- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.87 release. There are 69 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Apr 2024 14:19:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.87-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.87-rc1 Fudongwang <fudong.wang(a)amd.com> drm/amd/display: fix disable otg wa logic in DCN316 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: always force full reset for SOC21 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Reset dGPU if suspend got aborted Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable port sync when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix CDCLK programming order when pipes are active Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI handling of RRSBA Ingo Molnar <mingo(a)kernel.org> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI documentation Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Fix return type of spectre_bhi_state() Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix out of range data Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_enable_notify() Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Jammy Huang <jammy_huang(a)aspeedtech.com> drm/ast: Fix soft lockup Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Reset GPU on queue preemption failure Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Disable VRR when using bigjoiner Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: restore msg_control on sendzc retry Boris Burkov <boris(a)bur.io> btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: trap link-local frames regardless of ST Port State Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix wrong config being used when reconfiguring PCS Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: HTB, Fix inconsistencies with QoS SQs number Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix mlx5e_priv_init() cleanup flow Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Clear stale u->oob_skb. Marek Vasut <marex(a)denx.de> net: ks8851: Handle softirqs at the end of IRQ thread to fix hang Marek Vasut <marex(a)denx.de> net: ks8851: Inline ks8851_rx_skb() Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Reset PTP tx_avail after possible firmware reset Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Alex Constantino <dreaming.about.electric.sheep(a)gmail.com> Revert "drm/qxl: simplify qxl_fence_wait" Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Anna-Maria Behnsen <anna-maria(a)linutronix.de> PM: s2idle: Make sure CPUs will wakeup directly on resume Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Only update pages_touched when a new page is touched Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_scsi_dev_rescan() error path Steve French <stfrench(a)microsoft.com> smb3: fix Open files on server counter going negative ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 22 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 12 +- arch/x86/Kconfig | 21 +- arch/x86/events/core.c | 1 + arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/apic/apic.c | 6 +- arch/x86/kernel/cpu/bugs.c | 82 ++++---- arch/x86/kernel/cpu/common.c | 48 ++--- drivers/ata/libata-scsi.c | 9 +- drivers/gpu/drm/amd/amdgpu/soc21.c | 27 ++- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 1 + .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 12 +- drivers/gpu/drm/ast/ast_dp.c | 3 + drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 7 +- drivers/gpu/drm/i915/display/intel_cdclk.h | 3 + drivers/gpu/drm/i915/display/intel_ddi.c | 5 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 + .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/qxl/qxl_release.c | 50 ++++- drivers/iommu/intel/svm.c | 2 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/net/dsa/mt7530.c | 229 ++++++++++++++++++--- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 ++-- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +- drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 33 +-- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 - drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/micrel/ks8851.h | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/micrel/ks8851_par.c | 11 - drivers/net/ethernet/micrel/ks8851_spi.c | 11 - .../net/ethernet/microchip/sparx5/sparx5_port.c | 4 +- drivers/net/geneve.c | 4 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 2 +- drivers/scsi/qla2xxx/qla_edif.c | 2 +- drivers/vhost/vhost.c | 28 ++- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/qgroup.c | 2 + fs/btrfs/transaction.c | 17 +- fs/smb/client/cached_dir.c | 4 +- include/linux/dma-fence.h | 7 + include/linux/irqflags.h | 2 +- include/linux/u64_stats_sync.h | 9 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 2 +- include/net/bluetooth/bluetooth.h | 9 + include/net/ip_tunnels.h | 33 +++ io_uring/net.c | 1 + kernel/cpu.c | 3 +- kernel/kprobes.c | 18 +- kernel/power/suspend.c | 6 + kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace_events.c | 4 + net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 52 ++--- net/bluetooth/sco.c | 23 +-- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 4 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/openvswitch/conntrack.c | 5 +- net/unix/af_unix.c | 8 +- net/unix/garbage.c | 35 +++- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + tools/testing/selftests/timers/posix_timers.c | 2 +- 77 files changed, 715 insertions(+), 382 deletions(-)

1 year, 5 months

11
79
0 0

[PATCH] USB: serial: option: add support for Fibocom FM650/FG650

by Chuanhong Guo

Fibocom FM650/FG650 are 5G modems with ECM/NCM/RNDIS/MBIM modes. This patch adds support to all 4 modes. usb-devices output for all modes: ECM: T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 5 Spd=5000 MxCh= 0 D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=2cb7 ProdID=0a04 Rev=04.04 S: Manufacturer=Fibocom Wireless Inc. S: Product=FG650 Module S: SerialNumber=0123456789ABCDEF C: #Ifs= 5 Cfg#= 1 Atr=c0 MxPwr=504mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms NCM: T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 6 Spd=5000 MxCh= 0 D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=2cb7 ProdID=0a05 Rev=04.04 S: Manufacturer=Fibocom Wireless Inc. S: Product=FG650 Module S: SerialNumber=0123456789ABCDEF C: #Ifs= 6 Cfg#= 1 Atr=c0 MxPwr=504mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0d Prot=00 Driver=cdc_ncm E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=01 Driver=cdc_ncm E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms RNDIS: T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 4 Spd=5000 MxCh= 0 D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=2cb7 ProdID=0a06 Rev=04.04 S: Manufacturer=Fibocom Wireless Inc. S: Product=FG650 Module S: SerialNumber=0123456789ABCDEF C: #Ifs= 6 Cfg#= 1 Atr=c0 MxPwr=504mA I: If#= 0 Alt= 0 #EPs= 1 Cls=e0(wlcon) Sub=01 Prot=03 Driver=rndis_host E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms MBIM: T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=5000 MxCh= 0 D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=2cb7 ProdID=0a07 Rev=04.04 S: Manufacturer=Fibocom Wireless Inc. S: Product=FG650 Module S: SerialNumber=0123456789ABCDEF C: #Ifs= 6 Cfg#= 1 Atr=c0 MxPwr=504mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms Signed-off-by: Chuanhong Guo <gch981213(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/usb/serial/option.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..964d3fffa545 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -2277,6 +2277,10 @@ static const struct usb_device_id option_ids[] = { { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x01a3, 0xff) }, /* Fibocom FM101-GL (laptop MBIM) */ { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x01a4, 0xff), /* Fibocom FM101-GL (laptop MBIM) */ .driver_info = RSVD(4) }, + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a04, 0xff) }, /* Fibocom FM650-CN (ECM mode) */ + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a05, 0xff) }, /* Fibocom FM650-CN (NCM mode) */ + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a06, 0xff) }, /* Fibocom FM650-CN (RNDIS mode) */ + { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0a07, 0xff) }, /* Fibocom FM650-CN (MBIM mode) */ { USB_DEVICE_INTERFACE_CLASS(0x2df3, 0x9d03, 0xff) }, /* LongSung M5710 */ { USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1404, 0xff) }, /* GosunCn GM500 RNDIS */ { USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1405, 0xff) }, /* GosunCn GM500 MBIM */ -- 2.44.0

1 year, 5 months

2
3
0 0

[PATCH 5.15 00/45] 5.15.156-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.156 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Apr 2024 14:19:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.156-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.156-rc1 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix CDCLK programming order when pipes are active Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI handling of RRSBA Ingo Molnar <mingo(a)kernel.org> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI documentation Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Fix return type of spectre_bhi_state() Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix out of range data Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: trap link-local frames regardless of ST Port State Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix wrong config being used when reconfiguring PCS Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Clear stale u->oob_skb. Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates. Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Alex Constantino <dreaming.about.electric.sheep(a)gmail.com> Revert "drm/qxl: simplify qxl_fence_wait" Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Only update pages_touched when a new page is touched Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 22 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 12 +- arch/x86/Kconfig | 21 +- arch/x86/events/core.c | 1 + arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/cpu/bugs.c | 82 ++++---- arch/x86/kernel/cpu/common.c | 48 ++--- drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 7 +- drivers/gpu/drm/i915/display/intel_cdclk.h | 3 + .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/qxl/qxl_release.c | 50 ++++- drivers/iommu/intel/svm.c | 2 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/net/dsa/mt7530.c | 229 ++++++++++++++++++--- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 ++-- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- .../net/ethernet/microchip/sparx5/sparx5_port.c | 4 +- drivers/net/geneve.c | 4 +- drivers/scsi/qla2xxx/qla_edif.c | 2 +- drivers/vhost/vhost.c | 14 +- fs/btrfs/qgroup.c | 2 + include/linux/dma-fence.h | 7 + include/linux/irqflags.h | 2 +- include/linux/u64_stats_sync.h | 42 ++-- include/net/addrconf.h | 4 + include/net/af_unix.h | 2 +- include/net/ip_tunnels.h | 33 +++ kernel/cpu.c | 3 +- kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace_events.c | 4 + net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 4 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/openvswitch/conntrack.c | 5 +- net/unix/af_unix.c | 8 +- net/unix/garbage.c | 35 +++- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + tools/testing/selftests/timers/posix_timers.c | 2 +- 50 files changed, 556 insertions(+), 256 deletions(-)

1 year, 5 months

9
54
0 0

[Request] backport a mainline patch to Linux kernel-5.10 stable tree

by Bo Ye (叶波)

Dear Reviewers, we suggest to backport a commit to Linux kernel-5.10 stable tree to fix thermal bug. Thanks a lot source patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/d… thermal: core: Fix thermal zone suspend-resume synchronization There are 3 synchronization issues with thermal zone suspend-resume during system-wide transitions: 1. The resume code runs in a PM notifier which is invoked after user space has been thawed, so it can run concurrently with user space which can trigger a thermal zone device removal. If that happens, the thermal zone resume code may use a stale pointer to the next list element and crash, because it does not hold thermal_list_lock while walking thermal_tz_list. 2. The thermal zone resume code calls thermal_zone_device_init() outside the zone lock, so user space or an update triggered by the platform firmware may see an inconsistent state of a thermal zone leading to unexpected behavior. 3. Clearing the in_suspend global variable in thermal_pm_notify() allows __thermal_zone_device_update() to continue for all thermal zones and it may as well run before the thermal_tz_list walk (or at any point during the list walk for that matter) and attempt to operate on a thermal zone that has not been resumed yet. It may also race destructively with thermal_zone_device_init(). To address these issues, add thermal_list_lock locking to thermal_pm_notify(), especially arount the thermal_tz_list, make it call thermal_zone_device_init() back-to-back with __thermal_zone_device_update() under the zone lock and replace in_suspend with per-zone bool "suspend" indicators set and unset under the given zone's lock. Link: https://lore.kernel.org/linux-pm/20231218162348.69101-1-bo.ye@mediatek.com/ Reported-by: Bo Ye <bo.ye(a)mediatek.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.co thermal: core: Fix thermal zone suspend-resume synchronization There are 3 synchronization issues with thermal zone suspend-resume during system-wide transitions: 1. The resume code runs in a PM notifier which is invoked after user space has been thawed, so it can run concurrently with user space which can trigger a thermal zone device removal. If that happens, the thermal zone resume code may use a stale pointer to the next list element and crash, because it does not hold thermal_list_lock while walking thermal_tz_list. 2. The thermal zone resume code calls thermal_zone_device_init() outside the zone lock, so user space or an update triggered by the platform firmware may see an inconsistent state of a thermal zone leading to unexpected behavior. 3. Clearing the in_suspend global variable in thermal_pm_notify() allows __thermal_zone_device_update() to continue for all thermal zones and it may as well run before the thermal_tz_list walk (or at any point during the list walk for that matter) and attempt to operate on a thermal zone that has not been resumed yet. It may also race destructively with thermal_zone_device_init(). To address these issues, add thermal_list_lock locking to thermal_pm_notify(), especially arount the thermal_tz_list, make it call thermal_zone_device_init() back-to-back with __thermal_zone_device_update() under the zone lock and replace in_suspend with per-zone bool "suspend" indicators set and unset under the given zone's lock. Link: https://lore.kernel.org/linux-pm/20231218162348.69101-1-bo.ye@mediatek.com/ Reported-by: Bo Ye <bo.ye(a)mediatek.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> BRs Bo Ye

1 year, 5 months

2
1
0 0

撤回: [Request] backport a mainline patch to Linux kernel-5.10 stable tree

by Bo Ye (叶波)

Bo Ye (叶波) 将撤回邮件“[Request] backport a mainline patch to Linux kernel-5.10 stable tree”。

1 year, 5 months

2
1
0 0

撤回: [Request] backport a mainline patch to Linux kernel-5.10 stable tree

by Bo Ye (叶波)

Bo Ye (叶波) 将撤回邮件“[Request] backport a mainline patch to Linux kernel-5.10 stable tree”。

1 year, 5 months

1
0
0 0

撤回: [Request] backport a mainline patch to Linux kernel-5.10 stable tree

by Bo Ye (叶波)

Bo Ye (叶波) 将撤回邮件“[Request] backport a mainline patch to Linux kernel-5.10 stable tree”。

