +- drivers/thunderbolt/lc.c | 45 ++++++ drivers/thunderbolt/nhi.c | 19 ++- drivers/thunderbolt/path.c | 13 ++ drivers/thunderbolt/switch.c | 180 ++++++++++++++++++--- drivers/thunderbolt/tb.c | 36 +++-- drivers/thunderbolt/tb.h | 10 +- drivers/thunderbolt/tb_regs.h | 6 + drivers/thunderbolt/usb4.c | 52 +++++- drivers/tty/serial/8250/8250_dw.c | 6 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/tty/serial/serial_base.h | 4 + drivers/tty/serial/serial_core.c | 23 ++- drivers/tty/serial/serial_port.c | 34 ++++ drivers/tty/serial/stm32-usart.c | 13 +- drivers/ufs/host/ufs-qcom.c | 8 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/misc/onboard_usb_hub.c | 6 +- drivers/usb/serial/option.c | 40 +++++ drivers/usb/typec/tcpm/tcpm.c | 4 +- drivers/virt/vmgenid.c | 2 - fs/btrfs/extent_io.c | 20 +-- fs/fuse/dir.c | 1 + fs/nfsd/nfs4xdr.c | 47 +++--- fs/nilfs2/dir.c | 2 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/server.c | 13 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/vfs.c | 5 + fs/squashfs/inode.c | 5 +- fs/sysfs/file.c | 2 + include/asm-generic/barrier.h | 8 + include/linux/blkdev.h | 2 + include/linux/bootconfig.h | 7 +- include/linux/gpio/property.h | 1 - include/linux/shmem_fs.h | 9 ++ include/linux/swapops.h | 65 ++++---- include/linux/udp.h | 2 +- include/net/netfilter/nf_flow_table.h | 12 +- include/net/netfilter/nf_tables.h | 14 ++ include/net/sch_generic.h | 1 + include/trace/events/rpcgss.h | 4 +- init/main.c | 2 + io_uring/io_uring.c | 26 +-- kernel/fork.c | 33 ++-- kernel/sched/sched.h | 20 ++- lib/bootconfig.c | 19 ++- mm/gup.c | 54 ++++--- mm/huge_memory.c | 6 +- mm/hugetlb.c | 10 +- mm/internal.h | 10 +- mm/madvise.c | 17 +- mm/memory-failure.c | 18 ++- mm/shmem.c | 6 - net/bridge/br_input.c | 15 +- net/bridge/br_netfilter_hooks.c | 6 + net/bridge/br_private.h | 1 + net/bridge/netfilter/nf_conntrack_bridge.c | 14 +- net/core/dev.c | 6 + net/netfilter/nf_flow_table_inet.c | 3 +- net/netfilter/nf_flow_table_ip.c | 10 +- net/netfilter/nf_tables_api.c | 82 ++++++++-- net/netfilter/nft_lookup.c | 1 + net/netfilter/nft_set_bitmap.c | 4 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 43 ++--- net/netfilter/nft_set_pipapo.h | 6 +- net/netfilter/nft_set_pipapo_avx2.c | 59 ++++--- net/netfilter/nft_set_rbtree.c | 4 +- net/sched/sch_generic.c | 1 + net/unix/af_unix.c | 12 +- sound/core/seq/seq_ump_convert.c | 2 +- sound/pci/hda/patch_realtek.c | 7 +- sound/pci/hda/tas2781_hda_i2c.c | 4 +- tools/perf/ui/browsers/annotate.c | 2 +- tools/perf/util/annotate.c | 3 + tools/perf/util/bpf_skel/lock_contention.bpf.c | 5 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/iommu/config | 2 + tools/testing/selftests/net/tcp_ao/lib/proc.c | 2 +- tools/testing/selftests/net/tcp_ao/lib/setup.c | 12 +- tools/testing/selftests/net/tcp_ao/rst.c | 23 +-- .../selftests/net/tcp_ao/setsockopt-closed.c | 2 +- tools/testing/selftests/net/udpgso.c | 2 +- .../testing/selftests/powerpc/papr_vpd/papr_vpd.c | 2 +- 178 files changed, 1898 insertions(+), 827 deletions(-)

1 year, 4 months

10
168
0 0

Industrial Edge Computing Gateway

by Aaron

Hi We have published a survey on Industrial Edge Computing Gateway. If you have further interest in this or related reports, we are happy to share sample reports for your reference, please contact: abby(a)vicmarketresearch.com Some of the prominent players reviewed in the research report include: DELL HPE Cisco Huawei ABB Advantech Fujitsu Eurotech Sierra Wireless AAEON Hirschmann ADLINK Technology Digi International Beijing InHand Networks Technology …… The primary objectives of this report are to provide 1) global market size and forecasts, growth rates, market dynamics, industry structure and developments, market situation, trends; 2) global market share and ranking by company; 3) comprehensive presentation of the global market for Industrial Edge Computing Gateway, with both quantitative and qualitative analysis through detailed segmentation; 4) detailed value chain analysis and review of growth factors essential for the existing market players and new entrants; 5) emerging opportunities in the market and the future impact of major drivers and restraints of the market. Segment by Type Embedded Wall-mounted Others Segment by Application Manufacturing Energy and Electricity Transportation Others More companies that not listed here are also available. Thanks for you reading.

1 year, 4 months

1
0
0 0

[PATCH] Bluetooth: qca: fix wcn3991 device address check

by Johan Hovold

Qualcomm Bluetooth controllers may not have been provisioned with a valid device address and instead end up using the default address 00:00:00:00:5a:ad. This address is now used to determine if a controller has a valid address or if one needs to be provided through devicetree or by user space before the controller can be used. It turns out that the WCN3991 controllers used in Chromium Trogdor machines use a different default address, 39:98:00:00:5a:ad, which also needs to be marked as invalid so that the correct address is fetched from the devicetree. Qualcomm has unfortunately not yet provided any answers as to whether the 39:98 encodes a hardware id and if there are other variants of the default address that needs to be handled by the driver. For now, add the Trogdor WCN3991 default address to the device address check to avoid having these controllers start with the default address instead of their assigned addresses. Fixes: 00567f70051a ("Bluetooth: qca: fix invalid device address check") Cc: stable(a)vger.kernel.org # 6.5 Cc: Doug Anderson <dianders(a)chromium.org> Cc: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/btqca.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) Luiz and Doug, As the offending commit is now on its way into 6.9, let's just add the default address that the Trogdor machines uses to the address check. We can always amend this when/if Qualcomm provides some more details, or, in the worst case, when users report that they need to re-pair their Bluetooth gadgets if there are further variations of the default address. Johan diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 216826c31ee3..cfa71708397b 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -16,6 +16,7 @@ #define VERSION "0.1" #define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }}) +#define QCA_BDADDR_WCN3991 (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x98, 0x39 }}) int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, enum qca_btsoc_type soc_type) @@ -638,8 +639,10 @@ static int qca_check_bdaddr(struct hci_dev *hdev) } bda = (struct hci_rp_read_bd_addr *)skb->data; - if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT)) + if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT) || + !bacmp(&bda->bdaddr, QCA_BDADDR_WCN3991)) { set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + } kfree_skb(skb); -- 2.43.2

1 year, 4 months

3
2
0 0

[PATCH net v3 0/4] Fix isolation of broadcast traffic and unmatched unicast traffic with MACsec offload

by Rahul Rameshbabu

Some device drivers support devices that enable them to annotate whether a Rx skb refers to a packet that was processed by the MACsec offloading functionality of the device. Logic in the Rx handling for MACsec offload does not utilize this information to preemptively avoid forwarding to the macsec netdev currently. Because of this, things like multicast messages or unicast messages with an unmatched destination address such as ARP requests are forwarded to the macsec netdev whether the message received was MACsec encrypted or not. The goal of this patch series is to improve the Rx handling for MACsec offload for devices capable of annotating skbs received that were decrypted by the NIC offload for MACsec. Here is a summary of the issue that occurs with the existing logic today. * The current design of the MACsec offload handling path tries to use "best guess" mechanisms for determining whether a packet associated with the currently handled skb in the datapath was processed via HW offload * The best guess mechanism uses the following heuristic logic (in order of precedence) - Check if header destination MAC address matches MACsec netdev MAC address -> forward to MACsec port - Check if packet is multicast traffic -> forward to MACsec port - MACsec security channel was able to be looked up from skb offload context (mlx5 only) -> forward to MACsec port * Problem: plaintext traffic can potentially solicit a MACsec encrypted response from the offload device - Core aspect of MACsec is that it identifies unauthorized LAN connections and excludes them from communication + This behavior can be seen when not enabling offload for MACsec - The offload behavior violates this principle in MACsec I believe this behavior is a security bug since applications utilizing MACsec could be exploited using this behavior, and the correct way to resolve this is by having the hardware correctly indicate whether MACsec offload occurred for the packet or not. In the patches in this series, I leave a warning for when the problematic path occurs because I cannot figure out a secure way to fix the security issue that applies to the core MACsec offload handling in the Rx path without breaking MACsec offload for other vendors. Shown at the bottom is an example use case where plaintext traffic sent to a physical port of a NIC configured for MACsec offload is unable to be handled correctly by the software stack when the NIC provides awareness to the kernel about whether the received packet is MACsec traffic or not. In this specific example, plaintext ARP requests are being responded with MACsec encrypted ARP replies (which leads to routing information being unable to be built for the requester). Side 1 ip link del macsec0 ip address flush mlx5_1 ip address add 1.1.1.1/24 dev mlx5_1 ip link set dev mlx5_1 up ip link add link mlx5_1 macsec0 type macsec sci 1 encrypt on ip link set dev macsec0 address 00:11:22:33:44:66 ip macsec offload macsec0 mac ip macsec add macsec0 tx sa 0 pn 1 on key 00 dffafc8d7b9a43d5b9a3dfbbf6a30c16 ip macsec add macsec0 rx sci 2 on ip macsec add macsec0 rx sci 2 sa 0 pn 1 on key 00 ead3664f508eb06c40ac7104cdae4ce5 ip address flush macsec0 ip address add 2.2.2.1/24 dev macsec0 ip link set dev macsec0 up # macsec0 enters promiscuous mode. # This enables all traffic received on macsec_vlan to be processed by # the macsec offload rx datapath. This however means that traffic # meant to be received by mlx5_1 will be incorrectly steered to # macsec0 as well. ip link add link macsec0 name macsec_vlan type vlan id 1 ip link set dev macsec_vlan address 00:11:22:33:44:88 ip address flush macsec_vlan ip address add 3.3.3.1/24 dev macsec_vlan ip link set dev macsec_vlan up Side 2 ip link del macsec0 ip address flush mlx5_1 ip address add 1.1.1.2/24 dev mlx5_1 ip link set dev mlx5_1 up ip link add link mlx5_1 macsec0 type macsec sci 2 encrypt on ip link set dev macsec0 address 00:11:22:33:44:77 ip macsec offload macsec0 mac ip macsec add macsec0 tx sa 0 pn 1 on key 00 ead3664f508eb06c40ac7104cdae4ce5 ip macsec add macsec0 rx sci 1 on ip macsec add macsec0 rx sci 1 sa 0 pn 1 on key 00 dffafc8d7b9a43d5b9a3dfbbf6a30c16 ip address flush macsec0 ip address add 2.2.2.2/24 dev macsec0 ip link set dev macsec0 up # macsec0 enters promiscuous mode. # This enables all traffic received on macsec_vlan to be processed by # the macsec offload rx datapath. This however means that traffic # meant to be received by mlx5_1 will be incorrectly steered to # macsec0 as well. ip link add link macsec0 name macsec_vlan type vlan id 1 ip link set dev macsec_vlan address 00:11:22:33:44:99 ip address flush macsec_vlan ip address add 3.3.3.2/24 dev macsec_vlan ip link set dev macsec_vlan up Side 1 ping -I mlx5_1 1.1.1.2 PING 1.1.1.2 (1.1.1.2) from 1.1.1.1 mlx5_1: 56(84) bytes of data. From 1.1.1.1 icmp_seq=1 Destination Host Unreachable ping: sendmsg: No route to host From 1.1.1.1 icmp_seq=2 Destination Host Unreachable From 1.1.1.1 icmp_seq=3 Destination Host Unreachable Changes: v2->v3: * Made dev paramater const for eth_skb_pkt_type helper as suggested by Sabrina Dubroca <sd(a)queasysnail.net> v1->v2: * Fixed series subject to detail the issue being fixed * Removed strange characters from cover letter * Added comment in example that illustrates the impact involving promiscuous mode * Added patch for generalizing packet type detection * Added Fixes: tags and targeting net * Removed pointless warning in the heuristic Rx path for macsec offload * Applied small refactor in Rx path offload to minimize scope of rx_sc local variable Link: https://github.com/Binary-Eater/macsec-rx-offload/blob/trunk/MACsec_violati… Link: https://lore.kernel.org/netdev/20240419213033.400467-5-rrameshbabu@nvidia.c… Link: https://lore.kernel.org/netdev/20240419011740.333714-1-rrameshbabu@nvidia.c… Link: https://lore.kernel.org/netdev/87r0l25y1c.fsf@nvidia.com/ Link: https://lore.kernel.org/netdev/20231116182900.46052-1-rrameshbabu@nvidia.co… Cc: Sabrina Dubroca <sd(a)queasysnail.net> Cc: stable(a)vger.kernel.org Signed-off-by: Rahul Rameshbabu <rrameshbabu(a)nvidia.com> --- Rahul Rameshbabu (4): macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads ethernet: Add helper for assigning packet type when dest address does not match device address macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec .../mellanox/mlx5/core/en_accel/macsec.c | 1 + drivers/net/macsec.c | 46 +++++++++++++++---- include/linux/etherdevice.h | 25 ++++++++++ include/net/macsec.h | 2 + net/ethernet/eth.c | 12 +---- 5 files changed, 65 insertions(+), 21 deletions(-) -- 2.42.0

1 year, 4 months

3
6
0 0

[PATCH] usb: gadget: u_audio: Clear uac pointer when freed.

by Chris Wulff

This prevents use of a stale pointer if functions are called after g_cleanup that shouldn't be. This doesn't fix any races, but converts a possibly silent kernel memory corruption into an obvious NULL pointer dereference report. Fixes: eb9fecb9e69b ("usb: gadget: f_uac2: split out audio core") Signed-off-by: Chris Wulff <chris.wulff(a)biamp.com> --- v1: Split from https://lore.kernel.org/linux-usb/CO1PR17MB54190B898057616EEB3F9E51E10E2@CO… drivers/usb/gadget/function/u_audio.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c index c8e8154c59f5..ec1dceb08729 100644 --- a/drivers/usb/gadget/function/u_audio.c +++ b/drivers/usb/gadget/function/u_audio.c @@ -1419,6 +1419,8 @@ void g_audio_cleanup(struct g_audio *g_audio) return; uac = g_audio->uac; + g_audio->uac = NULL; + card = uac->card; if (card) snd_card_free_when_closed(card); -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH v2] usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.