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly has been removed from the -mm tree. Its filename was mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly Date: Thu, 14 Mar 2024 17:12:59 +0100 Darrick reports that in some cases where pread() would fail with -EIO and mmap()+access would generate a SIGBUS signal, MADV_POPULATE_READ / MADV_POPULATE_WRITE will keep retrying forever and not fail with -EFAULT. While the madvise() call can be interrupted by a signal, this is not the desired behavior. MADV_POPULATE_READ / MADV_POPULATE_WRITE should behave like page faults in that case: fail and not retry forever. A reproducer can be found at [1]. The reason is that __get_user_pages(), as called by faultin_vma_page_range(), will not handle VM_FAULT_RETRY in a proper way: it will simply return 0 when VM_FAULT_RETRY happened, making madvise_populate()->faultin_vma_page_range() retry again and again, never setting FOLL_TRIED->FAULT_FLAG_TRIED for __get_user_pages(). __get_user_pages_locked() does what we want, but duplicating that logic in faultin_vma_page_range() feels wrong. So let's use __get_user_pages_locked() instead, that will detect VM_FAULT_RETRY and set FOLL_TRIED when retrying, making the fault handler return VM_FAULT_SIGBUS (VM_FAULT_ERROR) at some point, propagating -EFAULT from faultin_page() to __get_user_pages(), all the way to madvise_populate(). But, there is an issue: __get_user_pages_locked() will end up re-taking the MM lock and then __get_user_pages() will do another VMA lookup. In the meantime, the VMA layout could have changed and we'd fail with different error codes than we'd want to. As __get_user_pages() will currently do a new VMA lookup either way, let it do the VMA handling in a different way, controlled by a new FOLL_MADV_POPULATE flag, effectively moving these checks from madvise_populate() + faultin_page_range() in there. With this change, Darricks reproducer properly fails with -EFAULT, as documented for MADV_POPULATE_READ / MADV_POPULATE_WRITE. [1] https://lore.kernel.org/all/20240313171936.GN1927156@frogsfrogsfrogs/ Link: https://lkml.kernel.org/r/20240314161300.382526-1-david@redhat.com Link: https://lkml.kernel.org/r/20240314161300.382526-2-david@redhat.com Fixes: 4ca9b3859dac ("mm/madvise: introduce MADV_POPULATE_(READ|WRITE) to prefault page tables") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Darrick J. Wong <djwong(a)kernel.org> Closes: https://lore.kernel.org/all/20240311223815.GW1927156@frogsfrogsfrogs/ Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 54 ++++++++++++++++++++++++++++-------------------- mm/internal.h | 10 +++++--- mm/madvise.c | 17 +-------------- 3 files changed, 40 insertions(+), 41 deletions(-) --- a/mm/gup.c~mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly +++ a/mm/gup.c @@ -1206,6 +1206,22 @@ static long __get_user_pages(struct mm_s /* first iteration or cross vma bound */ if (!vma || start >= vma->vm_end) { + /* + * MADV_POPULATE_(READ|WRITE) wants to handle VMA + * lookups+error reporting differently. + */ + if (gup_flags & FOLL_MADV_POPULATE) { + vma = vma_lookup(mm, start); + if (!vma) { + ret = -ENOMEM; + goto out; + } + if (check_vma_flags(vma, gup_flags)) { + ret = -EINVAL; + goto out; + } + goto retry; + } vma = gup_vma_lookup(mm, start); if (!vma && in_gate_area(mm, start)) { ret = get_gate_page(mm, start & PAGE_MASK, @@ -1685,35 +1701,35 @@ long populate_vma_page_range(struct vm_a } /* - * faultin_vma_page_range() - populate (prefault) page tables inside the - * given VMA range readable/writable + * faultin_page_range() - populate (prefault) page tables inside the + * given range readable/writable * * This takes care of mlocking the pages, too, if VM_LOCKED is set. * - * @vma: target vma + * @mm: the mm to populate page tables in * @start: start address * @end: end address * @write: whether to prefault readable or writable * @locked: whether the mmap_lock is still held * - * Returns either number of processed pages in the vma, or a negative error - * code on error (see __get_user_pages()). + * Returns either number of processed pages in the MM, or a negative error + * code on error (see __get_user_pages()). Note that this function reports + * errors related to VMAs, such as incompatible mappings, as expected by + * MADV_POPULATE_(READ|WRITE). * - * vma->vm_mm->mmap_lock must be held. The range must be page-aligned and - * covered by the VMA. If it's released, *@locked will be set to 0. + * The range must be page-aligned. + * + * mm->mmap_lock must be held. If it's released, *@locked will be set to 0. */ -long faultin_vma_page_range(struct vm_area_struct *vma, unsigned long start, - unsigned long end, bool write, int *locked) +long faultin_page_range(struct mm_struct *mm, unsigned long start, + unsigned long end, bool write, int *locked) { - struct mm_struct *mm = vma->vm_mm; unsigned long nr_pages = (end - start) / PAGE_SIZE; int gup_flags; long ret; VM_BUG_ON(!PAGE_ALIGNED(start)); VM_BUG_ON(!PAGE_ALIGNED(end)); - VM_BUG_ON_VMA(start < vma->vm_start, vma); - VM_BUG_ON_VMA(end > vma->vm_end, vma); mmap_assert_locked(mm); /* @@ -1725,19 +1741,13 @@ long faultin_vma_page_range(struct vm_ar * a poisoned page. * !FOLL_FORCE: Require proper access permissions. */ - gup_flags = FOLL_TOUCH | FOLL_HWPOISON | FOLL_UNLOCKABLE; + gup_flags = FOLL_TOUCH | FOLL_HWPOISON | FOLL_UNLOCKABLE | + FOLL_MADV_POPULATE; if (write) gup_flags |= FOLL_WRITE; - /* - * We want to report -EINVAL instead of -EFAULT for any permission - * problems or incompatible mappings. - */ - if (check_vma_flags(vma, gup_flags)) - return -EINVAL; - - ret = __get_user_pages(mm, start, nr_pages, gup_flags, - NULL, locked); + ret = __get_user_pages_locked(mm, start, nr_pages, NULL, locked, + gup_flags); lru_add_drain(); return ret; } --- a/mm/internal.h~mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly +++ a/mm/internal.h @@ -686,9 +686,8 @@ struct anon_vma *folio_anon_vma(struct f void unmap_mapping_folio(struct folio *folio); extern long populate_vma_page_range(struct vm_area_struct *vma, unsigned long start, unsigned long end, int *locked); -extern long faultin_vma_page_range(struct vm_area_struct *vma, - unsigned long start, unsigned long end, - bool write, int *locked); +extern long faultin_page_range(struct mm_struct *mm, unsigned long start, + unsigned long end, bool write, int *locked); extern bool mlock_future_ok(struct mm_struct *mm, unsigned long flags, unsigned long bytes); @@ -1127,10 +1126,13 @@ enum { FOLL_FAST_ONLY = 1 << 20, /* allow unlocking the mmap lock */ FOLL_UNLOCKABLE = 1 << 21, + /* VMA lookup+checks compatible with MADV_POPULATE_(READ|WRITE) */ + FOLL_MADV_POPULATE = 1 << 22, }; #define INTERNAL_GUP_FLAGS (FOLL_TOUCH | FOLL_TRIED | FOLL_REMOTE | FOLL_PIN | \ - FOLL_FAST_ONLY | FOLL_UNLOCKABLE) + FOLL_FAST_ONLY | FOLL_UNLOCKABLE | \ + FOLL_MADV_POPULATE) /* * Indicates for which pages that are write-protected in the page table, --- a/mm/madvise.c~mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly +++ a/mm/madvise.c @@ -908,27 +908,14 @@ static long madvise_populate(struct vm_a { const bool write = behavior == MADV_POPULATE_WRITE; struct mm_struct *mm = vma->vm_mm; - unsigned long tmp_end; int locked = 1; long pages; *prev = vma; while (start < end) { - /* - * We might have temporarily dropped the lock. For example, - * our VMA might have been split. - */ - if (!vma || start >= vma->vm_end) { - vma = vma_lookup(mm, start); - if (!vma) - return -ENOMEM; - } - - tmp_end = min_t(unsigned long, end, vma->vm_end); /* Populate (prefault) page tables readable/writable. */ - pages = faultin_vma_page_range(vma, start, tmp_end, write, - &locked); + pages = faultin_page_range(mm, start, end, write, &locked); if (!locked) { mmap_read_lock(mm); locked = 1; @@ -949,7 +936,7 @@ static long madvise_populate(struct vm_a pr_warn_once("%s: unhandled return value: %ld\n", __func__, pages); fallthrough; - case -ENOMEM: + case -ENOMEM: /* No VMA or out of memory. */ return -ENOMEM; } } _ Patches currently in -mm which might be from david(a)redhat.com are mm-madvise-dont-perform-madvise-vma-walk-for-madv_populate_readwrite.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared-fix.patch selftests-memfd_secret-add-vmsplice-test.patch mm-merge-folio_is_secretmem-and-folio_fast_pin_allowed-into-gup_fast_folio_allowed.patch mm-optimize-config_per_vma_lock-member-placement-in-vm_area_struct.patch mm-remove-prot-parameter-from-move_pte.patch mm-gup-consistently-name-gup-fast-functions.patch mm-treewide-rename-config_have_fast_gup-to-config_have_gup_fast.patch mm-use-gup-fast-instead-fast-gup-in-remaining-comments.patch drivers-virt-acrn-fix-pfnmap-pte-checks-in-acrn_vm_ram_map.patch mm-pass-vma-instead-of-mm-to-follow_pte.patch mm-follow_pte-improvements.patch mm-allow-for-detecting-underflows-with-page_mapcount-again.patch mm-rmap-always-inline-anon-file-rmap-duplication-of-a-single-pte.patch mm-rmap-add-fast-path-for-small-folios-when-adding-removing-duplicating.patch mm-track-mapcount-of-large-folios-in-single-value.patch mm-improve-folio_likely_mapped_shared-using-the-mapcount-of-large-folios.patch mm-make-folio_mapcount-return-0-for-small-typed-folios.patch mm-memory-use-folio_mapcount-in-zap_present_folio_ptes.patch mm-huge_memory-use-folio_mapcount-in-zap_huge_pmd-sanity-check.patch mm-memory-failure-use-folio_mapcount-in-hwpoison_user_mappings.patch mm-page_alloc-use-folio_mapped-in-__alloc_contig_migrate_range.patch mm-migrate-use-folio_likely_mapped_shared-in-add_page_for_migration.patch sh-mm-cache-use-folio_mapped-in-copy_from_user_page.patch mm-filemap-use-folio_mapcount-in-filemap_unaccount_folio.patch mm-migrate_device-use-folio_mapcount-in-migrate_vma_check_page.patch trace-events-page_ref-trace-the-raw-page-mapcount-value.patch xtensa-mm-convert-check_tlb_entry-to-sanity-check-folios.patch mm-debug-print-only-page-mapcount-excluding-folio-entire-mapcount-in-__dump_folio.patch documentation-admin-guide-cgroup-v1-memoryrst-dont-reference-page_mapcount.patch mm-ksm-rename-get_ksm_page_flags-to-ksm_get_folio_flags.patch mm-ksm-remove-page_mapcount-usage-in-stable_tree_search.patch loongarch-tlb-fix-error-parameter-ptep-set-but-not-used-due-to-__tlb_remove_tlb_entry.patch

1 year, 5 months

2
1
0 0

[merged mm-hotfixes-stable] nilfs2-fix-oob-in-nilfs_set_de_type.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix OOB in nilfs_set_de_type has been removed from the -mm tree. Its filename was nilfs2-fix-oob-in-nilfs_set_de_type.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jeongjun Park <aha310510(a)gmail.com> Subject: nilfs2: fix OOB in nilfs_set_de_type Date: Tue, 16 Apr 2024 03:20:48 +0900 The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to read from the array in the same way as "(mode & S_IFMT) >> S_SHIFT". static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode *inode) { umode_t mode = inode->i_mode; de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob } However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition "mode & S_IFMT == S_IFMT" is satisfied. Therefore, a patch to resize the nilfs_type_by_mode array should be applied to prevent OOB errors. Link: https://lkml.kernel.org/r/20240415182048.7144-1-konishi.ryusuke@gmail.com Reported-by: syzbot+2e22057de05b9f3b30d8(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2e22057de05b9f3b30d8 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nilfs2/dir.c~nilfs2-fix-oob-in-nilfs_set_de_type +++ a/fs/nilfs2/dir.c @@ -240,7 +240,7 @@ nilfs_filetype_table[NILFS_FT_MAX] = { #define S_SHIFT 12 static unsigned char -nilfs_type_by_mode[S_IFMT >> S_SHIFT] = { +nilfs_type_by_mode[(S_IFMT >> S_SHIFT) + 1] = { [S_IFREG >> S_SHIFT] = NILFS_FT_REG_FILE, [S_IFDIR >> S_SHIFT] = NILFS_FT_DIR, [S_IFCHR >> S_SHIFT] = NILFS_FT_CHRDEV, _ Patches currently in -mm which might be from aha310510(a)gmail.com are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fork: defer linking file vma until vma is fully initialized has been removed from the -mm tree. Its filename was fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: fork: defer linking file vma until vma is fully initialized Date: Wed, 10 Apr 2024 17:14:41 +0800 Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/fork.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) --- a/kernel/fork.c~fork-defer-linking-file-vma-until-vma-is-fully-initialized +++ a/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(str } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(str i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out; _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/shmem: inline shmem_is_huge() for disabled transparent hugepages has been removed from the -mm tree. Its filename was mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Subject: mm/shmem: inline shmem_is_huge() for disabled transparent hugepages Date: Tue, 9 Apr 2024 17:54:07 +0200 In order to minimize code size (CONFIG_CC_OPTIMIZE_FOR_SIZE=y), compiler might choose to make a regular function call (out-of-line) for shmem_is_huge() instead of inlining it. When transparent hugepages are disabled (CONFIG_TRANSPARENT_HUGEPAGE=n), it can cause compilation error. mm/shmem.c: In function `shmem_getattr': ./include/linux/huge_mm.h:383:27: note: in expansion of macro `BUILD_BUG' 383 | #define HPAGE_PMD_SIZE ({ BUILD_BUG(); 0; }) | ^~~~~~~~~ mm/shmem.c:1148:33: note: in expansion of macro `HPAGE_PMD_SIZE' 1148 | stat->blksize = HPAGE_PMD_SIZE; To prevent the possible error, always inline shmem_is_huge() when transparent hugepages are disabled. Link: https://lkml.kernel.org/r/20240409155407.2322714-1-sumanthk@linux.ibm.com Signed-off-by: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Ilya Leoshkevich <iii(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/shmem_fs.h | 9 +++++++++ mm/shmem.c | 6 ------ 2 files changed, 9 insertions(+), 6 deletions(-) --- a/include/linux/shmem_fs.h~mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages +++ a/include/linux/shmem_fs.h @@ -110,8 +110,17 @@ extern struct page *shmem_read_mapping_p extern void shmem_truncate_range(struct inode *inode, loff_t start, loff_t end); int shmem_unuse(unsigned int type); +#ifdef CONFIG_TRANSPARENT_HUGEPAGE extern bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, struct mm_struct *mm, unsigned long vm_flags); +#else +static __always_inline bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, + struct mm_struct *mm, unsigned long vm_flags) +{ + return false; +} +#endif + #ifdef CONFIG_SHMEM extern unsigned long shmem_swap_usage(struct vm_area_struct *vma); #else --- a/mm/shmem.c~mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages +++ a/mm/shmem.c @@ -748,12 +748,6 @@ static long shmem_unused_huge_count(stru #define shmem_huge SHMEM_HUGE_DENY -bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, - struct mm_struct *mm, unsigned long vm_flags) -{ - return false; -} - static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, struct shrink_control *sc, unsigned long nr_to_split) { _ Patches currently in -mm which might be from sumanthk(a)linux.ibm.com are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Squashfs: check the inode number is not the invalid value of zero has been removed from the -mm tree. Its filename was squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Phillip Lougher <phillip(a)squashfs.org.uk> Subject: Squashfs: check the inode number is not the invalid value of zero Date: Mon, 8 Apr 2024 23:02:06 +0100 Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an inode number with the invalid value of zero, which was not checked. The reason this causes the out of bounds access is due to following sequence of events: 1. Fill_meta_index() is called to allocate (via empty_meta_index()) and fill a metadata index. It however suffers a data read error and aborts, invalidating the newly returned empty metadata index. It does this by setting the inode number of the index to zero, which means unused (zero is not a valid inode number). 2. When fill_meta_index() is subsequently called again on another read operation, locate_meta_index() returns the previous index because it matches the inode number of 0. Because this index has been returned it is expected to have been filled, and because it hasn't been, an out of bounds access is performed. This patch adds a sanity check which checks that the inode number is not zero when the inode is created and returns -EINVAL if it is. [phillip(a)squashfs.org.uk: whitespace fix] Link: https://lkml.kernel.org/r/20240409204723.446925-1-phillip@squashfs.org.uk Link: https://lkml.kernel.org/r/20240408220206.435788-1-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: "Ubisectech Sirius" <bugreport(a)ubisectech.com> Closes: https://lore.kernel.org/lkml/87f5c007-b8a5-41ae-8b57-431e924c5915.bugreport… Cc: Christian Brauner <brauner(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/squashfs/inode.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/fs/squashfs/inode.c~squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero +++ a/fs/squashfs/inode.c @@ -48,6 +48,10 @@ static int squashfs_new_inode(struct sup gid_t i_gid; int err; + inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); + if (inode->i_ino == 0) + return -EINVAL; + err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->uid), &i_uid); if (err) return err; @@ -58,7 +62,6 @@ static int squashfs_new_inode(struct sup i_uid_write(inode, i_uid); i_gid_write(inode, i_gid); - inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); inode_set_mtime(inode, le32_to_cpu(sqsh_ino->mtime), 0); inode_set_atime(inode, inode_get_mtime_sec(inode), 0); inode_set_ctime(inode, inode_get_mtime_sec(inode), 0); _ Patches currently in -mm which might be from phillip(a)squashfs.org.uk are squashfs-remove-deprecated-strncpy-by-not-copying-the-string.patch

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm,swapops: update check in is_pfn_swap_entry for hwpoison entries has been removed from the -mm tree. Its filename was mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Oscar Salvador <osalvador(a)suse.de> Subject: mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Date: Sun, 7 Apr 2024 15:05:37 +0200 Tony reported that the Machine check recovery was broken in v6.9-rc1, as he was hitting a VM_BUG_ON when injecting uncorrectable memory errors to DRAM. After some more digging and debugging on his side, he realized that this went back to v6.1, with the introduction of 'commit 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")'. That commit, among other things, introduced swp_offset_pfn(), replacing hwpoison_entry_to_pfn() in its favour. The patch also introduced a VM_BUG_ON() check for is_pfn_swap_entry(), but is_pfn_swap_entry() never got updated to cover hwpoison entries, which means that we would hit the VM_BUG_ON whenever we would call swp_offset_pfn() for such entries on environments with CONFIG_DEBUG_VM set. Fix this by updating the check to cover hwpoison entries as well, and update the comment while we are it. Link: https://lkml.kernel.org/r/20240407130537.16977-1-osalvador@suse.de Fixes: 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry") Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reported-by: Tony Luck <tony.luck(a)intel.com> Closes: https://lore.kernel.org/all/Zg8kLSl2yAlA3o5D@agluck-desk3/ Tested-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.1.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/swapops.h | 65 +++++++++++++++++++------------------- 1 file changed, 33 insertions(+), 32 deletions(-) --- a/include/linux/swapops.h~mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries +++ a/include/linux/swapops.h @@ -390,6 +390,35 @@ static inline bool is_migration_entry_di } #endif /* CONFIG_MIGRATION */ +#ifdef CONFIG_MEMORY_FAILURE + +/* + * Support for hardware poisoned pages + */ +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + BUG_ON(!PageLocked(page)); + return swp_entry(SWP_HWPOISON, page_to_pfn(page)); +} + +static inline int is_hwpoison_entry(swp_entry_t entry) +{ + return swp_type(entry) == SWP_HWPOISON; +} + +#else + +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + return swp_entry(0, 0); +} + +static inline int is_hwpoison_entry(swp_entry_t swp) +{ + return 0; +} +#endif + typedef unsigned long pte_marker; #define PTE_MARKER_UFFD_WP BIT(0) @@ -483,8 +512,9 @@ static inline struct folio *pfn_swap_ent /* * A pfn swap entry is a special type of swap entry that always has a pfn stored - * in the swap offset. They are used to represent unaddressable device memory - * and to restrict access to a page undergoing migration. + * in the swap offset. They can either be used to represent unaddressable device + * memory, to restrict access to a page undergoing migration or to represent a + * pfn which has been hwpoisoned and unmapped. */ static inline bool is_pfn_swap_entry(swp_entry_t entry) { @@ -492,7 +522,7 @@ static inline bool is_pfn_swap_entry(swp BUILD_BUG_ON(SWP_TYPE_SHIFT < SWP_PFN_BITS); return is_migration_entry(entry) || is_device_private_entry(entry) || - is_device_exclusive_entry(entry); + is_device_exclusive_entry(entry) || is_hwpoison_entry(entry); } struct page_vma_mapped_walk; @@ -561,35 +591,6 @@ static inline int is_pmd_migration_entry } #endif /* CONFIG_ARCH_ENABLE_THP_MIGRATION */ -#ifdef CONFIG_MEMORY_FAILURE - -/* - * Support for hardware poisoned pages - */ -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - BUG_ON(!PageLocked(page)); - return swp_entry(SWP_HWPOISON, page_to_pfn(page)); -} - -static inline int is_hwpoison_entry(swp_entry_t entry) -{ - return swp_type(entry) == SWP_HWPOISON; -} - -#else - -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - return swp_entry(0, 0); -} - -static inline int is_hwpoison_entry(swp_entry_t swp) -{ - return 0; -} -#endif - static inline int non_swap_entry(swp_entry_t entry) { return swp_type(entry) >= MAX_SWAPFILES; _ Patches currently in -mm which might be from osalvador(a)suse.de are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been removed from the -mm tree. Its filename was mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Sun, 7 Apr 2024 16:54:56 +0800 When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mutex_lock+0x6c/0x770 page_alloc_cpu_online+0x3c/0x70 cpuhp_invoke_callback+0x397/0x5f0 __cpuhp_invoke_callback_range+0x71/0xe0 _cpu_up+0xeb/0x210 cpu_up+0x91/0xe0 cpuhp_bringup_mask+0x49/0xb0 bringup_nonboot_cpus+0xb7/0xe0 smp_init+0x25/0xa0 kernel_init_freeable+0x15f/0x3e0 kernel_init+0x15/0x1b0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 -> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pcp_batch_high_lock); lock(cpu_hotplug_lock); lock(pcp_batch_high_lock); rlock(cpu_hotplug_lock); *** DEADLOCK *** 5 locks held by bash/46904: #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70 #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 stack backtrace: CPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 check_noncircular+0x129/0x140 __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fc862314887 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887 RDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001 RBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00 In short, below scene breaks the lock dependency chain: memory_failure __page_handle_poison zone_pcp_disable -- lock(pcp_batch_high_lock) dissolve_free_huge_page __hugetlb_vmemmap_restore_folio static_key_slow_dec cpus_read_lock -- rlock(cpu_hotplug_lock) Fix this by calling drain_all_pages() instead. This issue won't occur until commit a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key"). As it introduced rlock(cpu_hotplug_lock) in dissolve_free_huge_page() code path while lock(pcp_batch_high_lock) is already in the __page_handle_poison(). [linmiaohe(a)huawei.com: extend comment per Oscar] [akpm(a)linux-foundation.org: reflow block comment] Link: https://lkml.kernel.org/r/20240407085456.2798193-1-linmiaohe@huawei.com Fixes: a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled +++ a/mm/memory-failure.c @@ -154,11 +154,23 @@ static int __page_handle_poison(struct p { int ret; - zone_pcp_disable(page_zone(page)); + /* + * zone_pcp_disable() can't be used here. It will + * hold pcp_batch_high_lock and dissolve_free_huge_page() might hold + * cpu_hotplug_lock via static_key_slow_dec() when hugetlb vmemmap + * optimization is enabled. This will break current lock dependency + * chain and leads to deadlock. + * Disabling pcp before dissolving the page was a deterministic + * approach because we made sure that those pages cannot end up in any + * PCP list. Draining PCP lists expels those pages to the buddy system, + * but nothing guarantees that those pages do not get back to a PCP + * queue if we need to refill those. + */ ret = dissolve_free_huge_page(page); - if (!ret) + if (!ret) { + drain_all_pages(page_zone(page)); ret = take_page_off_buddy(page); - zone_pcp_enable(page_zone(page)); + } return ret; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/userfaultfd: allow hugetlb change protection upon poison entry has been removed from the -mm tree. Its filename was mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/userfaultfd: allow hugetlb change protection upon poison entry Date: Fri, 5 Apr 2024 19:19:20 -0400 After UFFDIO_POISON, there can be two kinds of hugetlb pte markers, either the POISON one or UFFD_WP one. Allow change protection to run on a poisoned marker just like !hugetlb cases, ignoring the marker irrelevant of the permission. Here the two bits are mutual exclusive. For example, when install a poisoned entry it must not be UFFD_WP already (by checking pte_none() before such install). And it also means if UFFD_WP is set there must have no POISON bit set. It makes sense because UFFD_WP is a bit to reflect permission, and permissions do not apply if the pte is poisoned and destined to sigbus. So here we simply check uffd_wp bit set first, do nothing otherwise. Attach the Fixes to UFFDIO_POISON work, as before that it should not be possible to have poison entry for hugetlb (e.g., hugetlb doesn't do swap, so no chance of swapin errors). Link: https://lkml.kernel.org/r/20240405231920.1772199-1-peterx@redhat.com Link: https://lore.kernel.org/r/000000000000920d5e0615602dd1@google.com Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: syzbot+b07c8ac8eee3d4d8440f(a)syzkaller.appspotmail.com Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Axel Rasmussen <axelrasmussen(a)google.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/hugetlb.c~mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry +++ a/mm/hugetlb.c @@ -7044,9 +7044,13 @@ long hugetlb_change_protection(struct vm if (!pte_same(pte, newpte)) set_huge_pte_at(mm, address, ptep, newpte, psize); } else if (unlikely(is_pte_marker(pte))) { - /* No other markers apply for now. */ - WARN_ON_ONCE(!pte_marker_uffd_wp(pte)); - if (uffd_wp_resolve) + /* + * Do nothing on a poison marker; page is + * corrupted, permissons do not apply. Here + * pte_marker_uffd_wp()==true implies !poison + * because they're mutual exclusive. + */ + if (pte_marker_uffd_wp(pte) && uffd_wp_resolve) /* Safe to modify directly (non-present->none). */ huge_pte_clear(mm, address, ptep, psize); } else if (!huge_pte_none(pte)) { _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-hmm-process-pud-swap-entry-without-pud_huge.patch mm-gup-cache-p4d-in-follow_p4d_mask.patch mm-gup-check-p4d-presence-before-going-on.patch mm-x86-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-sparc-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-arm-use-macros-to-define-pmd-pud-helpers.patch mm-arm-redefine-pmd_huge-with-pmd_leaf.patch mm-arm64-merge-pxd_huge-and-pxd_leaf-definitions.patch mm-powerpc-redefine-pxd_huge-with-pxd_leaf.patch mm-gup-merge-pxd-huge-mapping-checks.patch mm-treewide-replace-pxd_huge-with-pxd_leaf.patch mm-treewide-remove-pxd_huge.patch mm-arm-remove-pmd_thp_or_huge.patch mm-document-pxd_leaf-api.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation-fix.patch mm-kconfig-config_pgtable_has_huge_leaves.patch mm-hugetlb-declare-hugetlbfs_pagecache_present-non-static.patch mm-make-hpage_pxd_-macros-even-if-thp.patch mm-introduce-vma_pgtable_walk_beginend.patch mm-arch-provide-pud_pfn-fallback.patch mm-arch-provide-pud_pfn-fallback-fix.patch mm-gup-drop-folio_fast_pin_allowed-in-hugepd-processing.patch mm-gup-refactor-record_subpages-to-find-1st-small-page.patch mm-gup-handle-hugetlb-for-no_page_table.patch mm-gup-cache-pudp-in-follow_pud_mask.patch mm-gup-handle-huge-pud-for-follow_pud_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask-fix.patch mm-gup-handle-hugepd-for-follow_page.patch mm-gup-handle-hugetlb-in-the-generic-follow_page_mask-code.patch mm-allow-anon-exclusive-check-over-hugetlb-tail-pages.patch mm-page_table_check-support-userfault-wr-protect-entries.patch