by Chris Wulff

Hang on to the control IDs instead of pointers since those are correctly handled with locks. Fixes: 8fe9a03f4331 ("usb: gadget: u_audio: Rate ctl notifies about current srate (0=stopped)") Fixes: c565ad07ef35 ("usb: gadget: u_audio: Support multiple sampling rates") Fixes: 02de698ca812 ("usb: gadget: u_audio: add bi-directional volume and mute support") Signed-off-by: Chris Wulff <chris.wulff(a)biamp.com> --- v2: Removed items not directly related to controls. Added Fixes: v1: https://lore.kernel.org/linux-usb/CO1PR17MB54190B898057616EEB3F9E51E10E2@CO… drivers/usb/gadget/function/u_audio.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c index 4a42574b4a7f..c8e8154c59f5 100644 --- a/drivers/usb/gadget/function/u_audio.c +++ b/drivers/usb/gadget/function/u_audio.c @@ -57,13 +57,13 @@ struct uac_rtd_params { /* Volume/Mute controls and their state */ int fu_id; /* Feature Unit ID */ - struct snd_kcontrol *snd_kctl_volume; - struct snd_kcontrol *snd_kctl_mute; + struct snd_ctl_elem_id snd_kctl_volume_id; + struct snd_ctl_elem_id snd_kctl_mute_id; s16 volume_min, volume_max, volume_res; s16 volume; int mute; - struct snd_kcontrol *snd_kctl_rate; /* read-only current rate */ + struct snd_ctl_elem_id snd_kctl_rate_id; /* read-only current rate */ int srate; /* selected samplerate */ int active; /* playback/capture running */ @@ -494,14 +494,13 @@ static inline void free_ep_fback(struct uac_rtd_params *prm, struct usb_ep *ep) static void set_active(struct uac_rtd_params *prm, bool active) { // notifying through the Rate ctrl - struct snd_kcontrol *kctl = prm->snd_kctl_rate; unsigned long flags; spin_lock_irqsave(&prm->lock, flags); if (prm->active != active) { prm->active = active; snd_ctl_notify(prm->uac->card, SNDRV_CTL_EVENT_MASK_VALUE, - &kctl->id); + &prm->snd_kctl_rate_id); } spin_unlock_irqrestore(&prm->lock, flags); } @@ -807,7 +806,7 @@ int u_audio_set_volume(struct g_audio *audio_dev, int playback, s16 val) if (change) snd_ctl_notify(uac->card, SNDRV_CTL_EVENT_MASK_VALUE, - &prm->snd_kctl_volume->id); + &prm->snd_kctl_volume_id); return 0; } @@ -856,7 +855,7 @@ int u_audio_set_mute(struct g_audio *audio_dev, int playback, int val) if (change) snd_ctl_notify(uac->card, SNDRV_CTL_EVENT_MASK_VALUE, - &prm->snd_kctl_mute->id); + &prm->snd_kctl_mute_id); return 0; } @@ -1331,7 +1330,7 @@ int g_audio_setup(struct g_audio *g_audio, const char *pcm_name, err = snd_ctl_add(card, kctl); if (err < 0) goto snd_fail; - prm->snd_kctl_mute = kctl; + prm->snd_kctl_mute_id = kctl->id; prm->mute = 0; } @@ -1359,7 +1358,7 @@ int g_audio_setup(struct g_audio *g_audio, const char *pcm_name, err = snd_ctl_add(card, kctl); if (err < 0) goto snd_fail; - prm->snd_kctl_volume = kctl; + prm->snd_kctl_volume_id = kctl->id; prm->volume = fu->volume_max; prm->volume_max = fu->volume_max; prm->volume_min = fu->volume_min; @@ -1383,7 +1382,7 @@ int g_audio_setup(struct g_audio *g_audio, const char *pcm_name, err = snd_ctl_add(card, kctl); if (err < 0) goto snd_fail; - prm->snd_kctl_rate = kctl; + prm->snd_kctl_rate_id = kctl->id; } strscpy(card->driver, card_name, sizeof(card->driver)); -- 2.34.1

1 year, 4 months

2
1
0 0

[tip: x86/urgent] cpu: Re-enable CPU mitigations by default for !X86 architectures

by tip-bot2 for Sean Christopherson

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: fe42754b94a42d08cf9501790afc25c4f6a5f631 Gitweb: https://git.kernel.org/tip/fe42754b94a42d08cf9501790afc25c4f6a5f631 Author: Sean Christopherson <seanjc(a)google.com> AuthorDate: Fri, 19 Apr 2024 17:05:54 -07:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Thu, 25 Apr 2024 15:47:35 +02:00 cpu: Re-enable CPU mitigations by default for !X86 architectures Rename x86's to CPU_MITIGATIONS, define it in generic code, and force it on for all architectures exception x86. A recent commit to turn mitigations off by default if SPECULATION_MITIGATIONS=n kinda sorta missed that "cpu_mitigations" is completely generic, whereas SPECULATION_MITIGATIONS is x86-specific. Rename x86's SPECULATIVE_MITIGATIONS instead of keeping both and have it select CPU_MITIGATIONS, as having two configs for the same thing is unnecessary and confusing. This will also allow x86 to use the knob to manage mitigations that aren't strictly related to speculative execution. Use another Kconfig to communicate to common code that CPU_MITIGATIONS is already defined instead of having x86's menu depend on the common CPU_MITIGATIONS. This allows keeping a single point of contact for all of x86's mitigations, and it's not clear that other architectures *want* to allow disabling mitigations at compile-time. Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") Closes: https://lkml.kernel.org/r/20240413115324.53303a68%40canb.auug.org.au Reported-by: Stephen Rothwell <sfr(a)canb.auug.org.au> Reported-by: Michael Ellerman <mpe(a)ellerman.id.au> Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240420000556.2645001-2-seanjc@google.com --- arch/Kconfig | 8 ++++++++ arch/x86/Kconfig | 11 ++++++----- kernel/cpu.c | 4 ++-- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index 65afb1d..30f7930 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -9,6 +9,14 @@ # source "arch/$(SRCARCH)/Kconfig" +config ARCH_CONFIGURES_CPU_MITIGATIONS + bool + +if !ARCH_CONFIGURES_CPU_MITIGATIONS +config CPU_MITIGATIONS + def_bool y +endif + menu "General architecture-dependent options" config ARCH_HAS_SUBPAGE_FAULTS diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4474bf3..619a04d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -62,6 +62,7 @@ config X86 select ACPI_HOTPLUG_CPU if ACPI_PROCESSOR && HOTPLUG_CPU select ARCH_32BIT_OFF_T if X86_32 select ARCH_CLOCKSOURCE_INIT + select ARCH_CONFIGURES_CPU_MITIGATIONS select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64 @@ -2488,17 +2489,17 @@ config PREFIX_SYMBOLS def_bool y depends on CALL_PADDING && !CFI_CLANG -menuconfig SPECULATION_MITIGATIONS - bool "Mitigations for speculative execution vulnerabilities" +menuconfig CPU_MITIGATIONS + bool "Mitigations for CPU vulnerabilities" default y help - Say Y here to enable options which enable mitigations for - speculative execution hardware vulnerabilities. + Say Y here to enable options which enable mitigations for hardware + vulnerabilities (usually related to speculative execution). If you say N, all mitigations will be disabled. You really should know what you are doing to say so. -if SPECULATION_MITIGATIONS +if CPU_MITIGATIONS config MITIGATION_PAGE_TABLE_ISOLATION bool "Remove the kernel mapping in user mode" diff --git a/kernel/cpu.c b/kernel/cpu.c index 07ad53b..bb0ff27 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3207,8 +3207,8 @@ enum cpu_mitigations { }; static enum cpu_mitigations cpu_mitigations __ro_after_init = - IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : - CPU_MITIGATIONS_OFF; + IS_ENABLED(CONFIG_CPU_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : + CPU_MITIGATIONS_OFF; static int __init mitigations_parse_cmdline(char *arg) {

1 year, 4 months

1
0
0 0

[PATCH] kbuild: rust: force `alloc` extern to allow "empty" Rust files

by Miguel Ojeda

If one attempts to build an essentially empty file somewhere in the kernel tree, it leads to a build error because the compiler does not recognize the `new_uninit` unstable feature: error[E0635]: unknown feature `new_uninit` --> <crate attribute>:1:9 | 1 | feature(new_uninit) | ^^^^^^^^^^ The reason is that we pass `-Zcrate-attr='feature(new_uninit)'` (together with `-Zallow-features=new_uninit`) to let non-`rust/` code use that unstable feature. However, the compiler only recognizes the feature if the `alloc` crate is resolved (the feature is an `alloc` one). `--extern alloc`, which we pass, is not enough to resolve the crate. Introducing a reference like `use alloc;` or `extern crate alloc;` solves the issue, thus this is not seen in normal files. For instance, `use`ing the `kernel` prelude introduces such a reference, since `alloc` is used inside. While normal use of the build system is not impacted by this, it can still be fairly confusing for kernel developers [1], thus use the unstable `force` option of `--extern` [2] (added in Rust 1.71 [3]) to force the compiler to resolve `alloc`. This new unstable feature is only needed meanwhile we use the other unstable feature, since then we will not need `-Zcrate-attr`. Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: Daniel Almeida <daniel.almeida(a)collabora.com> Reported-by: Julian Stecklina <julian.stecklina(a)cyberus-technology.de> Closes: https://rust-for-linux.zulipchat.com/#narrow/stream/288089-General/topic/x/… [1] Fixes: 2f7ab1267dc9 ("Kbuild: add Rust support") Link: https://github.com/rust-lang/rust/issues/111302 [2] Link: https://github.com/rust-lang/rust/pull/109421 [3] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- scripts/Makefile.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/Makefile.build b/scripts/Makefile.build index baf86c0880b6..533a7799fdfe 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -273,7 +273,7 @@ rust_common_cmd = \ -Zallow-features=$(rust_allowed_features) \ -Zcrate-attr=no_std \ -Zcrate-attr='feature($(rust_allowed_features))' \ - --extern alloc --extern kernel \ + -Zunstable-options --extern force:alloc --extern kernel \ --crate-type rlib -L $(objtree)/rust/ \ --crate-name $(basename $(notdir $@)) \ --sysroot=/dev/null \ base-commit: 4cece764965020c22cff7665b18a012006359095 -- 2.44.0

1 year, 4 months

4
3
0 0

[PATCH 0/3] HID: bpf: some fixes for pre-loading HID-BPF

by Benjamin Tissoires

As I am working on the next functionalities of HID-BPF, I realized that I had a few issues while preloading the skeleton at boot. None of the errors are terrible as they are not inducing a kernel crash, so it's not super urgent IMO. Regarding the last one, I'm not sure what makes RHEL behave slightly different than upstream. But I am not sure also that the code matches upstream everywhere, so lazy loading it seems like a sensible idea. Furthermore, that also means that the code will not be available until requested by user space, which fits well in the whole idea of HID-BPF: if the user doesn't want it, then it shouldn't be it. Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> --- Benjamin Tissoires (3): HID: bpf: fix a comment in a define HID: bpf: fix return value of entrypoints_*__attach() HID: bpf: lazy load the hid_tail_call entrypoint drivers/hid/bpf/hid_bpf_dispatch.c | 6 ------ drivers/hid/bpf/hid_bpf_jmp_table.c | 17 ++++++++++++----- 2 files changed, 12 insertions(+), 11 deletions(-) --- base-commit: b912cf042072e12e93faa874265b30cc0aa521b9 change-id: 20240419-hid_bpf_lazy_skel-ab0d674cb49b Best regards, -- Benjamin Tissoires <bentiss(a)kernel.org>

1 year, 4 months

2
6
0 0

[tip: irq/urgent] irqchip/gic-v3-its: Prevent double free on error

by tip-bot2 for Guanrui Huang

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: c26591afd33adce296c022e3480dea4282b7ef91 Gitweb: https://git.kernel.org/tip/c26591afd33adce296c022e3480dea4282b7ef91 Author: Guanrui Huang <guanrui.huang(a)linux.alibaba.com> AuthorDate: Thu, 18 Apr 2024 14:10:52 +08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 25 Apr 2024 14:30:46 +02:00 irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again. Fix this by unconditionally invoking its_vpe_irq_domain_free() which handles all cases correctly and by removing the bitmap/vprop_page freeing from its_vpe_irq_domain_alloc(). [ tglx: Massaged change log ] Fixes: 7d75bbb4bc1a ("irqchip/gic-v3-its: Add VPE irq domain allocation/teardown") Signed-off-by: Guanrui Huang <guanrui.huang(a)linux.alibaba.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Reviewed-by: Zenghui Yu <yuzenghui(a)huawei.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240418061053.96803-2-guanrui.huang@linux.alibab… --- drivers/irqchip/irq-gic-v3-its.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index 2a537cb..5f7d3db 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -4567,13 +4567,8 @@ static int its_vpe_irq_domain_alloc(struct irq_domain *domain, unsigned int virq irqd_set_resend_when_in_progress(irq_get_irq_data(virq + i)); } - if (err) { - if (i > 0) - its_vpe_irq_domain_free(domain, virq, i); - - its_lpi_free(bitmap, base, nr_ids); - its_free_prop_table(vprop_page); - } + if (err) + its_vpe_irq_domain_free(domain, virq, i); return err; }

1 year, 4 months

1
0
0 0

stable-rc: 5.10: arm64: ring_buffer.c:1479:21: error: implicit declaration of function 'try_cmpxchg'

by Naresh Kamboju

The arm64 and arm builds are failing on stable-rc linux.5.10.y branch due to following build warnings / errors. Anders, build bisected and found first commit as, first bad commit: [9bf29b51d2bc21abdb8bd36382c1c324a1c54ca7] ring-buffer: Only update pages_touched when a new page is touched Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Build log: ----- kernel/trace/ring_buffer.c: In function 'rb_tail_page_update': kernel/trace/ring_buffer.c:1479:21: error: implicit declaration of function 'try_cmpxchg'; did you mean 'xa_cmpxchg'? [-Werror=implicit-function-declaration] 1479 | if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) | ^~~~~~~~~~~ | xa_cmpxchg cc1: some warnings being treated as errors Links: - https://storage.tuxsuite.com/public/linaro/lkft/builds/2fWFu97bCGW3ZYMbPsIp… - https://storage.tuxsuite.com/public/linaro/lkft/builds/2fWFuBOMDouq6VfImqR2… - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10… - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10… Meta data: git_repo: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc git_sha : 5feded50ee597a37f4778545a879337c2f72490d git_short_log : 5feded50ee59 ("Linux 5.10.216-rc1") arch: arm64 toolchain: gcc-12 Steps to reproduce: --- - https://storage.tuxsuite.com/public/linaro/lkft/builds/2fWFuBOMDouq6VfImqR2… -- Linaro LKFT https://lkft.linaro.org

1 year, 4 months

1
0
0 0

[PATCH -next] fbdev: savage: Handle err return when savagefb_check_var failed

by Cai Xinchen

The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero") checks the value of pixclock to avoid divide-by-zero error. However the function savagefb_probe doesn't handle the error return of savagefb_check_var. When pixclock is 0, it will cause divide-by-zero error. Fixes: 04e5eac8f3ab ("fbdev: savage: Error out if pixclock equals zero") Signed-off-by: Cai Xinchen <caixinchen1(a)huawei.com> Cc: stable(a)vger.kernel.org --- drivers/video/fbdev/savage/savagefb_driver.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/savage/savagefb_driver.c b/drivers/video/fbdev/savage/savagefb_driver.c index ebc9aeffdde7..ac41f8f37589 100644 --- a/drivers/video/fbdev/savage/savagefb_driver.c +++ b/drivers/video/fbdev/savage/savagefb_driver.c @@ -2276,7 +2276,10 @@ static int savagefb_probe(struct pci_dev *dev, const struct pci_device_id *id) if (info->var.xres_virtual > 0x1000) info->var.xres_virtual = 0x1000; #endif - savagefb_check_var(&info->var, info); + err = savagefb_check_var(&info->var, info); + if (err) + goto failed; + savagefb_set_fix(info); /* -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH v1] usb: typec: tcpm: clear pd_event queue in PORT_RESET

by RD Babiera

When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c26fb70c3ec6..6dcafbaf10a2 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else base-commit: 684e9f5f97eb4b7831298ffad140d5c1d426ff27 -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

2
1
0 0

[PATCH v1] usb: typec: tcpm: queue correct sop type in tcpm_queue_vdm_unlocked

by RD Babiera

tcpm_queue_vdm_unlocked queues VDMs over SOP regardless of input parameter tx_sop_type. Fix tcpm_queue_vdm() call. Fixes: 7e7877c55eb1 ("usb: typec: tcpm: add alt mode enter/exit/vdm support for sop'") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- Patch applies starting at 6.9 tree. --- drivers/usb/typec/tcpm/tcpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c26fb70c3ec6..3f38e7c7d13f 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1565,7 +1565,7 @@ static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { mutex_lock(&port->lock); - tcpm_queue_vdm(port, header, data, cnt, TCPC_TX_SOP); + tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock); } base-commit: 684e9f5f97eb4b7831298ffad140d5c1d426ff27 -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