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE has been removed from the -mm tree. Its filename was userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lokesh Gidra <lokeshgidra(a)google.com> Subject: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Date: Thu, 4 Apr 2024 10:17:26 -0700 Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails") moved the src_folio->{mapping, index} changing to after clearing the page-table and ensuring that it's not pinned. This avoids failure of swapout+migration and possibly memory corruption. However, the commit missed fixing it in the huge-page case. Link: https://lkml.kernel.org/r/20240404171726.2302435-1-lokeshgidra@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/huge_memory.c~userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move +++ a/mm/huge_memory.c @@ -2259,9 +2259,6 @@ int move_pages_huge_pmd(struct mm_struct goto unlock_ptls; } - folio_move_anon_rmap(src_folio, dst_vma); - WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); - src_pmdval = pmdp_huge_clear_flush(src_vma, src_addr, src_pmd); /* Folio got pinned from under us. Put it back and fail the move. */ if (folio_maybe_dma_pinned(src_folio)) { @@ -2270,6 +2267,9 @@ int move_pages_huge_pmd(struct mm_struct goto unlock_ptls; } + folio_move_anon_rmap(src_folio, dst_vma); + WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); + _dst_pmd = mk_huge_pmd(&src_folio->page, dst_vma->vm_page_prot); /* Follow mremap() behavior and treat the entry dirty after the move */ _dst_pmd = pmd_mkwrite(pmd_mkdirty(_dst_pmd), dst_vma); _ Patches currently in -mm which might be from lokeshgidra(a)google.com are

1 year, 5 months

1
0
0 0

[folded-merged] mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been removed from the -mm tree. Its filename was mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch This patch was dropped because it was folded into mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Fri, 12 Apr 2024 10:57:54 +0800 extend comment per Oscar Link: https://lkml.kernel.org/r/20240412025754.1897615-1-linmiaohe@huawei.com Fixes: a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2 +++ a/mm/memory-failure.c @@ -159,6 +159,10 @@ static int __page_handle_poison(struct p * dissolve_free_huge_page() might hold cpu_hotplug_lock via static_key_slow_dec() * when hugetlb vmemmap optimization is enabled. This will break current lock * dependency chain and leads to deadlock. + * Disabling pcp before dissolving the page was a deterministic approach because + * we made sure that those pages cannot end up in any PCP list. Draining PCP lists + * expels those pages to the buddy system, but nothing guarantees that those pages + * do not get back to a PCP queue if we need to refill those. */ ret = dissolve_free_huge_page(page); if (!ret) { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch

1 year, 5 months

1
0
0 0

[PATCH] Revert 2267b2e84593bd3d61a1188e68fba06307fa9dab

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> ltp test fcntl17 fails on v5.15.154. This was bisected to commit 2267b2e84593 ("lockd: introduce safe async lock op"). Reported-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- Documentation/filesystems/nfs/exporting.rst | 7 ------- fs/lockd/svclock.c | 4 +++- fs/nfsd/nfs4state.c | 10 +++------- include/linux/exportfs.h | 14 -------------- 4 files changed, 6 insertions(+), 29 deletions(-) diff --git a/Documentation/filesystems/nfs/exporting.rst b/Documentation/filesystems/nfs/exporting.rst index 6a1cbd7de38d..6f59a364f84c 100644 --- a/Documentation/filesystems/nfs/exporting.rst +++ b/Documentation/filesystems/nfs/exporting.rst @@ -241,10 +241,3 @@ following flags are defined: all of an inode's dirty data on last close. Exports that behave this way should set EXPORT_OP_FLUSH_ON_CLOSE so that NFSD knows to skip waiting for writeback when closing such files. - - EXPORT_OP_ASYNC_LOCK - Indicates a capable filesystem to do async lock - requests from lockd. Only set EXPORT_OP_ASYNC_LOCK if the filesystem has - it's own ->lock() functionality as core posix_lock_file() implementation - has no async lock request handling yet. For more information about how to - indicate an async lock request from a ->lock() file_operations struct, see - fs/locks.c and comment for the function vfs_lock_file(). diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c index 55c0a0331188..4e30f3c50970 100644 --- a/fs/lockd/svclock.c +++ b/fs/lockd/svclock.c @@ -470,7 +470,9 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, struct nlm_host *host, struct nlm_lock *lock, int wait, struct nlm_cookie *cookie, int reclaim) { +#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) struct inode *inode = nlmsvc_file_inode(file); +#endif struct nlm_block *block = NULL; int error; int mode; @@ -484,7 +486,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, (long long)lock->fl.fl_end, wait); - if (!exportfs_lock_op_is_async(inode->i_sb->s_export_op)) { + if (nlmsvc_file_file(file)->f_op->lock) { async_block = wait; wait = 0; } diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 40b5b226e504..d07176eee935 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -7420,7 +7420,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_blocked_lock *nbl = NULL; struct file_lock *file_lock = NULL; struct file_lock *conflock = NULL; - struct super_block *sb; __be32 status = 0; int lkflg; int err; @@ -7442,7 +7441,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, dprintk("NFSD: nfsd4_lock: permission denied!\n"); return status; } - sb = cstate->current_fh.fh_dentry->d_sb; if (lock->lk_is_new) { if (nfsd4_has_session(cstate)) @@ -7494,8 +7492,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, fp = lock_stp->st_stid.sc_file; switch (lock->lk_type) { case NFS4_READW_LT: - if (nfsd4_has_session(cstate) || - exportfs_lock_op_is_async(sb->s_export_op)) + if (nfsd4_has_session(cstate)) fl_flags |= FL_SLEEP; fallthrough; case NFS4_READ_LT: @@ -7507,8 +7504,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, fl_type = F_RDLCK; break; case NFS4_WRITEW_LT: - if (nfsd4_has_session(cstate) || - exportfs_lock_op_is_async(sb->s_export_op)) + if (nfsd4_has_session(cstate)) fl_flags |= FL_SLEEP; fallthrough; case NFS4_WRITE_LT: @@ -7536,7 +7532,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, * for file locks), so don't attempt blocking lock notifications * on those filesystems: */ - if (!exportfs_lock_op_is_async(sb->s_export_op)) + if (nf->nf_file->f_op->lock) fl_flags &= ~FL_SLEEP; nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn); diff --git a/include/linux/exportfs.h b/include/linux/exportfs.h index 6525f4b7eb97..218fc5c54e90 100644 --- a/include/linux/exportfs.h +++ b/include/linux/exportfs.h @@ -222,23 +222,9 @@ struct export_operations { atomic attribute updates */ #define EXPORT_OP_FLUSH_ON_CLOSE (0x20) /* fs flushes file data on close */ -#define EXPORT_OP_ASYNC_LOCK (0x40) /* fs can do async lock request */ unsigned long flags; }; -/** - * exportfs_lock_op_is_async() - export op supports async lock operation - * @export_ops: the nfs export operations to check - * - * Returns true if the nfs export_operations structure has - * EXPORT_OP_ASYNC_LOCK in their flags set - */ -static inline bool -exportfs_lock_op_is_async(const struct export_operations *export_ops) -{ - return export_ops->flags & EXPORT_OP_ASYNC_LOCK; -} - extern int exportfs_encode_inode_fh(struct inode *inode, struct fid *fid, int *max_len, struct inode *parent); extern int exportfs_encode_fh(struct dentry *dentry, struct fid *fid, -- 2.44.0

1 year, 5 months

2
1
0 0

[PATCH v2] rust: macros: fix soundness issue in `module!` macro

by Benno Lossin

The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable(a)vger.kernel.org Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> --- v1: https://lore.kernel.org/rust-for-linux/20240327160346.22442-1-benno.lossin@… v1 -> v2: - wrapped `__init` and `__exit` calls in `unsafe` blocks and added SAFETY comments, - fixed safety requirement on `__exit` and `__init`, - rebased onto rust-next. rust/macros/module.rs | 213 +++++++++++++++++++++++++----------------- 1 file changed, 127 insertions(+), 86 deletions(-) diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 27979e582e4b..293beca0a583 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -199,103 +199,144 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { /// Used by the printing macros, e.g. [`info!`]. const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; - /// The \"Rust loadable module\" mark. - // - // This may be best done another way later on, e.g. as a new modinfo - // key or a new section. For the moment, keep it simple. - #[cfg(MODULE)] - #[doc(hidden)] - #[used] - static __IS_RUST_MODULE: () = (); - - static mut __MOD: Option<{type_}> = None; - - // SAFETY: `__this_module` is constructed by the kernel at load time and will not be - // freed until the module is unloaded. - #[cfg(MODULE)] - static THIS_MODULE: kernel::ThisModule = unsafe {{ - kernel::ThisModule::from_ptr(&kernel::bindings::__this_module as *const _ as *mut _) - }}; - #[cfg(not(MODULE))] - static THIS_MODULE: kernel::ThisModule = unsafe {{ - kernel::ThisModule::from_ptr(core::ptr::null_mut()) - }}; - - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. - /// # Safety - /// - /// This function must not be called after module initialization, because it may be - /// freed after that completes. - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - #[link_section = \".init.text\"] - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ - __init() - }} + // Double nested modules, since then nobody can access the public items inside. + mod __module_init {{ + mod __module_init {{ + use super::super::{type_}; + + /// The \"Rust loadable module\" mark. + // + // This may be best done another way later on, e.g. as a new modinfo + // key or a new section. For the moment, keep it simple. + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + static __IS_RUST_MODULE: () = (); + + static mut __MOD: Option<{type_}> = None; + + // SAFETY: `__this_module` is constructed by the kernel at load time and will not be + // freed until the module is unloaded. + #[cfg(MODULE)] + static THIS_MODULE: kernel::ThisModule = unsafe {{ + kernel::ThisModule::from_ptr(&kernel::bindings::__this_module as *const _ as *mut _) + }}; + #[cfg(not(MODULE))] + static THIS_MODULE: kernel::ThisModule = unsafe {{ + kernel::ThisModule::from_ptr(core::ptr::null_mut()) + }}; + + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. + /// # Safety + /// + /// This function must not be called after module initialization, because it may be + /// freed after that completes. + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + #[link_section = \".init.text\"] + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ + // SAFETY: this function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name. + unsafe {{ __init() }} + }} - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn cleanup_module() {{ - __exit() - }} + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn cleanup_module() {{ + // SAFETY: + // - this function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `init_module` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - // Built-in modules are initialized through an initcall pointer - // and the identifiers need to be unique. - #[cfg(not(MODULE))] - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] - #[doc(hidden)] - #[link_section = \"{initcall_section}\"] - #[used] - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; - - #[cfg(not(MODULE))] - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] - core::arch::global_asm!( - r#\".section \"{initcall_section}\", \"a\" - __{name}_initcall: - .long __{name}_init - . - .previous - \"# - ); + // Built-in modules are initialized through an initcall pointer + // and the identifiers need to be unique. + #[cfg(not(MODULE))] + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] + #[doc(hidden)] + #[link_section = \"{initcall_section}\"] + #[used] + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; + + #[cfg(not(MODULE))] + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] + core::arch::global_asm!( + r#\".section \"{initcall_section}\", \"a\" + __{name}_initcall: + .long __{name}_init - . + .previous + \"# + ); + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ + // SAFETY: this function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // placement above in the initcall section. + unsafe {{ __init() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ - __init() - }} + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_exit() {{ + // SAFETY: + // - this function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `__{name}_init` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_exit() {{ - __exit() - }} + /// # Safety + /// + /// This function must only be called once. + unsafe fn __init() -> core::ffi::c_int {{ + match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ + Ok(m) => {{ + // SAFETY: + // no data race, since `__MOD` can only be accessed by this module and + // there only `__init` and `__exit` access it. These functions are only + // called once and `__exit` cannot be called before or during `__init`. + unsafe {{ + __MOD = Some(m); + }} + return 0; + }} + Err(e) => {{ + return e.to_errno(); + }} + }} + }} - fn __init() -> core::ffi::c_int {{ - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ - Ok(m) => {{ + /// # Safety + /// + /// This function must + /// - only be called once, + /// - be called after `__init` has been called and returned `0`. + unsafe fn __exit() {{ + // SAFETY: + // no data race, since `__MOD` can only be accessed by this module and there + // only `__init` and `__exit` access it. These functions are only called once + // and `__init` was already called. unsafe {{ - __MOD = Some(m); + // Invokes `drop()` on `__MOD`, which should be used for cleanup. + __MOD = None; }} - return 0; }} - Err(e) => {{ - return e.to_errno(); - }} - }} - }} - fn __exit() {{ - unsafe {{ - // Invokes `drop()` on `__MOD`, which should be used for cleanup. - __MOD = None; + {modinfo} }} }} - - {modinfo} ", type_ = info.type_, name = info.name, base-commit: 9ffe2a730313f27cebd0859ea856247ac59c576c -- 2.44.0

1 year, 5 months

4
8
0 0

[PATCH V2 1/8] clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL

by Ajit Pandey

In LUCID EVO PLL CAL_L_VAL and L_VAL bitfields are part of single PLL_L_VAL register. Update for L_VAL bitfield values in PLL_L_VAL register using regmap_write() API in __alpha_pll_trion_set_rate callback will override LUCID EVO PLL initial configuration related to PLL_CAL_L_VAL bit fields in PLL_L_VAL register. Observed random PLL lock failures during PLL enable due to such override in PLL calibration value. Use regmap_update_bits() with L_VAL bitfield mask instead of regmap_write() API to update only PLL_L_VAL bitfields in __alpha_pll_trion_set_rate callback. Fixes: 260e36606a03 ("clk: qcom: clk-alpha-pll: add Lucid EVO PLL configuration interfaces") Signed-off-by: Ajit Pandey <quic_ajipan(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/clk/qcom/clk-alpha-pll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index 8a412ef47e16..81cabd28eabe 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -1656,7 +1656,7 @@ static int __alpha_pll_trion_set_rate(struct clk_hw *hw, unsigned long rate, if (ret < 0) return ret; - regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + regmap_update_bits(pll->clkr.regmap, PLL_L_VAL(pll), LUCID_EVO_PLL_L_VAL_MASK, l); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); /* Latch the PLL input */ -- 2.25.1

1 year, 5 months

2
1
0 0

[PATCH 6.8 000/172] 6.8.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.7 release. There are 172 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Apr 2024 14:19:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.7-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.7-rc1 Fudongwang <fudong.wang(a)amd.com> drm/amd/display: fix disable otg wa logic in DCN316 Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: always reset ODM mode in context when adding first plane Alex Hung <alex.hung(a)amd.com> drm/amd/display: Return max resolution supported by DWB Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: differentiate external rev id for gfx 11.5.0 Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix incorrect number of active RBs for gfx11 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: always force full reset for SOC21 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Reset dGPU if suspend got aborted Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable live M/N updates when using bigjoiner Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable port sync when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/psr: Disable PSR when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix CDCLK programming order when pipes are active Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI handling of RRSBA Ingo Molnar <mingo(a)kernel.org> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI documentation Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Fix return type of spectre_bhi_state() Amir Goldstein <amir73il(a)gmail.com> kernfs: annotate different lockdep class for of->mutex of writable files Oleg Nesterov <oleg(a)redhat.com> selftests: kselftest: Fix build failure with NOLIBC Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction Nathan Chancellor <nathan(a)kernel.org> selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test John Stultz <jstultz(a)google.com> selftests: timers: Fix posix_timers ksft_print_msg() warning Oleg Nesterov <oleg(a)redhat.com> selftests/timers/posix_timers: Reimplement check_timer_distribution() Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix out of range data Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_enable_notify() Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix spi lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-lsio: fix pwm lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix pwm lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usb lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix adc lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix can lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8qm-ss-dma: fix can lpcg indices Lang Yu <Lang.Yu(a)amd.com> drm/amdgpu/umsch: reinitialize write pointer in hw init Johan Hovold <johan+linaro(a)kernel.org> drm/msm/dp: fix runtime PM leak on connect failure Johan Hovold <johan+linaro(a)kernel.org> drm/msm/dp: fix runtime PM leak on disconnect Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Brezillon <boris.brezillon(a)collabora.com> drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Jammy Huang <jammy_huang(a)aspeedtech.com> drm/ast: Fix soft lockup Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Reset GPU on queue preemption failure Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Disable VRR when using bigjoiner Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Enable DMA mappings with SEV Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix deadlock in context_xa Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Put NPU back to D3hot after failed resume Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Fix PCI D0 state entry in resume Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Check return code of ipc->lock init Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid race in error handling & drop bogus warn Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Masami Hiramatsu <mhiramat(a)kernel.org> fs/proc: Skip bootloader comment if no embedded kernel parameters Zhenhua Huang <quic_zhenhuah(a)quicinc.com> fs/proc: remove redundant comments from /proc/bootconfig Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: restore msg_control on sendzc retry Boris Burkov <boris(a)bur.io> btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Boris Burkov <boris(a)bur.io> btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Jens Axboe <axboe(a)kernel.dk> io_uring: disable io-wq execution of multishot NOWAIT requests Pavel Begunkov <asml.silence(a)gmail.com> io_uring: refactor DEFER_TASKRUN multishot checks Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix WARN_ON in iommu probe path Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue Xuchun Shang <xuchun.shang(a)linux.alibaba.com> iommu/vt-d: Fix wrong use of pasid config Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Cast result to output precision on left shift of operand Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix double mutex initialization David Arinzon <darinzon(a)amazon.com> net: ena: Set tx_info->xdpf value to NULL David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: trap link-local frames regardless of ST Port State Gerd Bayer <gbayer(a)linux.ibm.com> Revert "s390/ism: fix receive message buffer allocation" Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix wrong config being used when reconfiguring PCS Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: HTB, Fix inconsistencies with QoS SQs number Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix mlx5e_priv_init() cleanup flow Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: RSS, Block changing channels number when RXFH is configured Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Correctly compare pkt reformat ids Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Michael Liang <mliang(a)purestorage.com> net/mlx5: offset comp irq index in name by one Shay Drory <shayd(a)nvidia.com> net/mlx5: Register devlink first under devlink lock Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: SF, Stop waiting for FW as teardown was called Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Archie Pusaka <apusaka(a)chromium.org> Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sock: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Use QoS to determine which PHY to scan Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Don't reject BT_ISO_QOS if parameters are unset Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Align broadcast sync_timeout with connection timeout Brett Creeley <brett.creeley(a)amd.com> pds_core: Fix pdsc_check_pci_health function to use work thread Shannon Nelson <shannon.nelson(a)amd.com> pds_core: use pci_reset_function for health reset Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Clear stale u->oob_skb. Marek Vasut <marex(a)denx.de> net: ks8851: Handle softirqs at the end of IRQ thread to fix hang Marek Vasut <marex(a)denx.de> net: ks8851: Inline ks8851_rx_skb() Dave Jiang <dave.jiang(a)intel.com> cxl: Fix retrieving of access_coordinates in PCIe path Dave Jiang <dave.jiang(a)intel.com> cxl: Remove checking of iter in cxl_endpoint_get_perf_coordinates() Dave Jiang <dave.jiang(a)intel.com> cxl: Split out host bridge access coordinates Dave Jiang <dave.jiang(a)intel.com> cxl: Split out combine_coordinates() for common shared usage Dave Jiang <dave.jiang(a)intel.com> ACPI: HMAT / cxl: Add retrieval of generic port coordinates for both access classes Dave Jiang <dave.jiang(a)intel.com> ACPI: HMAT: Introduce 2 levels of generic port access class Dave Jiang <dave.jiang(a)intel.com> base/node / ACPI: Enumerate node access class for 'struct access_coordinate' Raag Jadav <raag.jadav(a)intel.com> ACPI: bus: allow _UID matching for integer zero Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Reset PTP tx_avail after possible firmware reset Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix error recovery for RoCE ulp client Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: fix receive message buffer allocation Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Arnd Bergmann <arnd(a)arndb.de> lib: checksum: hide unused expected_csum_ipv6_magic[] Ming Lei <ming.lei(a)redhat.com> block: fix q->blkg_list corruption during disk rebind Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix transmit scheduler resource leak Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() Luca Weiss <luca.weiss(a)fairphone.com> drm/msm/adreno: Set highest_bank_bit for A619 Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Alex Constantino <dreaming.about.electric.sheep(a)gmail.com> Revert "drm/qxl: simplify qxl_fence_wait" Kwangjin Ko <kwangjin.ko(a)sk.com> cxl/core: Fix initialization of mbox_cmd.size_out in get event Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> dt-bindings: display/msm: sm8150-mdss: add DP node Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't allow overriding data from catalog Stephen Boyd <swboyd(a)chromium.org> drm/msm: Add newlines to some debug prints Tim Harvey <tharvey(a)gateworks.com> arm64: dts: freescale: imx8mp-venice-gw73xx-2x: fix USB vbus regulator Tim Harvey <tharvey(a)gateworks.com> arm64: dts: freescale: imx8mp-venice-gw72xx-2x: fix USB vbus regulator Dave Jiang <dave.jiang(a)intel.com> cxl/core/regs: Fix usage of map->reg_type in cxl_decode_regblock() before assigned Yuquan Wang <wangyuquan1236(a)phytium.com.cn> cxl/mem: Fix for the index of Clear Event Record Handle Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Make raw debugfs entries non-seekable Jens Wiklander <jens.wiklander(a)linaro.org> firmware: arm_ffa: Fix the partition ID check in ffa_notification_info_get() Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix USB regression on Nokia N8x0 Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: restore original power up/down steps Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: fix deferred probe Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: fix broken slot switch lookup Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix N810 MMC gpiod table Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix bogus MMC GPIO labels on Nokia N8x0 David Sterba <dsterba(a)suse.com> btrfs: tests: allocate dummy fs_info and root in test_find_delalloc() Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Anna-Maria Behnsen <anna-maria(a)linutronix.de> PM: s2idle: Make sure CPUs will wakeup directly on resume Hans de Goede <hdegoede(a)redhat.com> ACPI: scan: Do not increase dep_unmet for already met dependencies Noah Loomans <noah(a)noahloomans.com> platform/chrome: cros_ec_uart: properly fix race condition Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Only update pages_touched when a new page is touched Yu Kuai <yukuai3(a)huawei.com> raid1: fix use-after-free for original bio in raid1_write_request() Fabio Estevam <festevam(a)denx.de> ARM: dts: imx7s-warp: Pass OV2680 link-frequencies Gavin Shan <gshan(a)redhat.com> arm64: tlb: Fix TLBI RANGE operand Breno Leitao <leitao(a)debian.org> virtio_net: Do not send RSS key if it is not supported Xiubo Li <xiubli(a)redhat.com> ceph: switch to use cap_delay_lock for the unlink delay list NeilBrown <neilb(a)suse.de> ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT Peyton Lee <peytolee(a)amd.com> drm/amdgpu/vpe: power on vpe when hw_init Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_scsi_dev_rescan() error path Igor Pylypiv <ipylypiv(a)google.com> ata: libata-core: Allow command duration limits detection for ACS-4 drives Steve French <stfrench(a)microsoft.com> smb3: fix Open files on server counter going negative ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 22 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- .../bindings/display/msm/qcom,sm8150-mdss.yaml | 9 + Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imx7s-warp.dts | 1 + arch/arm/mach-omap2/board-n8x0.c | 23 +-- arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 16 +- arch/arm64/boot/dts/freescale/imx8-ss-dma.dtsi | 40 ++-- arch/arm64/boot/dts/freescale/imx8-ss-lsio.dtsi | 16 +- .../boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 2 +- .../boot/dts/freescale/imx8mp-venice-gw73xx.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8qm-ss-dma.dtsi | 8 +- arch/arm64/include/asm/tlbflush.h | 20 +- arch/x86/Kconfig | 21 +- arch/x86/events/core.c | 1 + arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/apic/apic.c | 6 +- arch/x86/kernel/cpu/bugs.c | 82 ++++---- arch/x86/kernel/cpu/common.c | 48 ++--- block/blk-cgroup.c | 9 +- block/blk-cgroup.h | 2 + block/blk-core.c | 2 + drivers/accel/ivpu/ivpu_drv.c | 20 +- drivers/accel/ivpu/ivpu_hw.h | 6 + drivers/accel/ivpu/ivpu_hw_37xx.c | 7 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 6 + drivers/accel/ivpu/ivpu_ipc.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 7 +- drivers/acpi/numa/hmat.c | 43 ++-- drivers/acpi/scan.c | 3 +- drivers/ata/libata-core.c | 2 +- drivers/ata/libata-scsi.c | 9 +- drivers/base/node.c | 6 +- drivers/cxl/acpi.c | 8 +- drivers/cxl/core/cdat.c | 58 ++++-- drivers/cxl/core/mbox.c | 5 +- drivers/cxl/core/port.c | 76 ++++--- drivers/cxl/core/regs.c | 5 +- drivers/cxl/cxl.h | 8 +- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/raw_mode.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c | 6 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc21.c | 32 ++- drivers/gpu/drm/amd/amdgpu/umsch_mm_v4_0.c | 2 + .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c | 6 +- .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 +- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 9 + .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 3 - .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 12 +- drivers/gpu/drm/ast/ast_dp.c | 3 + drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 7 +- drivers/gpu/drm/i915/display/intel_cdclk.h | 3 + drivers/gpu/drm/i915/display/intel_ddi.c | 5 + drivers/gpu/drm/i915/display/intel_dp.c | 6 +- drivers/gpu/drm/i915/display/intel_psr.c | 11 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 + drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 4 + drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 10 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 8 +- drivers/gpu/drm/msm/dp/dp_display.c | 2 + drivers/gpu/drm/msm/msm_fb.c | 6 +- drivers/gpu/drm/msm/msm_kms.c | 4 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/panfrost/panfrost_mmu.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 ++++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 +- drivers/gpu/drm/xe/xe_display.c | 5 - drivers/gpu/drm/xe/xe_hwmon.c | 4 +- drivers/iommu/intel/iommu.c | 11 +- drivers/iommu/intel/perfmon.c | 2 +- drivers/iommu/intel/svm.c | 2 +- drivers/md/raid1.c | 2 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/mmc/host/omap.c | 48 +++-- drivers/net/dsa/mt7530.c | 229 ++++++++++++++++++--- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 ++-- drivers/net/ethernet/amazon/ena/ena_xdp.c | 4 +- drivers/net/ethernet/amd/pds_core/core.c | 14 +- drivers/net/ethernet/amd/pds_core/core.h | 5 +- drivers/net/ethernet/amd/pds_core/dev.c | 3 + drivers/net/ethernet/amd/pds_core/main.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 6 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en/ptp.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 33 +-- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c | 2 + .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 17 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 - drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 17 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 37 ++-- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 4 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 22 +- drivers/net/ethernet/micrel/ks8851.h | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/micrel/ks8851_par.c | 11 - drivers/net/ethernet/micrel/ks8851_spi.c | 11 - .../net/ethernet/microchip/sparx5/sparx5_port.c | 4 +- drivers/net/geneve.c | 4 +- drivers/net/virtio_net.c | 28 ++- drivers/platform/chrome/cros_ec_uart.c | 28 +-- drivers/scsi/hisi_sas/hisi_sas_main.c | 2 +- drivers/scsi/qla2xxx/qla_edif.c | 2 +- drivers/scsi/sg.c | 20 +- drivers/vhost/vhost.c | 28 ++- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/inode.c | 13 +- fs/btrfs/ioctl.c | 37 +++- fs/btrfs/qgroup.c | 2 + fs/btrfs/root-tree.c | 10 - fs/btrfs/root-tree.h | 2 - fs/btrfs/tests/extent-io-tests.c | 28 ++- fs/btrfs/transaction.c | 17 +- fs/ceph/addr.c | 4 +- fs/ceph/caps.c | 4 +- fs/ceph/mds_client.c | 9 +- fs/ceph/mds_client.h | 3 +- fs/kernfs/file.c | 9 +- fs/proc/bootconfig.c | 12 +- fs/smb/client/cached_dir.c | 4 +- include/acpi/acpi_bus.h | 8 +- include/linux/bootconfig.h | 1 + include/linux/dma-fence.h | 7 + include/linux/irqflags.h | 2 +- include/linux/node.h | 18 +- include/linux/u64_stats_sync.h | 9 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 2 +- include/net/bluetooth/bluetooth.h | 11 + include/net/ip_tunnels.h | 33 +++ init/main.c | 5 + io_uring/io_uring.c | 25 +++ io_uring/net.c | 22 +- io_uring/rw.c | 2 - kernel/cpu.c | 3 +- kernel/kprobes.c | 18 +- kernel/power/suspend.c | 6 + kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace_events.c | 4 + lib/checksum_kunit.c | 5 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/hci_sock.c | 21 +- net/bluetooth/hci_sync.c | 66 +++++- net/bluetooth/iso.c | 50 ++--- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/l2cap_sock.c | 52 ++--- net/bluetooth/rfcomm/sock.c | 14 +- net/bluetooth/sco.c | 23 +-- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 4 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/openvswitch/conntrack.c | 5 +- net/unix/af_unix.c | 8 +- net/unix/garbage.c | 35 +++- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + tools/testing/selftests/kselftest.h | 33 ++- tools/testing/selftests/timers/posix_timers.c | 105 +++++----- 170 files changed, 1559 insertions(+), 882 deletions(-)