2
1
0 0

[merged mm-hotfixes-stable] init-fix-allocated-page-overlapping-with-ptr_err.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: init: fix allocated page overlapping with PTR_ERR has been removed from the -mm tree. Its filename was init-fix-allocated-page-overlapping-with-ptr_err.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Nam Cao <namcao(a)linutronix.de> Subject: init: fix allocated page overlapping with PTR_ERR Date: Thu, 18 Apr 2024 12:29:43 +0200 There is nothing preventing kernel memory allocators from allocating a page that overlaps with PTR_ERR(), except for architecture-specific code that setup memblock. It was discovered that RISCV architecture doesn't setup memblock corectly, leading to a page overlapping with PTR_ERR() being allocated, and subsequently crashing the kernel (link in Close: ) The reported crash has nothing to do with PTR_ERR(): the last page (at address 0xfffff000) being allocated leads to an unexpected arithmetic overflow in ext4; but still, this page shouldn't be allocated in the first place. Because PTR_ERR() is an architecture-independent thing, we shouldn't ask every single architecture to set this up. There may be other architectures beside RISCV that have the same problem. Fix this once and for all by reserving the physical memory page that may be mapped to the last virtual memory page as part of low memory. Unfortunately, this means if there is actual memory at this reserved location, that memory will become inaccessible. However, if this page is not reserved, it can only be accessed as high memory, so this doesn't matter if high memory is not supported. Even if high memory is supported, it is still only one page. Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Link: https://lkml.kernel.org/r/20240418102943.180510-1-namcao@linutronix.de Signed-off-by: Nam Cao <namcao(a)linutronix.de> Reported-by: Bj��rn T��pel <bjorn(a)kernel.org> Tested-by: Bj��rn T��pel <bjorn(a)kernel.org> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Andreas Dilger <adilger(a)dilger.ca> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Changbin Du <changbin.du(a)huawei.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Krister Johansen <kjlx(a)templeofstupid.com> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: Stephen Rothwell <sfr(a)canb.auug.org.au> Cc: Tejun Heo <tj(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- init/main.c | 1 + 1 file changed, 1 insertion(+) --- a/init/main.c~init-fix-allocated-page-overlapping-with-ptr_err +++ a/init/main.c @@ -900,6 +900,7 @@ void start_kernel(void) page_address_init(); pr_notice("%s", linux_banner); early_security_init(); + memblock_reserve(__pa(-PAGE_SIZE), PAGE_SIZE); /* reserve last page for ERR_PTR */ setup_arch(&command_line); setup_boot_config(); setup_command_line(command_line); _ Patches currently in -mm which might be from namcao(a)linutronix.de are

1 year, 4 months

2
1
0 0

[merged mm-hotfixes-stable] mm-hugetlb-fix-debug_locks_warn_on1-when-dissolve_free_hugetlb_folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() has been removed from the -mm tree. Its filename was mm-hugetlb-fix-debug_locks_warn_on1-when-dissolve_free_hugetlb_folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Date: Fri, 19 Apr 2024 16:58:19 +0800 When I did memory failure tests recently, below warning occurs: DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0 Modules linked in: mce_inject hwpoison_inject CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__lock_acquire+0xccb/0x1ca0 RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0 RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10 R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004 FS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0 Call Trace: <TASK> lock_acquire+0xbe/0x2d0 _raw_spin_lock_irqsave+0x3a/0x60 hugepage_subpool_put_pages.part.0+0xe/0xc0 free_huge_folio+0x253/0x3f0 dissolve_free_huge_page+0x147/0x210 __page_handle_poison+0x9/0x70 memory_failure+0x4e6/0x8c0 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xbc/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff9f3114887 RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887 RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001 RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> panic+0x326/0x350 check_panic_on_warn+0x4f/0x50 __warn+0x98/0x190 report_bug+0x18e/0x1a0 handle_bug+0x3d/0x70 exc_invalid_op+0x18/0x70 asm_exc_invalid_op+0x1a/0x20 RIP: 0010:__lock_acquire+0xccb/0x1ca0 RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0 RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10 R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004 lock_acquire+0xbe/0x2d0 _raw_spin_lock_irqsave+0x3a/0x60 hugepage_subpool_put_pages.part.0+0xe/0xc0 free_huge_folio+0x253/0x3f0 dissolve_free_huge_page+0x147/0x210 __page_handle_poison+0x9/0x70 memory_failure+0x4e6/0x8c0 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xbc/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff9f3114887 RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887 RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001 RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00 </TASK> After git bisecting and digging into the code, I believe the root cause is that _deferred_list field of folio is unioned with _hugetlb_subpool field. In __update_and_free_hugetlb_folio(), folio->_deferred_list is initialized leading to corrupted folio->_hugetlb_subpool when folio is hugetlb. Later free_huge_folio() will use _hugetlb_subpool and above warning happens. But it is assumed hugetlb flag must have been cleared when calling folio_put() in update_and_free_hugetlb_folio(). This assumption is broken due to below race: CPU1 CPU2 dissolve_free_huge_page update_and_free_pages_bulk update_and_free_hugetlb_folio hugetlb_vmemmap_restore_folios folio_clear_hugetlb_vmemmap_optimized clear_flag = folio_test_hugetlb_vmemmap_optimized if (clear_flag) <-- False, it's already cleared. __folio_clear_hugetlb(folio) <-- Hugetlb is not cleared. folio_put free_huge_folio <-- free_the_page is expected. list_for_each_entry() __folio_clear_hugetlb <-- Too late. Fix this issue by checking whether folio is hugetlb directly instead of checking clear_flag to close the race window. Link: https://lkml.kernel.org/r/20240419085819.1901645-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-debug_locks_warn_on1-when-dissolve_free_hugetlb_folio +++ a/mm/hugetlb.c @@ -1781,7 +1781,7 @@ static void __update_and_free_hugetlb_fo * If vmemmap pages were allocated above, then we need to clear the * hugetlb destructor under the hugetlb lock. */ - if (clear_dtor) { + if (folio_test_hugetlb(folio)) { spin_lock_irq(&hugetlb_lock); __clear_hugetlb_destructor(h, folio); spin_unlock_irq(&hugetlb_lock); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

1 year, 4 months

1
0
0 0

[merged mm-hotfixes-stable] stackdepot-respect-__gfp_nolockdep-allocation-flag.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: stackdepot: respect __GFP_NOLOCKDEP allocation flag has been removed from the -mm tree. Its filename was stackdepot-respect-__gfp_nolockdep-allocation-flag.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Subject: stackdepot: respect __GFP_NOLOCKDEP allocation flag Date: Thu, 18 Apr 2024 16:11:33 +0200 If stack_depot_save_flags() allocates memory it always drops __GFP_NOLOCKDEP flag. So when KASAN tries to track __GFP_NOLOCKDEP allocation we may end up with lockdep splat like bellow: ====================================================== WARNING: possible circular locking dependency detected 6.9.0-rc3+ #49 Not tainted ------------------------------------------------------ kswapd0/149 is trying to acquire lock: ffff88811346a920 (&xfs_nondir_ilock_class){++++}-{4:4}, at: xfs_reclaim_inode+0x3ac/0x590 [xfs] but task is already holding lock: ffffffff8bb33100 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x5d9/0xad0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (fs_reclaim){+.+.}-{0:0}: __lock_acquire+0x7da/0x1030 lock_acquire+0x15d/0x400 fs_reclaim_acquire+0xb5/0x100 prepare_alloc_pages.constprop.0+0xc5/0x230 __alloc_pages+0x12a/0x3f0 alloc_pages_mpol+0x175/0x340 stack_depot_save_flags+0x4c5/0x510 kasan_save_stack+0x30/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x83/0x90 kmem_cache_alloc+0x15e/0x4a0 __alloc_object+0x35/0x370 __create_object+0x22/0x90 __kmalloc_node_track_caller+0x477/0x5b0 krealloc+0x5f/0x110 xfs_iext_insert_raw+0x4b2/0x6e0 [xfs] xfs_iext_insert+0x2e/0x130 [xfs] xfs_iread_bmbt_block+0x1a9/0x4d0 [xfs] xfs_btree_visit_block+0xfb/0x290 [xfs] xfs_btree_visit_blocks+0x215/0x2c0 [xfs] xfs_iread_extents+0x1a2/0x2e0 [xfs] xfs_buffered_write_iomap_begin+0x376/0x10a0 [xfs] iomap_iter+0x1d1/0x2d0 iomap_file_buffered_write+0x120/0x1a0 xfs_file_buffered_write+0x128/0x4b0 [xfs] vfs_write+0x675/0x890 ksys_write+0xc3/0x160 do_syscall_64+0x94/0x170 entry_SYSCALL_64_after_hwframe+0x71/0x79 Always preserve __GFP_NOLOCKDEP to fix this. Link: https://lkml.kernel.org/r/20240418141133.22950-1-ryabinin.a.a@gmail.com Fixes: cd11016e5f52 ("mm, kasan: stackdepot implementation. Enable stackdepot for SLAB") Signed-off-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Reported-by: Xiubo Li <xiubli(a)redhat.com> Closes: https://lore.kernel.org/all/a0caa289-ca02-48eb-9bf2-d86fd47b71f4@redhat.com/ Reported-by: Damien Le Moal <damien.lemoal(a)opensource.wdc.com> Closes: https://lore.kernel.org/all/f9ff999a-e170-b66b-7caf-293f2b147ac2@opensource… Suggested-by: Dave Chinner <david(a)fromorbit.com> Tested-by: Xiubo Li <xiubli(a)redhat.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Alexander Potapenko <glider(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/stackdepot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/lib/stackdepot.c~stackdepot-respect-__gfp_nolockdep-allocation-flag +++ a/lib/stackdepot.c @@ -627,10 +627,10 @@ depot_stack_handle_t stack_depot_save_fl /* * Zero out zone modifiers, as we don't have specific zone * requirements. Keep the flags related to allocation in atomic - * contexts and I/O. + * contexts, I/O, nolockdep. */ alloc_flags &= ~GFP_ZONEMASK; - alloc_flags &= (GFP_ATOMIC | GFP_KERNEL); + alloc_flags &= (GFP_ATOMIC | GFP_KERNEL | __GFP_NOLOCKDEP); alloc_flags |= __GFP_NOWARN; page = alloc_pages(alloc_flags, DEPOT_POOL_ORDER); if (page) _ Patches currently in -mm which might be from ryabinin.a.a(a)gmail.com are

1 year, 4 months

1
0
0 0

[merged mm-hotfixes-stable] hugetlb-check-for-anon_vma-prior-to-folio-allocation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: hugetlb: check for anon_vma prior to folio allocation has been removed from the -mm tree. Its filename was hugetlb-check-for-anon_vma-prior-to-folio-allocation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: hugetlb: check for anon_vma prior to folio allocation Date: Mon, 15 Apr 2024 14:17:47 -0700 Commit 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") may bailout after allocating a folio if we do not hold the mmap lock. When this occurs, vmf_anon_prepare() will release the vma lock. Hugetlb then attempts to call restore_reserve_on_error(), which depends on the vma lock being held. We can move vmf_anon_prepare() prior to the folio allocation in order to avoid calling restore_reserve_on_error() without the vma lock. Link: https://lkml.kernel.org/r/ZiFqSrSRLhIV91og@fedora Fixes: 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") Reported-by: syzbot+ad1b592fc4483655438b(a)syzkaller.appspotmail.com Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/mm/hugetlb.c~hugetlb-check-for-anon_vma-prior-to-folio-allocation +++ a/mm/hugetlb.c @@ -6261,6 +6261,12 @@ static vm_fault_t hugetlb_no_page(struct VM_UFFD_MISSING); } + if (!(vma->vm_flags & VM_MAYSHARE)) { + ret = vmf_anon_prepare(vmf); + if (unlikely(ret)) + goto out; + } + folio = alloc_hugetlb_folio(vma, haddr, 0); if (IS_ERR(folio)) { /* @@ -6297,15 +6303,12 @@ static vm_fault_t hugetlb_no_page(struct */ restore_reserve_on_error(h, vma, haddr, folio); folio_put(folio); + ret = VM_FAULT_SIGBUS; goto out; } new_pagecache_folio = true; } else { folio_lock(folio); - - ret = vmf_anon_prepare(vmf); - if (unlikely(ret)) - goto backout_unlocked; anon_rmap = 1; } } else { _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are hugetlb-convert-hugetlb_fault-to-use-struct-vm_fault.patch hugetlb-convert-hugetlb_no_page-to-use-struct-vm_fault.patch hugetlb-convert-hugetlb_no_page-to-use-struct-vm_fault-fix.patch hugetlb-convert-hugetlb_wp-to-use-struct-vm_fault.patch hugetlb-convert-hugetlb_wp-to-use-struct-vm_fault-fix.patch

1 year, 4 months

1
0
0 0

[merged mm-hotfixes-stable] mm-zswap-fix-shrinker-null-crash-with-cgroup_disable=memory.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory has been removed from the -mm tree. Its filename was mm-zswap-fix-shrinker-null-crash-with-cgroup_disable=memory.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Date: Thu, 18 Apr 2024 08:26:28 -0400 Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252 Link: https://lkml.kernel.org/r/20240418124043.GC1055428@cmpxchg.org Link: https://lkml.kernel.org/r/20240417143324.GA1055428@cmpxchg.org Fixes: b5ba474f3f51 ("zswap: shrink zswap pool based on memory pressure") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Christian Heusel <christian(a)heusel.eu> Debugged-by: Nhat Pham <nphamcs(a)gmail.com> Suggested-by: Nhat Pham <nphamcs(a)gmail.com> Tested-by: Christian Heusel <christian(a)heusel.eu> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Richard W.M. Jones <rjones(a)redhat.com> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Vitaly Wool <vitaly.wool(a)konsulko.com> Cc: <stable(a)vger.kernel.org> [v6.8] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) --- a/mm/zswap.c~mm-zswap-fix-shrinker-null-crash-with-cgroup_disable=memory +++ a/mm/zswap.c @@ -1331,15 +1331,22 @@ static unsigned long zswap_shrinker_coun if (!gfp_has_io_fs(sc->gfp_mask)) return 0; -#ifdef CONFIG_MEMCG_KMEM - mem_cgroup_flush_stats(memcg); - nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; - nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); -#else - /* use pool stats instead of memcg stats */ - nr_backing = zswap_pool_total_size >> PAGE_SHIFT; - nr_stored = atomic_read(&zswap_nr_stored); -#endif + /* + * For memcg, use the cgroup-wide ZSWAP stats since we don't + * have them per-node and thus per-lruvec. Careful if memcg is + * runtime-disabled: we can get sc->memcg == NULL, which is ok + * for the lruvec, but not for memcg_page_state(). + * + * Without memcg, use the zswap pool-wide metrics. + */ + if (!mem_cgroup_disabled()) { + mem_cgroup_flush_stats(memcg); + nr_backing = memcg_page_state(memcg, MEMCG_ZSWAP_B) >> PAGE_SHIFT; + nr_stored = memcg_page_state(memcg, MEMCG_ZSWAPPED); + } else { + nr_backing = zswap_pool_total_size >> PAGE_SHIFT; + nr_stored = atomic_read(&zswap_nr_stored); + } if (!nr_stored) return 0; _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-zswap-optimize-zswap-pool-size-tracking.patch mm-zpool-return-pool-size-in-pages.patch mm-page_alloc-remove-pcppage-migratetype-caching.patch mm-page_alloc-optimize-free_unref_folios.patch mm-page_alloc-fix-up-block-types-when-merging-compatible-blocks.patch mm-page_alloc-move-free-pages-when-converting-block-during-isolation.patch mm-page_alloc-fix-move_freepages_block-range-error.patch mm-page_alloc-fix-freelist-movement-during-block-conversion.patch mm-page_alloc-close-migratetype-race-between-freeing-and-stealing.patch mm-page_isolation-prepare-for-hygienic-freelists.patch mm-page_isolation-prepare-for-hygienic-freelists-fix.patch mm-page_alloc-consolidate-free-page-accounting.patch mm-page_alloc-consolidate-free-page-accounting-fix.patch mm-page_alloc-consolidate-free-page-accounting-fix-2.patch mm-page_alloc-batch-vmstat-updates-in-expand.patch