1 year, 5 months

8
179
0 0

[PATCH] block: Fix BLKRRPART regression

by Saranya Muruganandam

The BLKRRPART ioctl used to report errors such as EIO before we changed the blkdev_reread_part() logic. Lets add a flag and capture the errors returned by bdev_disk_changed() when the flag is set. Setting this flag for the BLKRRPART path when we want the errors to be reported when rereading partitions on the disk. Link: https://lore.kernel.org/all/20240320015134.GA14267@lst.de/ Suggested-by: Christoph Hellwig <hch(a)lst.de> Tested: Tested by simulating failure to the block device and will propose a new test to blktests. Fixes: 4601b4b130de ("block: reopen the device in blkdev_reread_part") Reported-by: Saranya Muruganandam <saranyamohan(a)google.com> Signed-off-by: Saranya Muruganandam <saranyamohan(a)google.com> Change-Id: Idf3d97390ed78061556f8468d10d6cab24ae20b1 --- block/bdev.c | 31 +++++++++++++++++++++---------- block/ioctl.c | 3 ++- include/linux/blkdev.h | 3 +++ 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/block/bdev.c b/block/bdev.c index 77fa77cd29bee..71478f8865546 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -632,6 +632,14 @@ static void blkdev_flush_mapping(struct block_device *bdev) bdev_write_inode(bdev); } +static void blkdev_put_whole(struct block_device *bdev) +{ + if (atomic_dec_and_test(&bdev->bd_openers)) + blkdev_flush_mapping(bdev); + if (bdev->bd_disk->fops->release) + bdev->bd_disk->fops->release(bdev->bd_disk); +} + static int blkdev_get_whole(struct block_device *bdev, blk_mode_t mode) { struct gendisk *disk = bdev->bd_disk; @@ -650,18 +658,21 @@ static int blkdev_get_whole(struct block_device *bdev, blk_mode_t mode) if (!atomic_read(&bdev->bd_openers)) set_init_blocksize(bdev); - if (test_bit(GD_NEED_PART_SCAN, &disk->state)) - bdev_disk_changed(disk, false); atomic_inc(&bdev->bd_openers); - return 0; -} -static void blkdev_put_whole(struct block_device *bdev) -{ - if (atomic_dec_and_test(&bdev->bd_openers)) - blkdev_flush_mapping(bdev); - if (bdev->bd_disk->fops->release) - bdev->bd_disk->fops->release(bdev->bd_disk); + if (test_bit(GD_NEED_PART_SCAN, &disk->state)) { + /* + * Only return scanning errors if we are called from contexts + * that explicitly want them, e.g. the BLKRRPART ioctl. + */ + ret = bdev_disk_changed(disk, false); + if (ret && (mode & BLK_OPEN_STRICT_SCAN)) { + blkdev_put_whole(bdev); + return ret; + } + } + + return 0; } static int blkdev_get_part(struct block_device *part, blk_mode_t mode) diff --git a/block/ioctl.c b/block/ioctl.c index aa46f3761c3ed..e8d72d9f327fd 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -557,7 +557,8 @@ static int blkdev_common_ioctl(struct block_device *bdev, blk_mode_t mode, return -EACCES; if (bdev_is_partition(bdev)) return -EINVAL; - return disk_scan_partitions(bdev->bd_disk, mode); + return disk_scan_partitions(bdev->bd_disk, + mode | BLK_OPEN_STRICT_SCAN); case BLKTRACESTART: case BLKTRACESTOP: case BLKTRACETEARDOWN: diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 01983eece8f2a..d0104dc839b0d 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -151,6 +151,9 @@ struct access_rules_head { int max_rules; }; +/* return partition scanning errors */ +#define BLK_OPEN_STRICT_SCAN ((__force blk_mode_t)(1 << 5)) + struct gendisk { /* * major/first_minor/minors should not be set by any new driver, the -- 2.44.0.478.gd926399ef9-goog

1 year, 5 months

6
11
0 0

[PATCH] mmc: sdhci-msm: pervent access to suspended controller

by Mantas Pucka

Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> --- drivers/mmc/host/sdhci-msm.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = { --- base-commit: e8f897f4afef0031fe618a8e94127a0934896aba change-id: 20240321-sdhci-mmc-suspend-34f4af1d0286 Best regards, -- Mantas Pucka <mantas(a)8devices.com>

1 year, 5 months

3
7
0 0

[PATCH] dm: Change the default value of rq_affinity from 0 into 1

by Bart Van Assche

The following behavior is inconsistent: * For request-based dm queues the default value of rq_affinity is 1. * For bio-based dm queues the default value of rq_affinity is 0. The default value for request-based dm queues is 1 because of the following code in blk_mq_init_allocated_queue(): q->queue_flags |= QUEUE_FLAG_MQ_DEFAULT; From <linux/blkdev.h>: #define QUEUE_FLAG_MQ_DEFAULT ((1UL << QUEUE_FLAG_IO_STAT) | \ (1UL << QUEUE_FLAG_SAME_COMP) | \ (1UL << QUEUE_FLAG_NOWAIT)) The default value of rq_affinity for bio-based dm queues is 0 because the dm alloc_dev() function does not set any of the QUEUE_FLAG_SAME_* flags. I think the different default values are the result of an oversight when blk-mq support was added in the device mapper code. Hence this patch that changes the default value of rq_affinity from 0 to 1 for bio-based dm queues. This patch reduces the boot time from 12.23 to 12.20 seconds on my test setup, a Pixel 2023 development board. The storage controller on that test setup supports a single completion interrupt and hence benefits from redirecting I/O completions to a CPU core that is closer to the submitter. Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Eric Biggers <ebiggers(a)kernel.org> Cc: Jaegeuk Kim <jaegeuk(a)kernel.org> Cc: Daniel Lee <chullee(a)google.com> Cc: stable(a)vger.kernel.org Fixes: bfebd1cdb497 ("dm: add full blk-mq support to request-based DM") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/md/dm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 56aa2a8b9d71..9af216c11cf7 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2106,6 +2106,7 @@ static struct mapped_device *alloc_dev(int minor) if (IS_ERR(md->disk)) goto bad; md->queue = md->disk->queue; + blk_queue_flag_set(QUEUE_FLAG_SAME_COMP, md->queue); init_waitqueue_head(&md->wait); INIT_WORK(&md->work, dm_wq_work);

1 year, 5 months

2
3
0 0

[PATCH 1/2] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm() happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> # for arm64 Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> # for x86 Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: linux-arch(a)vger.kernel.org Cc: linux-mm(a)kvack.org Cc: x86(a)kernel.org --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index fe1e7e3cc844..63bdc6b85219 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> #endif /* _ASM_X86_BARRIER_H */ diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 0c0695763bea..dc32b96140c1 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -294,5 +294,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index d2242679239e..d2895d264196 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3445,13 +3447,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.39.2

1 year, 5 months

2
1
0 0

[PATCH 0/7] kdb: Refactor and fix bugs in kdb_read()

by Daniel Thompson

Inspired by a patch from [Justin][1] I took a closer look at kdb_read(). Despite Justin's patch being a (correct) one-line manipulation it was a tough patch to review because the surrounding code was hard to read and it looked like there were unfixed problems. This series isn't enough to make kdb_read() beautiful but it does make it shorter, easier to reason about and fixes a buffer overflow and a screen redraw problem! [1]: https://lore.kernel.org/all/20240403-strncpy-kernel-debug-kdb-kdb_io-c-v1-1… Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- Daniel Thompson (7): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Replace double memcpy() with memmove() in kdb_read() kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() kdb: Simplify management of tmpbuffer in kdb_read() kernel/debug/kdb/kdb_io.c | 133 ++++++++++++++++++++-------------------------- 1 file changed, 58 insertions(+), 75 deletions(-) --- base-commit: dccce9b8780618986962ba37c373668bcf426866 change-id: 20240415-kgdb_read_refactor-2ea2dfc15dbb Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

1 year, 5 months

1
3
0 0

[PATCH] Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"

by Johan Hovold

This reverts commit 7dcd3e014aa7faeeaf4047190b22d8a19a0db696. Qualcomm Bluetooth controllers like WCN6855 do not have persistent storage for the Bluetooth address and must therefore start as unconfigured to allow the user to set a valid address unless one has been provided by the boot firmware in the devicetree. A recent change snuck into v6.8-rc7 and incorrectly started marking the default (non-unique) address as valid. This specifically also breaks the Bluetooth setup for some user of the Lenovo ThinkPad X13s. Note that this is the second time Qualcomm breaks the driver this way and that this was fixed last year by commit 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk"), which also has some further details. Fixes: 7dcd3e014aa7 ("Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT") Cc: stable(a)vger.kernel.org # 6.8 Cc: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/hci_qca.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index edd2a81b4d5e..f989c05f8177 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -7,7 +7,6 @@ * * Copyright (C) 2007 Texas Instruments, Inc. * Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved. - * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved. * * Acknowledgements: * This file is based on hci_ll.c, which was... @@ -1904,17 +1903,7 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - - /* Set BDA quirk bit for reading BDA value from fwnode property - * only if that property exist in DT. - */ - if (fwnode_property_present(dev_fwnode(hdev->dev.parent), "local-bd-address")) { - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - bt_dev_info(hdev, "setting quirk bit to read BDA from fwnode later"); - } else { - bt_dev_dbg(hdev, "local-bd-address` is not present in the devicetree so not setting quirk bit for BDA"); - } - + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); hci_set_aosp_capable(hdev); ret = qca_read_soc_version(hdev, &ver, soc_type); -- 2.43.2

1 year, 5 months

7
26
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041526-whisking-flyover-825a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") 9840cfcb97fc ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041525-compel-delta-953a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") 9840cfcb97fc ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041524-unlovely-blemish-8954@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") 9840cfcb97fc ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

1 year, 5 months

2
1
0 0

[PATCH] usb: dwc3: ep0: Don't reset resource alloc flag

by Thinh Nguyen

The DWC3_EP_RESOURCE_ALLOCATED flag ensures that the resource of an endpoint is only assigned once. Unless the endpoint is reset, don't clear this flag. Otherwise we may set endpoint resource again, which prevents the driver from initiate transfer after handling a STALL or endpoint halt to the control endpoint. Cc: stable(a)vger.kernel.org Fixes: b311048c174d ("usb: dwc3: gadget: Rewrite endpoint allocation flow") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> --- drivers/usb/dwc3/ep0.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c index 72bb722da2f2..d96ffbe52039 100644 --- a/drivers/usb/dwc3/ep0.c +++ b/drivers/usb/dwc3/ep0.c @@ -226,7 +226,8 @@ void dwc3_ep0_stall_and_restart(struct dwc3 *dwc) /* reinitialize physical ep1 */ dep = dwc->eps[1]; - dep->flags = DWC3_EP_ENABLED; + dep->flags &= DWC3_EP_RESOURCE_ALLOCATED; + dep->flags |= DWC3_EP_ENABLED; /* stall is always issued on EP0 */ dep = dwc->eps[0]; base-commit: c281d18dda402a2d180b921eebc7fe22b76699cf -- 2.28.0

1 year, 5 months

1
0
0 0

+ bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bootconfig: use memblock_free_late to free xbc memory to buddy has been added to the -mm mm-hotfixes-unstable branch. Its filename is bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: bootconfig: use memblock_free_late to free xbc memory to buddy Date: Sun, 14 Apr 2024 19:49:45 +0800 On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Link: https://lkml.kernel.org/r/20240414114944.1012359-1-qiang4.zhang@linux.intel… Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/bootconfig.h | 7 ++++++- lib/bootconfig.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) --- a/include/linux/bootconfig.h~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/include/linux/bootconfig.h @@ -287,7 +287,12 @@ int __init xbc_init(const char *buf, siz int __init xbc_get_info(int *node_size, size_t *data_size); /* XBC cleanup data structures */ -void __init xbc_exit(void); +void __init _xbc_exit(bool early); + +static inline void xbc_exit(void) +{ + _xbc_exit(false); +} /* XBC embedded bootconfig data in kernel */ #ifdef CONFIG_BOOT_CONFIG_EMBED --- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/lib/bootconfig.c @@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_me return memblock_alloc(size, SMP_CACHE_BYTES); } -static inline void __init xbc_free_mem(void *addr, size_t size) +static inline void __init xbc_free_mem(void *addr, size_t size, bool early) { - memblock_free(addr, size); + if (early) + memblock_free(addr, size); + else if (addr) + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ @@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t return malloc(size); } -static inline void xbc_free_mem(void *addr, size_t size) +static inline void xbc_free_mem(void *addr, size_t size, bool early) { free(addr); } @@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void) * If you need to reuse xbc_init() with new boot config, you can * use this. */ -void __init xbc_exit(void) +void __init _xbc_exit(bool early) { - xbc_free_mem(xbc_data, xbc_data_size); + xbc_free_mem(xbc_data, xbc_data_size, early); xbc_data = NULL; xbc_data_size = 0; xbc_node_num = 0; - xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX); + xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early); xbc_nodes = NULL; brace_index = 0; } @@ -963,7 +966,7 @@ int __init xbc_init(const char *data, si if (!xbc_nodes) { if (emsg) *emsg = "Failed to allocate bootconfig nodes"; - xbc_exit(); + _xbc_exit(true); return -ENOMEM; } memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX); @@ -977,7 +980,7 @@ int __init xbc_init(const char *data, si *epos = xbc_err_pos; if (emsg) *emsg = xbc_err_msg; - xbc_exit(); + _xbc_exit(true); } else ret = xbc_node_num; _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch

1 year, 5 months

1
0
0 0

[PATCH] dm: Change the default value of rq_affinity from 0 into 1

by Bart Van Assche

The following behavior is inconsistent: * For request-based dm queues the default value of rq_affinity is 1. * For bio-based dm queues the default value of rq_affinity is 0. The default value for request-based dm queues is 1 because of the following code in blk_mq_init_allocated_queue(): q->queue_flags |= QUEUE_FLAG_MQ_DEFAULT; From <linux/blkdev.h>: #define QUEUE_FLAG_MQ_DEFAULT ((1UL << QUEUE_FLAG_IO_STAT) | \ (1UL << QUEUE_FLAG_SAME_COMP) | \ (1UL << QUEUE_FLAG_NOWAIT)) The default value of rq_affinity for bio-based dm queues is 0 because the dm alloc_dev() function does not set any of the QUEUE_FLAG_SAME_* flags. I think the different default values are the result of an oversight when blk-mq support was added in the device mapper code. Hence this patch that changes the default value of rq_affinity from 0 to 1 for bio-based dm queues. This patch reduces the boot time from 12.23 to 12.20 seconds on my test setup, a Pixel 2023 development board. The storage controller on that test setup supports a single completion interrupt and hence benefits from redirecting I/O completions to a CPU core that is closer to the submitter. Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Eric Biggers <ebiggers(a)kernel.org> Cc: Jaegeuk Kim <jaegeuk(a)kernel.org> Cc: Daniel Lee <chullee(a)google.com> Cc: stable(a)vger.kernel.org Fixes: bfebd1cdb497 ("dm: add full blk-mq support to request-based DM") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/md/dm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 56aa2a8b9d71..9af216c11cf7 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2106,6 +2106,7 @@ static struct mapped_device *alloc_dev(int minor) if (IS_ERR(md->disk)) goto bad; md->queue = md->disk->queue; + blk_queue_flag_set(QUEUE_FLAG_SAME_COMP, md->queue); init_waitqueue_head(&md->wait); INIT_WORK(&md->work, dm_wq_work);

1 year, 5 months

1
1
0 0

+ nilfs2-fix-oob-in-nilfs_set_de_type.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix OOB in nilfs_set_de_type has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-fix-oob-in-nilfs_set_de_type.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jeongjun Park <aha310510(a)gmail.com> Subject: nilfs2: fix OOB in nilfs_set_de_type Date: Tue, 16 Apr 2024 03:20:48 +0900 The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to read from the array in the same way as "(mode & S_IFMT) >> S_SHIFT". static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode *inode) { umode_t mode = inode->i_mode; de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob } However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition "mode & S_IFMT == S_IFMT" is satisfied. Therefore, a patch to resize the nilfs_type_by_mode array should be applied to prevent OOB errors. Link: https://lkml.kernel.org/r/20240415182048.7144-1-konishi.ryusuke@gmail.com Reported-by: syzbot+2e22057de05b9f3b30d8(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2e22057de05b9f3b30d8 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nilfs2/dir.c~nilfs2-fix-oob-in-nilfs_set_de_type +++ a/fs/nilfs2/dir.c @@ -240,7 +240,7 @@ nilfs_filetype_table[NILFS_FT_MAX] = { #define S_SHIFT 12 static unsigned char -nilfs_type_by_mode[S_IFMT >> S_SHIFT] = { +nilfs_type_by_mode[(S_IFMT >> S_SHIFT) + 1] = { [S_IFREG >> S_SHIFT] = NILFS_FT_REG_FILE, [S_IFDIR >> S_SHIFT] = NILFS_FT_DIR, [S_IFCHR >> S_SHIFT] = NILFS_FT_CHRDEV, _ Patches currently in -mm which might be from aha310510(a)gmail.com are nilfs2-fix-oob-in-nilfs_set_de_type.patch

1 year, 5 months

1
0
0 0

Re: [PATCH 6.8 000/172] 6.8.7-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 978e5c19dfefc271e5550efba92fcef0d3f62864 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041502-sandal-buckskin-2dd2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 978e5c19dfefc271e5550efba92fcef0d3f62864 Mon Sep 17 00:00:00 2001 From: Alexey Izbyshev <izbyshev(a)ispras.ru> Date: Fri, 5 Apr 2024 15:55:51 +0300 Subject: [PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure This bug was introduced in commit 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization"), which was made in preparation for adc8682ec690 ("io_uring: Add support for napi_busy_poll"). The latter got reverted in cb3182167325 ("Revert "io_uring: Add support for napi_busy_poll""), so simply undo the former as well. Cc: stable(a)vger.kernel.org Fixes: 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization") Signed-off-by: Alexey Izbyshev <izbyshev(a)ispras.ru> Link: https://lore.kernel.org/r/20240405125551.237142-1-izbyshev@ispras.ru Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 4521c2b66b98..c170a2b8d2cf 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2602,19 +2602,6 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, if (__io_cqring_events_user(ctx) >= min_events) return 0; - if (sig) { -#ifdef CONFIG_COMPAT - if (in_compat_syscall()) - ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, - sigsz); - else -#endif - ret = set_user_sigmask(sig, sigsz); - - if (ret) - return ret; - } - init_waitqueue_func_entry(&iowq.wq, io_wake_function); iowq.wq.private = current; INIT_LIST_HEAD(&iowq.wq.entry); @@ -2633,6 +2620,19 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, io_napi_adjust_timeout(ctx, &iowq, &ts); } + if (sig) { +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, + sigsz); + else +#endif + ret = set_user_sigmask(sig, sigsz); + + if (ret) + return ret; + } + io_napi_busy_loop(ctx, &iowq); trace_io_uring_cqring_wait(ctx, min_events);

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 978e5c19dfefc271e5550efba92fcef0d3f62864 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041501-repulsion-purging-1a06@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 978e5c19dfefc271e5550efba92fcef0d3f62864 Mon Sep 17 00:00:00 2001 From: Alexey Izbyshev <izbyshev(a)ispras.ru> Date: Fri, 5 Apr 2024 15:55:51 +0300 Subject: [PATCH] io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure This bug was introduced in commit 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization"), which was made in preparation for adc8682ec690 ("io_uring: Add support for napi_busy_poll"). The latter got reverted in cb3182167325 ("Revert "io_uring: Add support for napi_busy_poll""), so simply undo the former as well. Cc: stable(a)vger.kernel.org Fixes: 950e79dd7313 ("io_uring: minor io_cqring_wait() optimization") Signed-off-by: Alexey Izbyshev <izbyshev(a)ispras.ru> Link: https://lore.kernel.org/r/20240405125551.237142-1-izbyshev@ispras.ru Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 4521c2b66b98..c170a2b8d2cf 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -2602,19 +2602,6 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, if (__io_cqring_events_user(ctx) >= min_events) return 0; - if (sig) { -#ifdef CONFIG_COMPAT - if (in_compat_syscall()) - ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, - sigsz); - else -#endif - ret = set_user_sigmask(sig, sigsz); - - if (ret) - return ret; - } - init_waitqueue_func_entry(&iowq.wq, io_wake_function); iowq.wq.private = current; INIT_LIST_HEAD(&iowq.wq.entry); @@ -2633,6 +2620,19 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events, io_napi_adjust_timeout(ctx, &iowq, &ts); } + if (sig) { +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = set_compat_user_sigmask((const compat_sigset_t __user *)sig, + sigsz); + else +#endif + ret = set_user_sigmask(sig, sigsz); + + if (ret) + return ret; + } + io_napi_busy_loop(ctx, &iowq); trace_io_uring_cqring_wait(ctx, min_events);