1 year, 4 months

1
0
0 0

[merged mm-hotfixes-stable] mm-turn-folio_test_hugetlb-into-a-pagetype.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: turn folio_test_hugetlb into a PageType has been removed from the -mm tree. Its filename was mm-turn-folio_test_hugetlb-into-a-pagetype.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: mm: turn folio_test_hugetlb into a PageType Date: Thu, 21 Mar 2024 14:24:43 +0000 The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a refcount on it, but we have a few places (memory-failure, compaction, procfs) which do not and should not take a speculative reference. Since hugetlb pages do not use individual page mapcounts (they are always fully mapped and use the entire_mapcount field to record the number of mappings), the PageType field is available now that page_mapcount() ignores the value in this field. In compaction and with CONFIG_DEBUG_VM enabled, the current implementation can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") effectively added some VM_BUG_ON() checks in the PageHuge() testing path. [willy(a)infradead.org: update vmcoreinfo] Link: https://lkml.kernel.org/r/ZgGZUvsdhaT1Va-T@casper.infradead.org Link: https://lkml.kernel.org/r/20240321142448.1645400-6-willy@infradead.org Fixes: 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Luis Chamberlain <mcgrof(a)kernel.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218227 Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/page-flags.h | 70 ++++++++++++++----------------- include/trace/events/mmflags.h | 1 kernel/vmcore_info.c | 5 -- mm/hugetlb.c | 22 +-------- 4 files changed, 39 insertions(+), 59 deletions(-) --- a/include/linux/page-flags.h~mm-turn-folio_test_hugetlb-into-a-pagetype +++ a/include/linux/page-flags.h @@ -190,7 +190,6 @@ enum pageflags { /* At least one page in this folio has the hwpoison flag set */ PG_has_hwpoisoned = PG_error, - PG_hugetlb = PG_active, PG_large_rmappable = PG_workingset, /* anon or file-backed */ }; @@ -876,29 +875,6 @@ TESTPAGEFLAG_FALSE(LargeRmappable, large #define PG_head_mask ((1UL << PG_head)) -#ifdef CONFIG_HUGETLB_PAGE -int PageHuge(const struct page *page); -SETPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) -CLEARPAGEFLAG(HugeTLB, hugetlb, PF_SECOND) - -/** - * folio_test_hugetlb - Determine if the folio belongs to hugetlbfs - * @folio: The folio to test. - * - * Context: Any context. Caller should have a reference on the folio to - * prevent it from being turned into a tail page. - * Return: True for hugetlbfs folios, false for anon folios or folios - * belonging to other filesystems. - */ -static inline bool folio_test_hugetlb(const struct folio *folio) -{ - return folio_test_large(folio) && - test_bit(PG_hugetlb, const_folio_flags(folio, 1)); -} -#else -TESTPAGEFLAG_FALSE(Huge, hugetlb) -#endif - #ifdef CONFIG_TRANSPARENT_HUGEPAGE /* * PageHuge() only returns true for hugetlbfs pages, but not for @@ -955,18 +931,6 @@ PAGEFLAG_FALSE(HasHWPoisoned, has_hwpois #endif /* - * Check if a page is currently marked HWPoisoned. Note that this check is - * best effort only and inherently racy: there is no way to synchronize with - * failing hardware. - */ -static inline bool is_page_hwpoison(struct page *page) -{ - if (PageHWPoison(page)) - return true; - return PageHuge(page) && PageHWPoison(compound_head(page)); -} - -/* * For pages that are never mapped to userspace (and aren't PageSlab), * page_type may be used. Because it is initialised to -1, we invert the * sense of the bit, so __SetPageFoo *clears* the bit used for PageFoo, and @@ -982,6 +946,7 @@ static inline bool is_page_hwpoison(stru #define PG_offline 0x00000100 #define PG_table 0x00000200 #define PG_guard 0x00000400 +#define PG_hugetlb 0x00000800 #define PageType(page, flag) \ ((page->page_type & (PAGE_TYPE_BASE | flag)) == PAGE_TYPE_BASE) @@ -1076,6 +1041,37 @@ PAGE_TYPE_OPS(Table, table, pgtable) */ PAGE_TYPE_OPS(Guard, guard, guard) +#ifdef CONFIG_HUGETLB_PAGE +FOLIO_TYPE_OPS(hugetlb, hugetlb) +#else +FOLIO_TEST_FLAG_FALSE(hugetlb) +#endif + +/** + * PageHuge - Determine if the page belongs to hugetlbfs + * @page: The page to test. + * + * Context: Any context. + * Return: True for hugetlbfs pages, false for anon pages or pages + * belonging to other filesystems. + */ +static inline bool PageHuge(const struct page *page) +{ + return folio_test_hugetlb(page_folio(page)); +} + +/* + * Check if a page is currently marked HWPoisoned. Note that this check is + * best effort only and inherently racy: there is no way to synchronize with + * failing hardware. + */ +static inline bool is_page_hwpoison(struct page *page) +{ + if (PageHWPoison(page)) + return true; + return PageHuge(page) && PageHWPoison(compound_head(page)); +} + extern bool is_free_buddy_page(struct page *page); PAGEFLAG(Isolated, isolated, PF_ANY); @@ -1142,7 +1138,7 @@ static __always_inline void __ClearPageA */ #define PAGE_FLAGS_SECOND \ (0xffUL /* order */ | 1UL << PG_has_hwpoisoned | \ - 1UL << PG_hugetlb | 1UL << PG_large_rmappable) + 1UL << PG_large_rmappable) #define PAGE_FLAGS_PRIVATE \ (1UL << PG_private | 1UL << PG_private_2) --- a/include/trace/events/mmflags.h~mm-turn-folio_test_hugetlb-into-a-pagetype +++ a/include/trace/events/mmflags.h @@ -135,6 +135,7 @@ IF_HAVE_PG_ARCH_X(arch_3) #define DEF_PAGETYPE_NAME(_name) { PG_##_name, __stringify(_name) } #define __def_pagetype_names \ + DEF_PAGETYPE_NAME(hugetlb), \ DEF_PAGETYPE_NAME(offline), \ DEF_PAGETYPE_NAME(guard), \ DEF_PAGETYPE_NAME(table), \ --- a/kernel/vmcore_info.c~mm-turn-folio_test_hugetlb-into-a-pagetype +++ a/kernel/vmcore_info.c @@ -205,11 +205,10 @@ static int __init crash_save_vmcoreinfo_ VMCOREINFO_NUMBER(PG_head_mask); #define PAGE_BUDDY_MAPCOUNT_VALUE (~PG_buddy) VMCOREINFO_NUMBER(PAGE_BUDDY_MAPCOUNT_VALUE); -#ifdef CONFIG_HUGETLB_PAGE - VMCOREINFO_NUMBER(PG_hugetlb); +#define PAGE_HUGETLB_MAPCOUNT_VALUE (~PG_hugetlb) + VMCOREINFO_NUMBER(PAGE_HUGETLB_MAPCOUNT_VALUE); #define PAGE_OFFLINE_MAPCOUNT_VALUE (~PG_offline) VMCOREINFO_NUMBER(PAGE_OFFLINE_MAPCOUNT_VALUE); -#endif #ifdef CONFIG_KALLSYMS VMCOREINFO_SYMBOL(kallsyms_names); --- a/mm/hugetlb.c~mm-turn-folio_test_hugetlb-into-a-pagetype +++ a/mm/hugetlb.c @@ -1624,7 +1624,7 @@ static inline void __clear_hugetlb_destr { lockdep_assert_held(&hugetlb_lock); - folio_clear_hugetlb(folio); + __folio_clear_hugetlb(folio); } /* @@ -1711,7 +1711,7 @@ static void add_hugetlb_folio(struct hst h->surplus_huge_pages_node[nid]++; } - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); folio_change_private(folio, NULL); /* * We have to set hugetlb_vmemmap_optimized again as above @@ -2049,7 +2049,7 @@ static void __prep_account_new_huge_page static void init_new_hugetlb_folio(struct hstate *h, struct folio *folio) { - folio_set_hugetlb(folio); + __folio_set_hugetlb(folio); INIT_LIST_HEAD(&folio->lru); hugetlb_set_folio_subpool(folio, NULL); set_hugetlb_cgroup(folio, NULL); @@ -2160,22 +2160,6 @@ static bool prep_compound_gigantic_folio } /* - * PageHuge() only returns true for hugetlbfs pages, but not for normal or - * transparent huge pages. See the PageTransHuge() documentation for more - * details. - */ -int PageHuge(const struct page *page) -{ - const struct folio *folio; - - if (!PageCompound(page)) - return 0; - folio = page_folio(page); - return folio_test_hugetlb(folio); -} -EXPORT_SYMBOL_GPL(PageHuge); - -/* * Find and lock address space (mapping) in write mode. * * Upon entry, the page is locked which means that page_mapping() is _ Patches currently in -mm which might be from willy(a)infradead.org are mm-always-initialise-folio-_deferred_list.patch mm-remove-folio_prep_large_rmappable.patch mm-remove-a-call-to-compound_head-from-is_page_hwpoison.patch mm-free-up-pg_slab.patch mm-free-up-pg_slab-fix.patch mm-improve-dumping-of-mapcount-and-page_type.patch hugetlb-remove-mention-of-destructors.patch sh-remove-use-of-pg_arch_1-on-individual-pages.patch xtensa-remove-uses-of-pg_arch_1-on-individual-pages.patch mm-make-page_ext_get-take-a-const-argument.patch mm-make-folio_test_idle-and-folio_test_young-take-a-const-argument.patch mm-make-is_free_buddy_page-take-a-const-argument.patch mm-make-page_mapped-take-a-const-argument.patch mm-convert-arch_clear_hugepage_flags-to-take-a-folio.patch mm-convert-arch_clear_hugepage_flags-to-take-a-folio-fix.patch slub-remove-use-of-page-flags.patch remove-references-to-page-flags-in-documentation.patch proc-rewrite-stable_page_flags.patch proc-rewrite-stable_page_flags-fix.patch proc-rewrite-stable_page_flags-fix-2.patch sparc-use-is_huge_zero_pmd.patch mm-add-is_huge_zero_folio.patch mm-add-pmd_folio.patch mm-convert-migrate_vma_collect_pmd-to-use-a-folio.patch mm-convert-huge_zero_page-to-huge_zero_folio.patch mm-convert-do_huge_pmd_anonymous_page-to-huge_zero_folio.patch dax-use-huge_zero_folio.patch mm-rename-mm_put_huge_zero_page-to-mm_put_huge_zero_folio.patch mm-use-rwsem-assertion-macros-for-mmap_lock.patch filemap-remove-__set_page_dirty.patch mm-correct-page_mapped_in_vma-for-large-folios.patch mm-remove-vma_address.patch mm-rename-vma_pgoff_address-back-to-vma_address.patch khugepaged-inline-hpage_collapse_alloc_folio.patch khugepaged-convert-alloc_charge_hpage-to-alloc_charge_folio.patch khugepaged-remove-hpage-from-collapse_huge_page.patch khugepaged-pass-a-folio-to-__collapse_huge_page_copy.patch khugepaged-remove-hpage-from-collapse_file.patch khugepaged-use-a-folio-throughout-collapse_file.patch khugepaged-use-a-folio-throughout-collapse_file-fix.patch khugepaged-use-a-folio-throughout-hpage_collapse_scan_file.patch proc-convert-clear_refs_pte_range-to-use-a-folio.patch proc-convert-smaps_account-to-use-a-folio.patch mm-remove-page_idle-and-page_young-wrappers.patch mm-generate-page_idle_flag-definitions.patch proc-convert-gather_stats-to-use-a-folio.patch proc-convert-smaps_page_accumulate-to-use-a-folio.patch proc-pass-a-folio-to-smaps_page_accumulate.patch proc-convert-smaps_pmd_entry-to-use-a-folio.patch mm-remove-struct-page-from-get_shadow_from_swap_cache.patch hugetlb-convert-alloc_buddy_hugetlb_folio-to-use-a-folio.patch mm-convert-pagecache_isize_extended-to-use-a-folio.patch mm-free-non-hugetlb-large-folios-in-a-batch.patch mm-combine-free_the_page-and-free_unref_page.patch mm-inline-destroy_large_folio-into-__folio_put_large.patch mm-combine-__folio_put_small-__folio_put_large-and-__folio_put.patch mm-convert-free_zone_device_page-to-free_zone_device_folio.patch doc-improve-the-description-of-__folio_mark_dirty.patch buffer-add-kernel-doc-for-block_dirty_folio.patch buffer-add-kernel-doc-for-try_to_free_buffers.patch buffer-fix-__bread-and-__bread_gfp-kernel-doc.patch buffer-add-kernel-doc-for-brelse-and-__brelse.patch buffer-add-kernel-doc-for-bforget-and-__bforget.patch buffer-improve-bdev_getblk-documentation.patch doc-split-bufferrst-out-of-api-summaryrst.patch doc-split-bufferrst-out-of-api-summaryrst-fix.patch mm-memory-failure-remove-fsdax_pgoff-argument-from-__add_to_kill.patch mm-memory-failure-pass-addr-to-__add_to_kill.patch mm-return-the-address-from-page_mapped_in_vma.patch mm-make-page_mapped_in_vma-conditional-on-config_memory_failure.patch mm-memory-failure-convert-shake_page-to-shake_folio.patch mm-convert-hugetlb_page_mapping_lock_write-to-folio.patch mm-memory-failure-convert-memory_failure-to-use-a-folio.patch mm-memory-failure-convert-hwpoison_user_mappings-to-take-a-folio.patch mm-memory-failure-add-some-folio-conversions-to-unpoison_memory.patch mm-memory-failure-use-folio-functions-throughout-collect_procs.patch mm-memory-failure-pass-the-folio-to-collect_procs_ksm.patch fscrypt-convert-bh_get_inode_and_lblk_num-to-use-a-folio.patch f2fs-convert-f2fs_clear_page_cache_dirty_tag-to-use-a-folio.patch memory-failure-remove-calls-to-page_mapping.patch migrate-expand-the-use-of-folio-in-__migrate_device_pages.patch userfault-expand-folio-use-in-mfill_atomic_install_pte.patch mm-remove-page_mapping.patch mm-remove-page_cache_alloc.patch mm-remove-put_devmap_managed_page.patch mm-convert-put_devmap_managed_page_refs-to-put_devmap_managed_folio_refs.patch mm-remove-page_ref_sub_return.patch gup-use-folios-for-gup_devmap.patch mm-add-kernel-doc-for-folio_mark_accessed.patch mm-remove-pagereferenced.patch

1 year, 4 months

1
0
0 0

[merged mm-hotfixes-stable] mm-support-page_mapcount-on-page_has_type-pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: support page_mapcount() on page_has_type() pages has been removed from the -mm tree. Its filename was mm-support-page_mapcount-on-page_has_type-pages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: mm: support page_mapcount() on page_has_type() pages Date: Thu, 21 Mar 2024 14:24:42 +0000 Return 0 for pages which can't be mapped. This matches how page_mapped() works. It is more convenient for users to not have to filter out these pages. Link: https://lkml.kernel.org/r/20240321142448.1645400-5-willy@infradead.org Fixes: 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/page.c | 7 ++----- include/linux/mm.h | 8 +++++--- include/linux/page-flags.h | 4 ++-- 3 files changed, 9 insertions(+), 10 deletions(-) --- a/fs/proc/page.c~mm-support-page_mapcount-on-page_has_type-pages +++ a/fs/proc/page.c @@ -67,7 +67,7 @@ static ssize_t kpagecount_read(struct fi */ ppage = pfn_to_online_page(pfn); - if (!ppage || PageSlab(ppage) || page_has_type(ppage)) + if (!ppage) pcount = 0; else pcount = page_mapcount(ppage); @@ -124,11 +124,8 @@ u64 stable_page_flags(struct page *page) /* * pseudo flags for the well known (anonymous) memory mapped pages - * - * Note that page->_mapcount is overloaded in SLAB, so the - * simple test in page_mapped() is not enough. */ - if (!PageSlab(page) && page_mapped(page)) + if (page_mapped(page)) u |= 1 << KPF_MMAP; if (PageAnon(page)) u |= 1 << KPF_ANON; --- a/include/linux/mm.h~mm-support-page_mapcount-on-page_has_type-pages +++ a/include/linux/mm.h @@ -1223,14 +1223,16 @@ static inline void page_mapcount_reset(s * a large folio, it includes the number of times this page is mapped * as part of that folio. * - * The result is undefined for pages which cannot be mapped into userspace. - * For example SLAB or special types of pages. See function page_has_type(). - * They use this field in struct page differently. + * Will report 0 for pages which cannot be mapped into userspace, eg + * slab, page tables and similar. */ static inline int page_mapcount(struct page *page) { int mapcount = atomic_read(&page->_mapcount) + 1; + /* Handle page_has_type() pages */ + if (mapcount < 0) + mapcount = 0; if (unlikely(PageCompound(page))) mapcount += folio_entire_mapcount(page_folio(page)); --- a/include/linux/page-flags.h~mm-support-page_mapcount-on-page_has_type-pages +++ a/include/linux/page-flags.h @@ -971,12 +971,12 @@ static inline bool is_page_hwpoison(stru * page_type may be used. Because it is initialised to -1, we invert the * sense of the bit, so __SetPageFoo *clears* the bit used for PageFoo, and * __ClearPageFoo *sets* the bit used for PageFoo. We reserve a few high and - * low bits so that an underflow or overflow of page_mapcount() won't be + * low bits so that an underflow or overflow of _mapcount won't be * mistaken for a page type value. */ #define PAGE_TYPE_BASE 0xf0000000 -/* Reserve 0x0000007f to catch underflows of page_mapcount */ +/* Reserve 0x0000007f to catch underflows of _mapcount */ #define PAGE_MAPCOUNT_RESERVE -128 #define PG_buddy 0x00000080 #define PG_offline 0x00000100 _ Patches currently in -mm which might be from willy(a)infradead.org are mm-always-initialise-folio-_deferred_list.patch mm-remove-folio_prep_large_rmappable.patch mm-remove-a-call-to-compound_head-from-is_page_hwpoison.patch mm-free-up-pg_slab.patch mm-free-up-pg_slab-fix.patch mm-improve-dumping-of-mapcount-and-page_type.patch hugetlb-remove-mention-of-destructors.patch sh-remove-use-of-pg_arch_1-on-individual-pages.patch xtensa-remove-uses-of-pg_arch_1-on-individual-pages.patch mm-make-page_ext_get-take-a-const-argument.patch mm-make-folio_test_idle-and-folio_test_young-take-a-const-argument.patch mm-make-is_free_buddy_page-take-a-const-argument.patch mm-make-page_mapped-take-a-const-argument.patch mm-convert-arch_clear_hugepage_flags-to-take-a-folio.patch mm-convert-arch_clear_hugepage_flags-to-take-a-folio-fix.patch slub-remove-use-of-page-flags.patch remove-references-to-page-flags-in-documentation.patch proc-rewrite-stable_page_flags.patch proc-rewrite-stable_page_flags-fix.patch proc-rewrite-stable_page_flags-fix-2.patch sparc-use-is_huge_zero_pmd.patch mm-add-is_huge_zero_folio.patch mm-add-pmd_folio.patch mm-convert-migrate_vma_collect_pmd-to-use-a-folio.patch mm-convert-huge_zero_page-to-huge_zero_folio.patch mm-convert-do_huge_pmd_anonymous_page-to-huge_zero_folio.patch dax-use-huge_zero_folio.patch mm-rename-mm_put_huge_zero_page-to-mm_put_huge_zero_folio.patch mm-use-rwsem-assertion-macros-for-mmap_lock.patch filemap-remove-__set_page_dirty.patch mm-correct-page_mapped_in_vma-for-large-folios.patch mm-remove-vma_address.patch mm-rename-vma_pgoff_address-back-to-vma_address.patch khugepaged-inline-hpage_collapse_alloc_folio.patch khugepaged-convert-alloc_charge_hpage-to-alloc_charge_folio.patch khugepaged-remove-hpage-from-collapse_huge_page.patch khugepaged-pass-a-folio-to-__collapse_huge_page_copy.patch khugepaged-remove-hpage-from-collapse_file.patch khugepaged-use-a-folio-throughout-collapse_file.patch khugepaged-use-a-folio-throughout-collapse_file-fix.patch khugepaged-use-a-folio-throughout-hpage_collapse_scan_file.patch proc-convert-clear_refs_pte_range-to-use-a-folio.patch proc-convert-smaps_account-to-use-a-folio.patch mm-remove-page_idle-and-page_young-wrappers.patch mm-generate-page_idle_flag-definitions.patch proc-convert-gather_stats-to-use-a-folio.patch proc-convert-smaps_page_accumulate-to-use-a-folio.patch proc-pass-a-folio-to-smaps_page_accumulate.patch proc-convert-smaps_pmd_entry-to-use-a-folio.patch mm-remove-struct-page-from-get_shadow_from_swap_cache.patch hugetlb-convert-alloc_buddy_hugetlb_folio-to-use-a-folio.patch mm-convert-pagecache_isize_extended-to-use-a-folio.patch mm-free-non-hugetlb-large-folios-in-a-batch.patch mm-combine-free_the_page-and-free_unref_page.patch mm-inline-destroy_large_folio-into-__folio_put_large.patch mm-combine-__folio_put_small-__folio_put_large-and-__folio_put.patch mm-convert-free_zone_device_page-to-free_zone_device_folio.patch doc-improve-the-description-of-__folio_mark_dirty.patch buffer-add-kernel-doc-for-block_dirty_folio.patch buffer-add-kernel-doc-for-try_to_free_buffers.patch buffer-fix-__bread-and-__bread_gfp-kernel-doc.patch buffer-add-kernel-doc-for-brelse-and-__brelse.patch buffer-add-kernel-doc-for-bforget-and-__bforget.patch buffer-improve-bdev_getblk-documentation.patch doc-split-bufferrst-out-of-api-summaryrst.patch doc-split-bufferrst-out-of-api-summaryrst-fix.patch mm-memory-failure-remove-fsdax_pgoff-argument-from-__add_to_kill.patch mm-memory-failure-pass-addr-to-__add_to_kill.patch mm-return-the-address-from-page_mapped_in_vma.patch mm-make-page_mapped_in_vma-conditional-on-config_memory_failure.patch mm-memory-failure-convert-shake_page-to-shake_folio.patch mm-convert-hugetlb_page_mapping_lock_write-to-folio.patch mm-memory-failure-convert-memory_failure-to-use-a-folio.patch mm-memory-failure-convert-hwpoison_user_mappings-to-take-a-folio.patch mm-memory-failure-add-some-folio-conversions-to-unpoison_memory.patch mm-memory-failure-use-folio-functions-throughout-collect_procs.patch mm-memory-failure-pass-the-folio-to-collect_procs_ksm.patch fscrypt-convert-bh_get_inode_and_lblk_num-to-use-a-folio.patch f2fs-convert-f2fs_clear_page_cache_dirty_tag-to-use-a-folio.patch memory-failure-remove-calls-to-page_mapping.patch migrate-expand-the-use-of-folio-in-__migrate_device_pages.patch userfault-expand-folio-use-in-mfill_atomic_install_pte.patch mm-remove-page_mapping.patch mm-remove-page_cache_alloc.patch mm-remove-put_devmap_managed_page.patch mm-convert-put_devmap_managed_page_refs-to-put_devmap_managed_folio_refs.patch mm-remove-page_ref_sub_return.patch gup-use-folios-for-gup_devmap.patch mm-add-kernel-doc-for-folio_mark_accessed.patch mm-remove-pagereferenced.patch

1 year, 4 months

1
0
0 0

[merged mm-hotfixes-stable] mm-create-folio_flag_false-and-folio_type_ops-macros.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: create FOLIO_FLAG_FALSE and FOLIO_TYPE_OPS macros has been removed from the -mm tree. Its filename was mm-create-folio_flag_false-and-folio_type_ops-macros.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: mm: create FOLIO_FLAG_FALSE and FOLIO_TYPE_OPS macros Date: Thu, 21 Mar 2024 14:24:40 +0000 Following the separation of FOLIO_FLAGS from PAGEFLAGS, separate FOLIO_FLAG_FALSE from PAGEFLAG_FALSE and FOLIO_TYPE_OPS from PAGE_TYPE_OPS. Link: https://lkml.kernel.org/r/20240321142448.1645400-3-willy@infradead.org Fixes: 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/page-flags.h | 70 +++++++++++++++++++++++------------ 1 file changed, 47 insertions(+), 23 deletions(-) --- a/include/linux/page-flags.h~mm-create-folio_flag_false-and-folio_type_ops-macros +++ a/include/linux/page-flags.h @@ -458,30 +458,51 @@ static __always_inline int TestClearPage TESTSETFLAG(uname, lname, policy) \ TESTCLEARFLAG(uname, lname, policy) +#define FOLIO_TEST_FLAG_FALSE(name) \ +static inline bool folio_test_##name(const struct folio *folio) \ +{ return false; } +#define FOLIO_SET_FLAG_NOOP(name) \ +static inline void folio_set_##name(struct folio *folio) { } +#define FOLIO_CLEAR_FLAG_NOOP(name) \ +static inline void folio_clear_##name(struct folio *folio) { } +#define __FOLIO_SET_FLAG_NOOP(name) \ +static inline void __folio_set_##name(struct folio *folio) { } +#define __FOLIO_CLEAR_FLAG_NOOP(name) \ +static inline void __folio_clear_##name(struct folio *folio) { } +#define FOLIO_TEST_SET_FLAG_FALSE(name) \ +static inline bool folio_test_set_##name(struct folio *folio) \ +{ return false; } +#define FOLIO_TEST_CLEAR_FLAG_FALSE(name) \ +static inline bool folio_test_clear_##name(struct folio *folio) \ +{ return false; } + +#define FOLIO_FLAG_FALSE(name) \ +FOLIO_TEST_FLAG_FALSE(name) \ +FOLIO_SET_FLAG_NOOP(name) \ +FOLIO_CLEAR_FLAG_NOOP(name) + #define TESTPAGEFLAG_FALSE(uname, lname) \ -static inline bool folio_test_##lname(const struct folio *folio) { return false; } \ +FOLIO_TEST_FLAG_FALSE(lname) \ static inline int Page##uname(const struct page *page) { return 0; } #define SETPAGEFLAG_NOOP(uname, lname) \ -static inline void folio_set_##lname(struct folio *folio) { } \ +FOLIO_SET_FLAG_NOOP(lname) \ static inline void SetPage##uname(struct page *page) { } #define CLEARPAGEFLAG_NOOP(uname, lname) \ -static inline void folio_clear_##lname(struct folio *folio) { } \ +FOLIO_CLEAR_FLAG_NOOP(lname) \ static inline void ClearPage##uname(struct page *page) { } #define __CLEARPAGEFLAG_NOOP(uname, lname) \ -static inline void __folio_clear_##lname(struct folio *folio) { } \ +__FOLIO_CLEAR_FLAG_NOOP(lname) \ static inline void __ClearPage##uname(struct page *page) { } #define TESTSETFLAG_FALSE(uname, lname) \ -static inline bool folio_test_set_##lname(struct folio *folio) \ -{ return 0; } \ +FOLIO_TEST_SET_FLAG_FALSE(lname) \ static inline int TestSetPage##uname(struct page *page) { return 0; } #define TESTCLEARFLAG_FALSE(uname, lname) \ -static inline bool folio_test_clear_##lname(struct folio *folio) \ -{ return 0; } \ +FOLIO_TEST_CLEAR_FLAG_FALSE(lname) \ static inline int TestClearPage##uname(struct page *page) { return 0; } #define PAGEFLAG_FALSE(uname, lname) TESTPAGEFLAG_FALSE(uname, lname) \ @@ -977,35 +998,38 @@ static inline int page_has_type(const st return page_type_has_type(page->page_type); } +#define FOLIO_TYPE_OPS(lname, fname) \ +static __always_inline bool folio_test_##fname(const struct folio *folio)\ +{ \ + return folio_test_type(folio, PG_##lname); \ +} \ +static __always_inline void __folio_set_##fname(struct folio *folio) \ +{ \ + VM_BUG_ON_FOLIO(!folio_test_type(folio, 0), folio); \ + folio->page.page_type &= ~PG_##lname; \ +} \ +static __always_inline void __folio_clear_##fname(struct folio *folio) \ +{ \ + VM_BUG_ON_FOLIO(!folio_test_##fname(folio), folio); \ + folio->page.page_type |= PG_##lname; \ +} + #define PAGE_TYPE_OPS(uname, lname, fname) \ +FOLIO_TYPE_OPS(lname, fname) \ static __always_inline int Page##uname(const struct page *page) \ { \ return PageType(page, PG_##lname); \ } \ -static __always_inline int folio_test_##fname(const struct folio *folio)\ -{ \ - return folio_test_type(folio, PG_##lname); \ -} \ static __always_inline void __SetPage##uname(struct page *page) \ { \ VM_BUG_ON_PAGE(!PageType(page, 0), page); \ page->page_type &= ~PG_##lname; \ } \ -static __always_inline void __folio_set_##fname(struct folio *folio) \ -{ \ - VM_BUG_ON_FOLIO(!folio_test_type(folio, 0), folio); \ - folio->page.page_type &= ~PG_##lname; \ -} \ static __always_inline void __ClearPage##uname(struct page *page) \ { \ VM_BUG_ON_PAGE(!Page##uname(page), page); \ page->page_type |= PG_##lname; \ -} \ -static __always_inline void __folio_clear_##fname(struct folio *folio) \ -{ \ - VM_BUG_ON_FOLIO(!folio_test_##fname(folio), folio); \ - folio->page.page_type |= PG_##lname; \ -} \ +} /* * PageBuddy() indicates that the page is free and in the buddy system _ Patches currently in -mm which might be from willy(a)infradead.org are mm-always-initialise-folio-_deferred_list.patch mm-remove-folio_prep_large_rmappable.patch mm-remove-a-call-to-compound_head-from-is_page_hwpoison.patch mm-free-up-pg_slab.patch mm-free-up-pg_slab-fix.patch mm-improve-dumping-of-mapcount-and-page_type.patch hugetlb-remove-mention-of-destructors.patch sh-remove-use-of-pg_arch_1-on-individual-pages.patch xtensa-remove-uses-of-pg_arch_1-on-individual-pages.patch mm-make-page_ext_get-take-a-const-argument.patch mm-make-folio_test_idle-and-folio_test_young-take-a-const-argument.patch mm-make-is_free_buddy_page-take-a-const-argument.patch mm-make-page_mapped-take-a-const-argument.patch mm-convert-arch_clear_hugepage_flags-to-take-a-folio.patch mm-convert-arch_clear_hugepage_flags-to-take-a-folio-fix.patch slub-remove-use-of-page-flags.patch remove-references-to-page-flags-in-documentation.patch proc-rewrite-stable_page_flags.patch proc-rewrite-stable_page_flags-fix.patch proc-rewrite-stable_page_flags-fix-2.patch sparc-use-is_huge_zero_pmd.patch mm-add-is_huge_zero_folio.patch mm-add-pmd_folio.patch mm-convert-migrate_vma_collect_pmd-to-use-a-folio.patch mm-convert-huge_zero_page-to-huge_zero_folio.patch mm-convert-do_huge_pmd_anonymous_page-to-huge_zero_folio.patch dax-use-huge_zero_folio.patch mm-rename-mm_put_huge_zero_page-to-mm_put_huge_zero_folio.patch mm-use-rwsem-assertion-macros-for-mmap_lock.patch filemap-remove-__set_page_dirty.patch mm-correct-page_mapped_in_vma-for-large-folios.patch mm-remove-vma_address.patch mm-rename-vma_pgoff_address-back-to-vma_address.patch khugepaged-inline-hpage_collapse_alloc_folio.patch khugepaged-convert-alloc_charge_hpage-to-alloc_charge_folio.patch khugepaged-remove-hpage-from-collapse_huge_page.patch khugepaged-pass-a-folio-to-__collapse_huge_page_copy.patch khugepaged-remove-hpage-from-collapse_file.patch khugepaged-use-a-folio-throughout-collapse_file.patch khugepaged-use-a-folio-throughout-collapse_file-fix.patch khugepaged-use-a-folio-throughout-hpage_collapse_scan_file.patch proc-convert-clear_refs_pte_range-to-use-a-folio.patch proc-convert-smaps_account-to-use-a-folio.patch mm-remove-page_idle-and-page_young-wrappers.patch mm-generate-page_idle_flag-definitions.patch proc-convert-gather_stats-to-use-a-folio.patch proc-convert-smaps_page_accumulate-to-use-a-folio.patch proc-pass-a-folio-to-smaps_page_accumulate.patch proc-convert-smaps_pmd_entry-to-use-a-folio.patch mm-remove-struct-page-from-get_shadow_from_swap_cache.patch hugetlb-convert-alloc_buddy_hugetlb_folio-to-use-a-folio.patch mm-convert-pagecache_isize_extended-to-use-a-folio.patch mm-free-non-hugetlb-large-folios-in-a-batch.patch mm-combine-free_the_page-and-free_unref_page.patch mm-inline-destroy_large_folio-into-__folio_put_large.patch mm-combine-__folio_put_small-__folio_put_large-and-__folio_put.patch mm-convert-free_zone_device_page-to-free_zone_device_folio.patch doc-improve-the-description-of-__folio_mark_dirty.patch buffer-add-kernel-doc-for-block_dirty_folio.patch buffer-add-kernel-doc-for-try_to_free_buffers.patch buffer-fix-__bread-and-__bread_gfp-kernel-doc.patch buffer-add-kernel-doc-for-brelse-and-__brelse.patch buffer-add-kernel-doc-for-bforget-and-__bforget.patch buffer-improve-bdev_getblk-documentation.patch doc-split-bufferrst-out-of-api-summaryrst.patch doc-split-bufferrst-out-of-api-summaryrst-fix.patch mm-memory-failure-remove-fsdax_pgoff-argument-from-__add_to_kill.patch mm-memory-failure-pass-addr-to-__add_to_kill.patch mm-return-the-address-from-page_mapped_in_vma.patch mm-make-page_mapped_in_vma-conditional-on-config_memory_failure.patch mm-memory-failure-convert-shake_page-to-shake_folio.patch mm-convert-hugetlb_page_mapping_lock_write-to-folio.patch mm-memory-failure-convert-memory_failure-to-use-a-folio.patch mm-memory-failure-convert-hwpoison_user_mappings-to-take-a-folio.patch mm-memory-failure-add-some-folio-conversions-to-unpoison_memory.patch mm-memory-failure-use-folio-functions-throughout-collect_procs.patch mm-memory-failure-pass-the-folio-to-collect_procs_ksm.patch fscrypt-convert-bh_get_inode_and_lblk_num-to-use-a-folio.patch f2fs-convert-f2fs_clear_page_cache_dirty_tag-to-use-a-folio.patch memory-failure-remove-calls-to-page_mapping.patch migrate-expand-the-use-of-folio-in-__migrate_device_pages.patch userfault-expand-folio-use-in-mfill_atomic_install_pte.patch mm-remove-page_mapping.patch mm-remove-page_cache_alloc.patch mm-remove-put_devmap_managed_page.patch mm-convert-put_devmap_managed_page_refs-to-put_devmap_managed_folio_refs.patch mm-remove-page_ref_sub_return.patch gup-use-folios-for-gup_devmap.patch mm-add-kernel-doc-for-folio_mark_accessed.patch mm-remove-pagereferenced.patch

1 year, 4 months

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-fix-missing-hugetlb_lock-for-resv-uncharge.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix missing hugetlb_lock for resv uncharge has been removed from the -mm tree. Its filename was mm-hugetlb-fix-missing-hugetlb_lock-for-resv-uncharge.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/hugetlb: fix missing hugetlb_lock for resv uncharge Date: Wed, 17 Apr 2024 17:18:35 -0400 There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held. Link: https://lkml.kernel.org/r/20240417211836.2742593-3-peterx@redhat.com Fixes: 79aa925bf239 ("hugetlb_cgroup: fix reservation accounting") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+4b8077a5fccc61c385a1(a)syzkaller.appspotmail.com Reviewed-by: Mina Almasry <almasrymina(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-missing-hugetlb_lock-for-resv-uncharge +++ a/mm/hugetlb.c @@ -3268,9 +3268,12 @@ struct folio *alloc_hugetlb_folio(struct rsv_adjust = hugepage_subpool_put_pages(spool, 1); hugetlb_acct_memory(h, -rsv_adjust); - if (deferred_reserve) + if (deferred_reserve) { + spin_lock_irq(&hugetlb_lock); hugetlb_cgroup_uncharge_folio_rsvd(hstate_index(h), pages_per_huge_page(h), folio); + spin_unlock_irq(&hugetlb_lock); + } } if (!memcg_charge_ret) _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-userfaultfd-reset-ptes-when-close-for-wr-protected-ones.patch mm-hmm-process-pud-swap-entry-without-pud_huge.patch mm-gup-cache-p4d-in-follow_p4d_mask.patch mm-gup-check-p4d-presence-before-going-on.patch mm-x86-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-sparc-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-arm-use-macros-to-define-pmd-pud-helpers.patch mm-arm-redefine-pmd_huge-with-pmd_leaf.patch mm-arm64-merge-pxd_huge-and-pxd_leaf-definitions.patch mm-powerpc-redefine-pxd_huge-with-pxd_leaf.patch mm-gup-merge-pxd-huge-mapping-checks.patch mm-treewide-replace-pxd_huge-with-pxd_leaf.patch mm-treewide-remove-pxd_huge.patch mm-arm-remove-pmd_thp_or_huge.patch mm-document-pxd_leaf-api.patch mm-always-initialise-folio-_deferred_list-fix.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation-fix.patch mm-kconfig-config_pgtable_has_huge_leaves.patch mm-hugetlb-declare-hugetlbfs_pagecache_present-non-static.patch mm-make-hpage_pxd_-macros-even-if-thp.patch mm-introduce-vma_pgtable_walk_beginend.patch mm-arch-provide-pud_pfn-fallback.patch mm-arch-provide-pud_pfn-fallback-fix.patch mm-gup-drop-folio_fast_pin_allowed-in-hugepd-processing.patch mm-gup-refactor-record_subpages-to-find-1st-small-page.patch mm-gup-handle-hugetlb-for-no_page_table.patch mm-gup-cache-pudp-in-follow_pud_mask.patch mm-gup-handle-huge-pud-for-follow_pud_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask-fix.patch mm-gup-handle-hugepd-for-follow_page.patch mm-gup-handle-hugetlb-in-the-generic-follow_page_mask-code.patch mm-allow-anon-exclusive-check-over-hugetlb-tail-pages.patch mm-free-non-hugetlb-large-folios-in-a-batch-fix.patch mm-hugetlb-assert-hugetlb_lock-in-__hugetlb_cgroup_commit_charge.patch mm-page_table_check-support-userfault-wr-protect-entries.patch

1 year, 4 months

1
0
0 0

[PATCH v2] serial: 8250_bcm7271: use default_mux_rate if possible

by Doug Berger

There is a scenario when resuming from some power saving states with no_console_suspend where console output can be generated before the 8250_bcm7271 driver gets the opportunity to restore the baud_mux_clk frequency. Since the baud_mux_clk is at its default frequency at this time the output can be garbled until the driver gets the opportunity to resume. Since this is only an issue with console use of the serial port during that window and the console isn't likely to use baud rates that require alternate baud_mux_clk frequencies, allow the driver to select the default_mux_rate if it is accurate enough. Fixes: 41a469482de2 ("serial: 8250: Add new 8250-core based Broadcom STB driver") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- Changes in v2: Added "Cc: stable(a)vger.kernel.org" drivers/tty/serial/8250/8250_bcm7271.c | 101 +++++++++++++++---------- 1 file changed, 60 insertions(+), 41 deletions(-) diff --git a/drivers/tty/serial/8250/8250_bcm7271.c b/drivers/tty/serial/8250/8250_bcm7271.c index de270863eb5e..2569ca69223f 100644 --- a/drivers/tty/serial/8250/8250_bcm7271.c +++ b/drivers/tty/serial/8250/8250_bcm7271.c @@ -673,18 +673,46 @@ static void init_real_clk_rates(struct device *dev, struct brcmuart_priv *priv) clk_set_rate(priv->baud_mux_clk, priv->default_mux_rate); } +static u32 find_quot(struct device *dev, u32 freq, u32 baud, u32 *percent) +{ + u32 quot; + u32 rate; + u64 hires_rate; + u64 hires_baud; + u64 hires_err; + + rate = freq / 16; + quot = DIV_ROUND_CLOSEST(rate, baud); + if (!quot) + return 0; + + /* increase resolution to get xx.xx percent */ + hires_rate = div_u64((u64)rate * 10000, (u64)quot); + hires_baud = (u64)baud * 10000; + + /* get the delta */ + if (hires_rate > hires_baud) + hires_err = (hires_rate - hires_baud); + else + hires_err = (hires_baud - hires_rate); + + *percent = (unsigned long)DIV_ROUND_CLOSEST_ULL(hires_err, baud); + + dev_dbg(dev, "Baud rate: %u, MUX Clk: %u, Error: %u.%u%%\n", + baud, freq, *percent / 100, *percent % 100); + + return quot; +} + static void set_clock_mux(struct uart_port *up, struct brcmuart_priv *priv, u32 baud) { u32 percent; u32 best_percent = UINT_MAX; u32 quot; + u32 freq; u32 best_quot = 1; - u32 rate; - int best_index = -1; - u64 hires_rate; - u64 hires_baud; - u64 hires_err; + u32 best_freq = 0; int rc; int i; int real_baud; @@ -693,44 +721,35 @@ static void set_clock_mux(struct uart_port *up, struct brcmuart_priv *priv, if (priv->baud_mux_clk == NULL) return; - /* Find the closest match for specified baud */ - for (i = 0; i < ARRAY_SIZE(priv->real_rates); i++) { - if (priv->real_rates[i] == 0) - continue; - rate = priv->real_rates[i] / 16; - quot = DIV_ROUND_CLOSEST(rate, baud); - if (!quot) - continue; - - /* increase resolution to get xx.xx percent */ - hires_rate = (u64)rate * 10000; - hires_baud = (u64)baud * 10000; - - hires_err = div_u64(hires_rate, (u64)quot); - - /* get the delta */ - if (hires_err > hires_baud) - hires_err = (hires_err - hires_baud); - else - hires_err = (hires_baud - hires_err); - - percent = (unsigned long)DIV_ROUND_CLOSEST_ULL(hires_err, baud); - dev_dbg(up->dev, - "Baud rate: %u, MUX Clk: %u, Error: %u.%u%%\n", - baud, priv->real_rates[i], percent / 100, - percent % 100); - if (percent < best_percent) { - best_percent = percent; - best_index = i; - best_quot = quot; + /* Try default_mux_rate first */ + quot = find_quot(up->dev, priv->default_mux_rate, baud, &percent); + if (quot) { + best_percent = percent; + best_freq = priv->default_mux_rate; + best_quot = quot; + } + /* If more than 1% error, find the closest match for specified baud */ + if (best_percent > 100) { + for (i = 0; i < ARRAY_SIZE(priv->real_rates); i++) { + freq = priv->real_rates[i]; + if (freq == 0 || freq == priv->default_mux_rate) + continue; + quot = find_quot(up->dev, freq, baud, &percent); + if (!quot) + continue; + + if (percent < best_percent) { + best_percent = percent; + best_freq = freq; + best_quot = quot; + } } } - if (best_index == -1) { + if (!best_freq) { dev_err(up->dev, "Error, %d BAUD rate is too fast.\n", baud); return; } - rate = priv->real_rates[best_index]; - rc = clk_set_rate(priv->baud_mux_clk, rate); + rc = clk_set_rate(priv->baud_mux_clk, best_freq); if (rc) dev_err(up->dev, "Error selecting BAUD MUX clock\n"); @@ -739,8 +758,8 @@ static void set_clock_mux(struct uart_port *up, struct brcmuart_priv *priv, dev_err(up->dev, "Error, baud: %d has %u.%u%% error\n", baud, percent / 100, percent % 100); - real_baud = rate / 16 / best_quot; - dev_dbg(up->dev, "Selecting BAUD MUX rate: %u\n", rate); + real_baud = best_freq / 16 / best_quot; + dev_dbg(up->dev, "Selecting BAUD MUX rate: %u\n", best_freq); dev_dbg(up->dev, "Requested baud: %u, Actual baud: %u\n", baud, real_baud); @@ -749,7 +768,7 @@ static void set_clock_mux(struct uart_port *up, struct brcmuart_priv *priv, i += (i / 2); priv->char_wait = ns_to_ktime(i); - up->uartclk = rate; + up->uartclk = best_freq; } static void brcmstb_set_termios(struct uart_port *up, -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH v1] usb: typec: tcpm: unregister existing source caps before re-registration

by Amit Sunil Dhamne

Check and unregister existing source caps in tcpm_register_source_caps function before registering new ones. This change fixes following warning when port partner resends source caps after negotiating PD contract for the purpose of re-negotiation. [ 343.135030][ T151] sysfs: cannot create duplicate filename '/devices/virtual/usb_power_delivery/pd1/source-capabilities' [ 343.135071][ T151] Call trace: [ 343.135076][ T151] dump_backtrace+0xe8/0x108 [ 343.135099][ T151] show_stack+0x18/0x24 [ 343.135106][ T151] dump_stack_lvl+0x50/0x6c [ 343.135119][ T151] dump_stack+0x18/0x24 [ 343.135126][ T151] sysfs_create_dir_ns+0xe0/0x140 [ 343.135137][ T151] kobject_add_internal+0x228/0x424 [ 343.135146][ T151] kobject_add+0x94/0x10c [ 343.135152][ T151] device_add+0x1b0/0x4c0 [ 343.135187][ T151] device_register+0x20/0x34 [ 343.135195][ T151] usb_power_delivery_register_capabilities+0x90/0x20c [ 343.135209][ T151] tcpm_pd_rx_handler+0x9f0/0x15b8 [ 343.135216][ T151] kthread_worker_fn+0x11c/0x260 [ 343.135227][ T151] kthread+0x114/0x1bc [ 343.135235][ T151] ret_from_fork+0x10/0x20 [ 343.135265][ T151] kobject: kobject_add_internal failed for source-capabilities with -EEXIST, don't try to register things with the same name in the same directory. Fixes: 8203d26905ee ("usb: typec: tcpm: Register USB Power Delivery Capabilities") Cc: linux-usb(a)vger.kernel.org Cc: stable(a)vger.kernel.org Cc: kernel(a)vger.kernel.org Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..d8eb89f4f0c3 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -2996,7 +2996,7 @@ static int tcpm_register_source_caps(struct tcpm_port *port) { struct usb_power_delivery_desc desc = { port->negotiated_rev }; struct usb_power_delivery_capabilities_desc caps = { }; - struct usb_power_delivery_capabilities *cap; + struct usb_power_delivery_capabilities *cap = port->partner_source_caps; if (!port->partner_pd) port->partner_pd = usb_power_delivery_register(NULL, &desc); @@ -3006,6 +3006,9 @@ static int tcpm_register_source_caps(struct tcpm_port *port) memcpy(caps.pdo, port->source_caps, sizeof(u32) * port->nr_source_caps); caps.role = TYPEC_SOURCE; + if (cap) + usb_power_delivery_unregister_capabilities(cap); + cap = usb_power_delivery_register_capabilities(port->partner_pd, &caps); if (IS_ERR(cap)) return PTR_ERR(cap); base-commit: 0d31ea587709216d88183fe4ca0c8aba5e0205b8 -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

1
0
0 0

[PATCH] serial: 8250_bcm7271: use default_mux_rate if possible

by Doug Berger

There is a scenario when resuming from some power saving states with no_console_suspend where console output can be generated before the 8250_bcm7271 driver gets the opportunity to restore the baud_mux_clk frequency. Since the baud_mux_clk is at its default frequency at this time the output can be garbled until the driver gets the opportunity to resume. Since this is only an issue with console use of the serial port during that window and the console isn't likely to use baud rates that require alternate baud_mux_clk frequencies, allow the driver to select the default_mux_rate if it is accurate enough. Fixes: 41a469482de2 ("serial: 8250: Add new 8250-core based Broadcom STB driver") Signed-off-by: Doug Berger <opendmb(a)gmail.com> --- drivers/tty/serial/8250/8250_bcm7271.c | 101 +++++++++++++++---------- 1 file changed, 60 insertions(+), 41 deletions(-) diff --git a/drivers/tty/serial/8250/8250_bcm7271.c b/drivers/tty/serial/8250/8250_bcm7271.c index de270863eb5e..2569ca69223f 100644 --- a/drivers/tty/serial/8250/8250_bcm7271.c +++ b/drivers/tty/serial/8250/8250_bcm7271.c @@ -673,18 +673,46 @@ static void init_real_clk_rates(struct device *dev, struct brcmuart_priv *priv) clk_set_rate(priv->baud_mux_clk, priv->default_mux_rate); } +static u32 find_quot(struct device *dev, u32 freq, u32 baud, u32 *percent) +{ + u32 quot; + u32 rate; + u64 hires_rate; + u64 hires_baud; + u64 hires_err; + + rate = freq / 16; + quot = DIV_ROUND_CLOSEST(rate, baud); + if (!quot) + return 0; + + /* increase resolution to get xx.xx percent */ + hires_rate = div_u64((u64)rate * 10000, (u64)quot); + hires_baud = (u64)baud * 10000; + + /* get the delta */ + if (hires_rate > hires_baud) + hires_err = (hires_rate - hires_baud); + else + hires_err = (hires_baud - hires_rate); + + *percent = (unsigned long)DIV_ROUND_CLOSEST_ULL(hires_err, baud); + + dev_dbg(dev, "Baud rate: %u, MUX Clk: %u, Error: %u.%u%%\n", + baud, freq, *percent / 100, *percent % 100); + + return quot; +} + static void set_clock_mux(struct uart_port *up, struct brcmuart_priv *priv, u32 baud) { u32 percent; u32 best_percent = UINT_MAX; u32 quot; + u32 freq; u32 best_quot = 1; - u32 rate; - int best_index = -1; - u64 hires_rate; - u64 hires_baud; - u64 hires_err; + u32 best_freq = 0; int rc; int i; int real_baud; @@ -693,44 +721,35 @@ static void set_clock_mux(struct uart_port *up, struct brcmuart_priv *priv, if (priv->baud_mux_clk == NULL) return; - /* Find the closest match for specified baud */ - for (i = 0; i < ARRAY_SIZE(priv->real_rates); i++) { - if (priv->real_rates[i] == 0) - continue; - rate = priv->real_rates[i] / 16; - quot = DIV_ROUND_CLOSEST(rate, baud); - if (!quot) - continue; - - /* increase resolution to get xx.xx percent */ - hires_rate = (u64)rate * 10000; - hires_baud = (u64)baud * 10000; - - hires_err = div_u64(hires_rate, (u64)quot); - - /* get the delta */ - if (hires_err > hires_baud) - hires_err = (hires_err - hires_baud); - else - hires_err = (hires_baud - hires_err); - - percent = (unsigned long)DIV_ROUND_CLOSEST_ULL(hires_err, baud); - dev_dbg(up->dev, - "Baud rate: %u, MUX Clk: %u, Error: %u.%u%%\n", - baud, priv->real_rates[i], percent / 100, - percent % 100); - if (percent < best_percent) { - best_percent = percent; - best_index = i; - best_quot = quot; + /* Try default_mux_rate first */ + quot = find_quot(up->dev, priv->default_mux_rate, baud, &percent); + if (quot) { + best_percent = percent; + best_freq = priv->default_mux_rate; + best_quot = quot; + } + /* If more than 1% error, find the closest match for specified baud */ + if (best_percent > 100) { + for (i = 0; i < ARRAY_SIZE(priv->real_rates); i++) { + freq = priv->real_rates[i]; + if (freq == 0 || freq == priv->default_mux_rate) + continue; + quot = find_quot(up->dev, freq, baud, &percent); + if (!quot) + continue; + + if (percent < best_percent) { + best_percent = percent; + best_freq = freq; + best_quot = quot; + } } } - if (best_index == -1) { + if (!best_freq) { dev_err(up->dev, "Error, %d BAUD rate is too fast.\n", baud); return; } - rate = priv->real_rates[best_index]; - rc = clk_set_rate(priv->baud_mux_clk, rate); + rc = clk_set_rate(priv->baud_mux_clk, best_freq); if (rc) dev_err(up->dev, "Error selecting BAUD MUX clock\n"); @@ -739,8 +758,8 @@ static void set_clock_mux(struct uart_port *up, struct brcmuart_priv *priv, dev_err(up->dev, "Error, baud: %d has %u.%u%% error\n", baud, percent / 100, percent % 100); - real_baud = rate / 16 / best_quot; - dev_dbg(up->dev, "Selecting BAUD MUX rate: %u\n", rate); + real_baud = best_freq / 16 / best_quot; + dev_dbg(up->dev, "Selecting BAUD MUX rate: %u\n", best_freq); dev_dbg(up->dev, "Requested baud: %u, Actual baud: %u\n", baud, real_baud); @@ -749,7 +768,7 @@ static void set_clock_mux(struct uart_port *up, struct brcmuart_priv *priv, i += (i / 2); priv->char_wait = ns_to_ktime(i); - up->uartclk = rate; + up->uartclk = best_freq; } static void brcmstb_set_termios(struct uart_port *up, -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH] admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET

by Thomas Weißschuh

sched_core_share_pid() copies the cookie to userspace with put_user(id, (u64 __user *)uaddr), expecting 64 bits of space. The "unsigned long" datatype that is documented in core-scheduling.rst however is only 32 bits large on 32 bit architectures. Document "unsigned long long" as the correct data type that is always 64bits large. This matches what the selftest cs_prctl_test.c has been doing all along. Fixes: 0159bb020ca9 ("Documentation: Add usecases, design and interface for core scheduling") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/util-linux/df7a25a0-7923-4f8b-a527-5e6f0064074d@t-8… Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/core-scheduling.rst b/Documentation/admin-guide/hw-vuln/core-scheduling.rst index cf1eeefdfc32..a92e10ec402e 100644 --- a/Documentation/admin-guide/hw-vuln/core-scheduling.rst +++ b/Documentation/admin-guide/hw-vuln/core-scheduling.rst @@ -67,8 +67,8 @@ arg4: will be performed for all tasks in the task group of ``pid``. arg5: - userspace pointer to an unsigned long for storing the cookie returned by - ``PR_SCHED_CORE_GET`` command. Should be 0 for all other commands. + userspace pointer to an unsigned long long for storing the cookie returned + by ``PR_SCHED_CORE_GET`` command. Should be 0 for all other commands. In order for a process to push a cookie to, or pull a cookie from a process, it is required to have the ptrace access mode: `PTRACE_MODE_READ_REALCREDS` to the --- base-commit: 71b1543c83d65af8215d7558d70fc2ecbee77dcf change-id: 20240423-core-scheduling-cookie-b0551c40b086 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 4 months

3
2
0 0

[PATCH 1/2] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

by Oliver Upton

vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. Cc: stable(a)vger.kernel.org Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") Reported-by: Alexander Potapenko <glider(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Alexander Potapenko <glider(a)google.com> Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c index f48b8dab8b3d..1d26bb5b02f4 100644 --- a/arch/arm64/kvm/vgic/vgic-kvm-device.c +++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c @@ -338,12 +338,12 @@ int kvm_register_vgic_device(unsigned long type) int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, struct vgic_reg_attr *reg_attr) { - int cpuid; + int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - - reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + if (!reg_attr->vcpu) + return -EINVAL; return 0; } -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

1
0
0 0

[tip: x86/urgent] x86/tdx: Preserve shared bit on mprotect()

by tip-bot2 for Kirill A. Shutemov

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 Gitweb: https://git.kernel.org/tip/a0a8d15a798be4b8f20aca2ba91bf6b688c6a640 Author: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> AuthorDate: Wed, 24 Apr 2024 11:20:35 +03:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Wed, 24 Apr 2024 08:11:43 -07:00 x86/tdx: Preserve shared bit on mprotect() The TDX guest platform takes one bit from the physical address to indicate if the page is shared (accessible by VMM). This bit is not part of the physical_mask and is not preserved during mprotect(). As a result, the 'shared' bit is lost during mprotect() on shared mappings. _COMMON_PAGE_CHG_MASK specifies which PTE bits need to be preserved during modification. AMD includes 'sme_me_mask' in the define to preserve the 'encrypt' bit. To cover both Intel and AMD cases, include 'cc_mask' in _COMMON_PAGE_CHG_MASK instead of 'sme_me_mask'. Reported-and-tested-by: Chris Oo <cho(a)microsoft.com> Fixes: 41394e33f3a0 ("x86/tdx: Extend the confidential computing API to support TDX guests") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240424082035.4092071-1-kirill.shutemov%40linu… --- arch/x86/include/asm/coco.h | 1 + arch/x86/include/asm/pgtable_types.h | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/coco.h b/arch/x86/include/asm/coco.h index c086699..aa6c8f8 100644 --- a/arch/x86/include/asm/coco.h +++ b/arch/x86/include/asm/coco.h @@ -25,6 +25,7 @@ u64 cc_mkdec(u64 val); void cc_random_init(void); #else #define cc_vendor (CC_VENDOR_NONE) +static const u64 cc_mask = 0; static inline u64 cc_mkenc(u64 val) { diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 0b748ee..9abb8cc 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -148,7 +148,7 @@ #define _COMMON_PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | \ _PAGE_DIRTY_BITS | _PAGE_SOFT_DIRTY | \ - _PAGE_DEVMAP | _PAGE_ENC | _PAGE_UFFD_WP) + _PAGE_DEVMAP | _PAGE_CC | _PAGE_UFFD_WP) #define _PAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PAT) #define _HPAGE_CHG_MASK (_COMMON_PAGE_CHG_MASK | _PAGE_PSE | _PAGE_PAT_LARGE) @@ -173,6 +173,7 @@ enum page_cache_mode { }; #endif +#define _PAGE_CC (_AT(pteval_t, cc_mask)) #define _PAGE_ENC (_AT(pteval_t, sme_me_mask)) #define _PAGE_CACHE_MASK (_PAGE_PWT | _PAGE_PCD | _PAGE_PAT)

1 year, 4 months

1
0
0 0

[PATCH V2] workqueue: Fix divide error in wq_update_node_max_active()

by Lai Jiangshan

From: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Yue Sun and xingwei lee reported a divide error bug in wq_update_node_max_active(): divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 21 Comm: cpuhp/1 Not tainted 6.9.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:wq_update_node_max_active+0x369/0x6b0 kernel/workqueue.c:1605 Code: 24 bf 00 00 00 80 44 89 fe e8 83 27 33 00 41 83 fc ff 75 0d 41 81 ff 00 00 00 80 0f 84 68 01 00 00 e8 fb 22 33 00 44 89 f8 99 <41> f7 fc 89 c5 89 c7 44 89 ee e8 a8 24 33 00 89 ef 8b 5c 24 04 89 RSP: 0018:ffffc9000018fbb0 EFLAGS: 00010293 RAX: 00000000000000ff RBX: 0000000000000001 RCX: ffff888100ada500 RDX: 0000000000000000 RSI: 00000000000000ff RDI: 0000000080000000 RBP: 0000000000000001 R08: ffffffff815b1fcd R09: 1ffff1100364ad72 R10: dffffc0000000000 R11: ffffed100364ad73 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000000 R15: 00000000000000ff FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb8c06ca6f8 CR3: 000000010d6c6000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> workqueue_offline_cpu+0x56f/0x600 kernel/workqueue.c:6525 cpuhp_invoke_callback+0x4e1/0x870 kernel/cpu.c:194 cpuhp_thread_fun+0x411/0x7d0 kernel/cpu.c:1092 smpboot_thread_fn+0x544/0xa10 kernel/smpboot.c:164 kthread+0x2ed/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- After analysis, it happens when all of the CPUs in a workqueue's affinity get offine. The problem can be easily reproduced by: # echo 8 > /sys/devices/virtual/workqueue/<any-wq-name>/cpumask # echo 0 > /sys/devices/system/cpu/cpu3/online Use the default max_actives for nodes when all of the CPUs in the workqueue's affinity get offline to fix the problem. Reported-by: Yue Sun <samsun1006219(a)gmail.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Link: https://lore.kernel.org/lkml/CAEkJfYPGS1_4JqvpSo0=FM0S1ytB8CEbyreLTtWpR900d… Fixes: 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") Cc: stable(a)vger.kernel.org Signed-off-by: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> --- Changed from v1: when total_cpus==0, use the default values for max_active instead of forcing total_cpus>=1 [v1]: https://lore.kernel.org/lkml/20240423124548.1253842-1-jiangshanlai@gmail.co… kernel/workqueue.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 0066c8f6c154..0105e3c82df4 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1594,6 +1594,15 @@ static void wq_update_node_max_active(struct workqueue_struct *wq, int off_cpu) if (off_cpu >= 0) total_cpus--; + /* If all CPUs of the wq get offline, use the default values */ + if (unlikely(!total_cpus)) { + for_each_node(node) + wq_node_nr_active(wq, node)->max = min_active; + + wq_node_nr_active(wq, NUMA_NO_NODE)->max = max_active; + return; + } + for_each_node(node) { int node_cpus; -- 2.19.1.6.gb485710b

1 year, 4 months

2
1
0 0

stable-rc: 5.10: arm: u64_stats_sync.h:136:2: error: implicit declaration of function 'preempt_disable_nested'

by Naresh Kamboju

The arm and i386 builds failed with clang-17 and gcc-12 on stable-rc linux.5.10.y branch with linked config [1]. Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> In file included from init/do_mounts.c:7: In file included from include/linux/suspend.h:5: In file included from include/linux/swap.h:9: In file included from include/linux/memcontrol.h:13: In file included from include/linux/cgroup.h:28: In file included from include/linux/cgroup-defs.h:20: include/linux/u64_stats_sync.h:136:2: error: implicit declaration of function 'preempt_disable_nested' [-Werror,-Wimplicit-function-declaration] 136 | preempt_disable_nested(); | ^ include/linux/u64_stats_sync.h:143:2: error: implicit declaration of function 'preempt_enable_nested' [-Werror,-Wimplicit-function-declaration] 143 | preempt_enable_nested(); | ^ Suspecting patch: u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file [ Upstream commit 38a15d0a50e0a43778561a5861403851f0b0194c ] Steps to reproduce: --- # tuxmake --runtime podman --target-arch arm --toolchain clang-17 --kconfig https://storage.tuxsuite.com/public/linaro/lkft/builds/2f8pIb4fiJ5NY0zeALMm… LLVM=1 LLVM_IAS=0 dtbs dtbs-legacy headers kernel kselftest modules Links: - [1] https://storage.tuxsuite.com/public/linaro/lkft/builds/2f8pIb4fiJ5NY0zeALMm… - https://storage.tuxsuite.com/public/linaro/lkft/builds/2f8pIb4fiJ5NY0zeALMm… - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10… -- Linaro LKFT https://lkft.linaro.org

1 year, 4 months

4
4
0 0

[PATCH 2/8] rtla/auto-analysis: Replace \t with spaces

by Daniel Bristot de Oliveira

When copying timerlat auto-analysis from a terminal to some web pages or chats, the \t are being replaced with a single ' ' or ' ', breaking the output. For example: ## CPU 3 hit stop tracing, analyzing it ## IRQ handler delay: 1.30 us (0.11 %) IRQ latency: 1.90 us Timerlat IRQ duration: 3.00 us (0.24 %) Blocking thread: 1223.16 us (99.00 %) insync:4048 1223.16 us IRQ interference 4.93 us (0.40 %) local_timer:236 4.93 us ------------------------------------------------------------------------ Thread latency: 1235.47 us (100%) Replace \t with spaces to avoid this problem. Cc: stable(a)vger.kernel.org Fixes: 27e348b221f6 ("rtla/timerlat: Add auto-analysis core") Signed-off-by: Daniel Bristot de Oliveira <bristot(a)kernel.org> --- tools/tracing/rtla/src/timerlat_aa.c | 109 ++++++++++++++++----------- 1 file changed, 63 insertions(+), 46 deletions(-) diff --git a/tools/tracing/rtla/src/timerlat_aa.c b/tools/tracing/rtla/src/timerlat_aa.c index 7093fd5333be..7bd80ee2a5b4 100644 --- a/tools/tracing/rtla/src/timerlat_aa.c +++ b/tools/tracing/rtla/src/timerlat_aa.c @@ -16,6 +16,9 @@ enum timelat_state { TIMERLAT_WAITING_THREAD, }; +/* Used to fill spaces in the output */ +static const char *spaces = " "; + #define MAX_COMM 24 /* @@ -274,14 +277,17 @@ static int timerlat_aa_nmi_handler(struct trace_seq *s, struct tep_record *recor taa_data->prev_irq_timstamp = start; trace_seq_reset(taa_data->prev_irqs_seq); - trace_seq_printf(taa_data->prev_irqs_seq, "\t%24s \t\t\t%9.2f us\n", - "nmi", ns_to_usf(duration)); + trace_seq_printf(taa_data->prev_irqs_seq, " %24s %.*s %9.2f us\n", + "nmi", + 24, spaces, + ns_to_usf(duration)); return 0; } taa_data->thread_nmi_sum += duration; - trace_seq_printf(taa_data->nmi_seq, " %24s \t\t\t%9.2f us\n", - "nmi", ns_to_usf(duration)); + trace_seq_printf(taa_data->nmi_seq, " %24s %.*s %9.2f us\n", + "nmi", + 24, spaces, ns_to_usf(duration)); return 0; } @@ -323,8 +329,10 @@ static int timerlat_aa_irq_handler(struct trace_seq *s, struct tep_record *recor taa_data->prev_irq_timstamp = start; trace_seq_reset(taa_data->prev_irqs_seq); - trace_seq_printf(taa_data->prev_irqs_seq, "\t%24s:%-3llu \t\t%9.2f us\n", - desc, vector, ns_to_usf(duration)); + trace_seq_printf(taa_data->prev_irqs_seq, " %24s:%-3llu %.*s %9.2f us\n", + desc, vector, + 15, spaces, + ns_to_usf(duration)); return 0; } @@ -372,8 +380,10 @@ static int timerlat_aa_irq_handler(struct trace_seq *s, struct tep_record *recor * IRQ interference. */ taa_data->thread_irq_sum += duration; - trace_seq_printf(taa_data->irqs_seq, " %24s:%-3llu \t %9.2f us\n", - desc, vector, ns_to_usf(duration)); + trace_seq_printf(taa_data->irqs_seq, " %24s:%-3llu %.*s %9.2f us\n", + desc, vector, + 24, spaces, + ns_to_usf(duration)); return 0; } @@ -408,8 +418,10 @@ static int timerlat_aa_softirq_handler(struct trace_seq *s, struct tep_record *r taa_data->thread_softirq_sum += duration; - trace_seq_printf(taa_data->softirqs_seq, "\t%24s:%-3llu \t %9.2f us\n", - softirq_name[vector], vector, ns_to_usf(duration)); + trace_seq_printf(taa_data->softirqs_seq, " %24s:%-3llu %.*s %9.2f us\n", + softirq_name[vector], vector, + 24, spaces, + ns_to_usf(duration)); return 0; } @@ -452,8 +464,10 @@ static int timerlat_aa_thread_handler(struct trace_seq *s, struct tep_record *re } else { taa_data->thread_thread_sum += duration; - trace_seq_printf(taa_data->threads_seq, "\t%24s:%-3llu \t\t%9.2f us\n", - comm, pid, ns_to_usf(duration)); + trace_seq_printf(taa_data->threads_seq, " %24s:%-12llu %.*s %9.2f us\n", + comm, pid, + 15, spaces, + ns_to_usf(duration)); } return 0; @@ -482,7 +496,8 @@ static int timerlat_aa_stack_handler(struct trace_seq *s, struct tep_record *rec function = tep_find_function(taa_ctx->tool->trace.tep, caller[i]); if (!function) break; - trace_seq_printf(taa_data->stack_seq, "\t\t-> %s\n", function); + trace_seq_printf(taa_data->stack_seq, " %.*s -> %s\n", + 14, spaces, function); } } return 0; @@ -568,23 +583,24 @@ static void timerlat_thread_analysis(struct timerlat_aa_data *taa_data, int cpu, exp_irq_ts = taa_data->timer_irq_start_time - taa_data->timer_irq_start_delay; if (exp_irq_ts < taa_data->prev_irq_timstamp + taa_data->prev_irq_duration) { if (taa_data->prev_irq_timstamp < taa_data->timer_irq_start_time) - printf(" Previous IRQ interference: \t\t up to %9.2f us\n", - ns_to_usf(taa_data->prev_irq_duration)); + printf(" Previous IRQ interference: %.*s up to %9.2f us\n", + 16, spaces, + ns_to_usf(taa_data->prev_irq_duration)); } /* * The delay that the IRQ suffered before starting. */ - printf(" IRQ handler delay: %16s %9.2f us (%.2f %%)\n", - (ns_to_usf(taa_data->timer_exit_from_idle) > 10) ? "(exit from idle)" : "", - ns_to_usf(taa_data->timer_irq_start_delay), - ns_to_per(total, taa_data->timer_irq_start_delay)); + printf(" IRQ handler delay: %.*s %16s %9.2f us (%.2f %%)\n", 16, spaces, + (ns_to_usf(taa_data->timer_exit_from_idle) > 10) ? "(exit from idle)" : "", + ns_to_usf(taa_data->timer_irq_start_delay), + ns_to_per(total, taa_data->timer_irq_start_delay)); /* * Timerlat IRQ. */ - printf(" IRQ latency: \t\t\t\t %9.2f us\n", - ns_to_usf(taa_data->tlat_irq_latency)); + printf(" IRQ latency: %.*s %9.2f us\n", 40, spaces, + ns_to_usf(taa_data->tlat_irq_latency)); if (irq) { /* @@ -595,15 +611,16 @@ static void timerlat_thread_analysis(struct timerlat_aa_data *taa_data, int cpu, * so it will be displayed, it is the key. */ printf(" Blocking thread:\n"); - printf(" %24s:%-9llu\n", - taa_data->run_thread_comm, taa_data->run_thread_pid); + printf(" %.*s %24s:%-9llu\n", 6, spaces, taa_data->run_thread_comm, + taa_data->run_thread_pid); } else { /* * The duration of the IRQ handler that handled the timerlat IRQ. */ - printf(" Timerlat IRQ duration: \t\t %9.2f us (%.2f %%)\n", - ns_to_usf(taa_data->timer_irq_duration), - ns_to_per(total, taa_data->timer_irq_duration)); + printf(" Timerlat IRQ duration: %.*s %9.2f us (%.2f %%)\n", + 30, spaces, + ns_to_usf(taa_data->timer_irq_duration), + ns_to_per(total, taa_data->timer_irq_duration)); /* * The amount of time that the current thread postponed the scheduler. @@ -611,13 +628,13 @@ static void timerlat_thread_analysis(struct timerlat_aa_data *taa_data, int cpu, * Recalling that it is net from NMI/IRQ/Softirq interference, so there * is no need to compute values here. */ - printf(" Blocking thread: \t\t\t %9.2f us (%.2f %%)\n", - ns_to_usf(taa_data->thread_blocking_duration), - ns_to_per(total, taa_data->thread_blocking_duration)); + printf(" Blocking thread: %.*s %9.2f us (%.2f %%)\n", 36, spaces, + ns_to_usf(taa_data->thread_blocking_duration), + ns_to_per(total, taa_data->thread_blocking_duration)); - printf(" %24s:%-9llu %9.2f us\n", - taa_data->run_thread_comm, taa_data->run_thread_pid, - ns_to_usf(taa_data->thread_blocking_duration)); + printf(" %.*s %24s:%-9llu %.*s %9.2f us\n", 6, spaces, + taa_data->run_thread_comm, taa_data->run_thread_pid, + 12, spaces, ns_to_usf(taa_data->thread_blocking_duration)); } /* @@ -629,9 +646,9 @@ static void timerlat_thread_analysis(struct timerlat_aa_data *taa_data, int cpu, * NMIs can happen during the IRQ, so they are always possible. */ if (taa_data->thread_nmi_sum) - printf(" NMI interference \t\t\t %9.2f us (%.2f %%)\n", - ns_to_usf(taa_data->thread_nmi_sum), - ns_to_per(total, taa_data->thread_nmi_sum)); + printf(" NMI interference %.*s %9.2f us (%.2f %%)\n", 36, spaces, + ns_to_usf(taa_data->thread_nmi_sum), + ns_to_per(total, taa_data->thread_nmi_sum)); /* * If it is an IRQ latency, the other factors can be skipped. @@ -643,9 +660,9 @@ static void timerlat_thread_analysis(struct timerlat_aa_data *taa_data, int cpu, * Prints the interference caused by IRQs to the thread latency. */ if (taa_data->thread_irq_sum) { - printf(" IRQ interference \t\t\t %9.2f us (%.2f %%)\n", - ns_to_usf(taa_data->thread_irq_sum), - ns_to_per(total, taa_data->thread_irq_sum)); + printf(" IRQ interference %.*s %9.2f us (%.2f %%)\n", 36, spaces, + ns_to_usf(taa_data->thread_irq_sum), + ns_to_per(total, taa_data->thread_irq_sum)); trace_seq_do_printf(taa_data->irqs_seq); } @@ -654,9 +671,9 @@ static void timerlat_thread_analysis(struct timerlat_aa_data *taa_data, int cpu, * Prints the interference caused by Softirqs to the thread latency. */ if (taa_data->thread_softirq_sum) { - printf(" Softirq interference \t\t\t %9.2f us (%.2f %%)\n", - ns_to_usf(taa_data->thread_softirq_sum), - ns_to_per(total, taa_data->thread_softirq_sum)); + printf(" Softirq interference %.*s %9.2f us (%.2f %%)\n", 32, spaces, + ns_to_usf(taa_data->thread_softirq_sum), + ns_to_per(total, taa_data->thread_softirq_sum)); trace_seq_do_printf(taa_data->softirqs_seq); } @@ -670,9 +687,9 @@ static void timerlat_thread_analysis(struct timerlat_aa_data *taa_data, int cpu, * timer handling latency. */ if (taa_data->thread_thread_sum) { - printf(" Thread interference \t\t\t %9.2f us (%.2f %%)\n", - ns_to_usf(taa_data->thread_thread_sum), - ns_to_per(total, taa_data->thread_thread_sum)); + printf(" Thread interference %.*s %9.2f us (%.2f %%)\n", 33, spaces, + ns_to_usf(taa_data->thread_thread_sum), + ns_to_per(total, taa_data->thread_thread_sum)); trace_seq_do_printf(taa_data->threads_seq); } @@ -682,8 +699,8 @@ static void timerlat_thread_analysis(struct timerlat_aa_data *taa_data, int cpu, */ print_total: printf("------------------------------------------------------------------------\n"); - printf(" %s latency: \t\t\t %9.2f us (100%%)\n", irq ? "IRQ" : "Thread", - ns_to_usf(total)); + printf(" %s latency: %.*s %9.2f us (100%%)\n", irq ? " IRQ" : "Thread", + 37, spaces, ns_to_usf(total)); } static int timerlat_auto_analysis_collect_trace(struct timerlat_aa_context *taa_ctx) -- 2.44.0

1 year, 4 months

1
0
0 0

[PATCH 1/8] rtla/timerlat: Simplify "no value" printing on top

by Daniel Bristot de Oliveira

Instead of printing three times the same output, print it only once, reducing lines and being sure that all no values have the same length. It also fixes an extra '\n' when running the with kernel threads, like here: =============== %< ============== Timer Latency 0 00:00:01 | IRQ Timer Latency (us) | Thread Timer Latency (us) CPU COUNT | cur min avg max | cur min avg max 2 #0 | - - - - | 161 161 161 161 3 #0 | - - - - | 161 161 161 161 8 #1 | 54 54 54 54 | - - - -'\n' ---------------|----------------------------------------|--------------------------------------- ALL #1 e0 | 54 54 54 | 161 161 161 =============== %< ============== This '\n' should have been removed with the user-space support that added another '\n' if not running with kernel threads. Cc: stable(a)vger.kernel.org Fixes: cdca4f4e5e8e ("rtla/timerlat_top: Add timerlat user-space support") Signed-off-by: Daniel Bristot de Oliveira <bristot(a)kernel.org> --- tools/tracing/rtla/src/timerlat_top.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/tools/tracing/rtla/src/timerlat_top.c b/tools/tracing/rtla/src/timerlat_top.c index 8a3fa64319c6..2665e0bb5f1e 100644 --- a/tools/tracing/rtla/src/timerlat_top.c +++ b/tools/tracing/rtla/src/timerlat_top.c @@ -212,6 +212,8 @@ static void timerlat_top_header(struct osnoise_tool *top) trace_seq_printf(s, "\n"); } +static const char *no_value = " -"; + /* * timerlat_top_print - prints the output of a given CPU */ @@ -239,10 +241,7 @@ static void timerlat_top_print(struct osnoise_tool *top, int cpu) trace_seq_printf(s, "%3d #%-9d |", cpu, cpu_data->irq_count); if (!cpu_data->irq_count) { - trace_seq_printf(s, " - "); - trace_seq_printf(s, " - "); - trace_seq_printf(s, " - "); - trace_seq_printf(s, " - |"); + trace_seq_printf(s, "%s %s %s %s |", no_value, no_value, no_value, no_value); } else { trace_seq_printf(s, "%9llu ", cpu_data->cur_irq / params->output_divisor); trace_seq_printf(s, "%9llu ", cpu_data->min_irq / params->output_divisor); @@ -251,10 +250,7 @@ static void timerlat_top_print(struct osnoise_tool *top, int cpu) } if (!cpu_data->thread_count) { - trace_seq_printf(s, " - "); - trace_seq_printf(s, " - "); - trace_seq_printf(s, " - "); - trace_seq_printf(s, " -\n"); + trace_seq_printf(s, "%s %s %s %s", no_value, no_value, no_value, no_value); } else { trace_seq_printf(s, "%9llu ", cpu_data->cur_thread / divisor); trace_seq_printf(s, "%9llu ", cpu_data->min_thread / divisor); @@ -271,10 +267,7 @@ static void timerlat_top_print(struct osnoise_tool *top, int cpu) trace_seq_printf(s, " |"); if (!cpu_data->user_count) { - trace_seq_printf(s, " - "); - trace_seq_printf(s, " - "); - trace_seq_printf(s, " - "); - trace_seq_printf(s, " -\n"); + trace_seq_printf(s, "%s %s %s %s\n", no_value, no_value, no_value, no_value); } else { trace_seq_printf(s, "%9llu ", cpu_data->cur_user / divisor); trace_seq_printf(s, "%9llu ", cpu_data->min_user / divisor); -- 2.44.0

1 year, 4 months

1
0
0 0

Re: [PATCH 6.8 000/158] 6.8.8-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 4 months

1
0
0 0