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033042-audio-pacemaker-1b50@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001 From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Date: Tue, 5 Mar 2024 15:35:06 +0100 Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1 [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915] [161.360592] RIP: 0010:debug_print_object+0x80/0xb0 ... [161.361347] debug_object_free+0xeb/0x110 [161.361362] i915_active_fini+0x14/0x130 [i915] [161.361866] release_references+0xfe/0x1f0 [i915] [161.362543] i915_vma_parked+0x1db/0x380 [i915] [161.363129] __gt_park+0x121/0x230 [i915] [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915] That has been tracked down to be happening when another thread is deactivating the VMA inside __active_retire() helper, after the VMA's active counter has been already decremented to 0, but before deactivation of the VMA's object is reported to the object debugging tool. We could prevent from that race by serializing i915_active_fini() with __active_retire() via ref->tree_lock, but that wouldn't stop the VMA from being used, e.g. from __i915_vma_retire() called at the end of __active_retire(), after that VMA has been already freed by a concurrent i915_vma_destroy() on return from the i915_active_fini(). Then, we should rather fix the issue at the VMA level, not in i915_active. Since __i915_vma_parked() is called from __gt_park() on last put of the GT's wakeref, the issue could be addressed by holding the GT wakeref long enough for __active_retire() to complete before that wakeref is released and the GT parked. I believe the issue was introduced by commit d93939730347 ("drm/i915: Remove the vma refcount") which moved a call to i915_active_fini() from a dropped i915_vma_release(), called on last put of the removed VMA kref, to i915_vma_parked() processing path called on last put of a GT wakeref. However, its visibility to the object debugging tool was suppressed by a bug in i915_active that was fixed two weeks later with commit e92eb246feb9 ("drm/i915/active: Fix missing debug object activation"). A VMA associated with a request doesn't acquire a GT wakeref by itself. Instead, it depends on a wakeref held directly by the request's active intel_context for a GT associated with its VM, and indirectly on that intel_context's engine wakeref if the engine belongs to the same GT as the VMA's VM. Those wakerefs are released asynchronously to VMA deactivation. Fix the issue by getting a wakeref for the VMA's GT when activating it, and putting that wakeref only after the VMA is deactivated. However, exclude global GTT from that processing path, otherwise the GPU never goes idle. Since __i915_vma_retire() may be called from atomic contexts, use async variant of wakeref put. Also, to avoid circular locking dependency, take care of acquiring the wakeref before VM mutex when both are needed. v7: Add inline comments with justifications for: - using untracked variants of intel_gt_pm_get/put() (Nirmoy), - using async variant of _put(), - not getting the wakeref in case of a global GTT, - always getting the first wakeref outside vm->mutex. v6: Since __i915_vma_active/retire() callbacks are not serialized, storing a wakeref tracking handle inside struct i915_vma is not safe, and there is no other good place for that. Use untracked variants of intel_gt_pm_get/put_async(). v5: Replace "tile" with "GT" across commit description (Rodrigo), - avoid mentioning multi-GT case in commit description (Rodrigo), - explain why we need to take a temporary wakeref unconditionally inside i915_vma_pin_ww() (Rodrigo). v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm wakerefs") (Andi), - for more easy backporting, split out removal of former insufficient workarounds and move them to separate patches (Nirmoy). - clean up commit message and description a bit. v3: Identify root cause more precisely, and a commit to blame, - identify and drop former workarounds, - update commit message and description. v2: Get the wakeref before VM mutex to avoid circular locking dependency, - drop questionable Fixes: tag. Fixes: d93939730347 ("drm/i915: Remove the vma refcount") Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875 Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org # v5.19+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus… (cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c index d09aad34ba37..b70715b1411d 100644 --- a/drivers/gpu/drm/i915/i915_vma.c +++ b/drivers/gpu/drm/i915/i915_vma.c @@ -34,6 +34,7 @@ #include "gt/intel_engine.h" #include "gt/intel_engine_heartbeat.h" #include "gt/intel_gt.h" +#include "gt/intel_gt_pm.h" #include "gt/intel_gt_requests.h" #include "gt/intel_tlb.h" @@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref) static int __i915_vma_active(struct i915_active *ref) { - return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT; + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_tryget(vma)) + return -ENOENT; + + /* + * Exclude global GTT VMA from holding a GT wakeref + * while active, otherwise GPU never goes idle. + */ + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we and our _retire() counterpart can be + * called asynchronously, storing a wakeref tracking + * handle inside struct i915_vma is not safe, and + * there is no other good place for that. Hence, + * use untracked variants of intel_gt_pm_get/put(). + */ + intel_gt_pm_get_untracked(vma->vm->gt); + } + + return 0; } static void __i915_vma_retire(struct i915_active *ref) { - i915_vma_put(active_to_vma(ref)); + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we can be called from atomic contexts, + * use an async variant of intel_gt_pm_put(). + */ + intel_gt_pm_put_async_untracked(vma->vm->gt); + } + + i915_vma_put(vma); } static struct i915_vma * @@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, struct i915_vma_work *work = NULL; struct dma_fence *moving = NULL; struct i915_vma_resource *vma_res = NULL; - intel_wakeref_t wakeref = 0; + intel_wakeref_t wakeref; unsigned int bound; int err; @@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (err) return err; - if (flags & PIN_GLOBAL) - wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); + /* + * In case of a global GTT, we must hold a runtime-pm wakeref + * while global PTEs are updated. In other cases, we hold + * the rpm reference while the VMA is active. Since runtime + * resume may require allocations, which are forbidden inside + * vm->mutex, get the first rpm wakeref outside of the mutex. + */ + wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); if (flags & vma->vm->bind_async_flags) { /* lock VM */ @@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (work) dma_fence_work_commit_imm(&work->base); err_rpm: - if (wakeref) - intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); + intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); if (moving) dma_fence_put(moving);

1 year, 5 months

2
2
0 0

[PATCH 6.6] Revert "dm-crypt, dm-verity: disable tasklets"

by Li Lingfeng

This reverts commit 5735a2671ffb70ea29ca83969fe01316ee2ed6fc which is commit 0a9bab391e336489169b95cb0d4553d921302189 upstream. Tasklet is thought to cause memory corruption [1], so it was disabled in dm-crypt and dm-verity. However, memory corruption may not happen since cc->io_queue is created without WQ_UNBOUND [2]. Revert commit 5735a2671ffb ("dm-crypt, dm-verity: disable tasklets") to bring tasklet back. [1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/ [2] https://lore.kernel.org/all/4d331659-badd-749d-fba1-271543631a8a@huawei.com/ Signed-off-by: Li Lingfeng <lilingfeng3(a)huawei.com> --- drivers/md/dm-crypt.c | 38 +++++++++++++++++++++++++++++++++-- drivers/md/dm-verity-target.c | 26 ++++++++++++++++++++++-- drivers/md/dm-verity.h | 1 + 3 files changed, 61 insertions(+), 4 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index aa6bb5b4704b..a60d91d02e28 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -75,8 +75,10 @@ struct dm_crypt_io { struct bio *base_bio; u8 *integrity_metadata; bool integrity_metadata_from_pool:1; + bool in_tasklet:1; struct work_struct work; + struct tasklet_struct tasklet; struct convert_context ctx; @@ -1775,6 +1777,7 @@ static void crypt_io_init(struct dm_crypt_io *io, struct crypt_config *cc, io->ctx.r.req = NULL; io->integrity_metadata = NULL; io->integrity_metadata_from_pool = false; + io->in_tasklet = false; atomic_set(&io->io_pending, 0); } @@ -1785,6 +1788,13 @@ static void crypt_inc_pending(struct dm_crypt_io *io) static void kcryptd_queue_read(struct dm_crypt_io *io); +static void kcryptd_io_bio_endio(struct work_struct *work) +{ + struct dm_crypt_io *io = container_of(work, struct dm_crypt_io, work); + + bio_endio(io->base_bio); +} + /* * One of the bios was finished. Check for completion of * the whole request and correctly clean up the buffer. @@ -1817,6 +1827,20 @@ static void crypt_dec_pending(struct dm_crypt_io *io) base_bio->bi_status = error; + /* + * If we are running this function from our tasklet, + * we can't call bio_endio() here, because it will call + * clone_endio() from dm.c, which in turn will + * free the current struct dm_crypt_io structure with + * our tasklet. In this case we need to delay bio_endio() + * execution to after the tasklet is done and dequeued. + */ + if (io->in_tasklet) { + INIT_WORK(&io->work, kcryptd_io_bio_endio); + queue_work(cc->io_queue, &io->work); + return; + } + bio_endio(base_bio); } @@ -2291,6 +2315,11 @@ static void kcryptd_crypt(struct work_struct *work) kcryptd_crypt_write_convert(io); } +static void kcryptd_crypt_tasklet(unsigned long work) +{ + kcryptd_crypt((struct work_struct *)work); +} + static void kcryptd_queue_crypt(struct dm_crypt_io *io) { struct crypt_config *cc = io->cc; @@ -2302,10 +2331,15 @@ static void kcryptd_queue_crypt(struct dm_crypt_io *io) * irqs_disabled(): the kernel may run some IO completion from the idle thread, but * it is being executed with irqs disabled. */ - if (!(in_hardirq() || irqs_disabled())) { - kcryptd_crypt(&io->work); + if (in_hardirq() || irqs_disabled()) { + io->in_tasklet = true; + tasklet_init(&io->tasklet, kcryptd_crypt_tasklet, (unsigned long)&io->work); + tasklet_schedule(&io->tasklet); return; } + + kcryptd_crypt(&io->work); + return; } INIT_WORK(&io->work, kcryptd_crypt); diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 49e4a35d7019..0bb126eadc0d 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -701,6 +701,23 @@ static void verity_work(struct work_struct *w) verity_finish_io(io, errno_to_blk_status(verity_verify_io(io))); } +static void verity_tasklet(unsigned long data) +{ + struct dm_verity_io *io = (struct dm_verity_io *)data; + int err; + + io->in_tasklet = true; + err = verity_verify_io(io); + if (err == -EAGAIN || err == -ENOMEM) { + /* fallback to retrying with work-queue */ + INIT_WORK(&io->work, verity_work); + queue_work(io->v->verify_wq, &io->work); + return; + } + + verity_finish_io(io, errno_to_blk_status(err)); +} + static void verity_end_io(struct bio *bio) { struct dm_verity_io *io = bio->bi_private; @@ -713,8 +730,13 @@ static void verity_end_io(struct bio *bio) return; } - INIT_WORK(&io->work, verity_work); - queue_work(io->v->verify_wq, &io->work); + if (static_branch_unlikely(&use_tasklet_enabled) && io->v->use_tasklet) { + tasklet_init(&io->tasklet, verity_tasklet, (unsigned long)io); + tasklet_schedule(&io->tasklet); + } else { + INIT_WORK(&io->work, verity_work); + queue_work(io->v->verify_wq, &io->work); + } } /* diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h index db93a91169d5..7e495cc375b0 100644 --- a/drivers/md/dm-verity.h +++ b/drivers/md/dm-verity.h @@ -87,6 +87,7 @@ struct dm_verity_io { bool in_tasklet; struct work_struct work; + struct tasklet_struct tasklet; char *recheck_buffer; -- 2.31.1

1 year, 5 months

3
5
0 0

FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033053-lyrically-excluding-f09f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001 From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Date: Tue, 5 Mar 2024 15:35:06 +0100 Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1 [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915] [161.360592] RIP: 0010:debug_print_object+0x80/0xb0 ... [161.361347] debug_object_free+0xeb/0x110 [161.361362] i915_active_fini+0x14/0x130 [i915] [161.361866] release_references+0xfe/0x1f0 [i915] [161.362543] i915_vma_parked+0x1db/0x380 [i915] [161.363129] __gt_park+0x121/0x230 [i915] [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915] That has been tracked down to be happening when another thread is deactivating the VMA inside __active_retire() helper, after the VMA's active counter has been already decremented to 0, but before deactivation of the VMA's object is reported to the object debugging tool. We could prevent from that race by serializing i915_active_fini() with __active_retire() via ref->tree_lock, but that wouldn't stop the VMA from being used, e.g. from __i915_vma_retire() called at the end of __active_retire(), after that VMA has been already freed by a concurrent i915_vma_destroy() on return from the i915_active_fini(). Then, we should rather fix the issue at the VMA level, not in i915_active. Since __i915_vma_parked() is called from __gt_park() on last put of the GT's wakeref, the issue could be addressed by holding the GT wakeref long enough for __active_retire() to complete before that wakeref is released and the GT parked. I believe the issue was introduced by commit d93939730347 ("drm/i915: Remove the vma refcount") which moved a call to i915_active_fini() from a dropped i915_vma_release(), called on last put of the removed VMA kref, to i915_vma_parked() processing path called on last put of a GT wakeref. However, its visibility to the object debugging tool was suppressed by a bug in i915_active that was fixed two weeks later with commit e92eb246feb9 ("drm/i915/active: Fix missing debug object activation"). A VMA associated with a request doesn't acquire a GT wakeref by itself. Instead, it depends on a wakeref held directly by the request's active intel_context for a GT associated with its VM, and indirectly on that intel_context's engine wakeref if the engine belongs to the same GT as the VMA's VM. Those wakerefs are released asynchronously to VMA deactivation. Fix the issue by getting a wakeref for the VMA's GT when activating it, and putting that wakeref only after the VMA is deactivated. However, exclude global GTT from that processing path, otherwise the GPU never goes idle. Since __i915_vma_retire() may be called from atomic contexts, use async variant of wakeref put. Also, to avoid circular locking dependency, take care of acquiring the wakeref before VM mutex when both are needed. v7: Add inline comments with justifications for: - using untracked variants of intel_gt_pm_get/put() (Nirmoy), - using async variant of _put(), - not getting the wakeref in case of a global GTT, - always getting the first wakeref outside vm->mutex. v6: Since __i915_vma_active/retire() callbacks are not serialized, storing a wakeref tracking handle inside struct i915_vma is not safe, and there is no other good place for that. Use untracked variants of intel_gt_pm_get/put_async(). v5: Replace "tile" with "GT" across commit description (Rodrigo), - avoid mentioning multi-GT case in commit description (Rodrigo), - explain why we need to take a temporary wakeref unconditionally inside i915_vma_pin_ww() (Rodrigo). v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm wakerefs") (Andi), - for more easy backporting, split out removal of former insufficient workarounds and move them to separate patches (Nirmoy). - clean up commit message and description a bit. v3: Identify root cause more precisely, and a commit to blame, - identify and drop former workarounds, - update commit message and description. v2: Get the wakeref before VM mutex to avoid circular locking dependency, - drop questionable Fixes: tag. Fixes: d93939730347 ("drm/i915: Remove the vma refcount") Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875 Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org # v5.19+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus… (cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c index d09aad34ba37..b70715b1411d 100644 --- a/drivers/gpu/drm/i915/i915_vma.c +++ b/drivers/gpu/drm/i915/i915_vma.c @@ -34,6 +34,7 @@ #include "gt/intel_engine.h" #include "gt/intel_engine_heartbeat.h" #include "gt/intel_gt.h" +#include "gt/intel_gt_pm.h" #include "gt/intel_gt_requests.h" #include "gt/intel_tlb.h" @@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref) static int __i915_vma_active(struct i915_active *ref) { - return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT; + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_tryget(vma)) + return -ENOENT; + + /* + * Exclude global GTT VMA from holding a GT wakeref + * while active, otherwise GPU never goes idle. + */ + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we and our _retire() counterpart can be + * called asynchronously, storing a wakeref tracking + * handle inside struct i915_vma is not safe, and + * there is no other good place for that. Hence, + * use untracked variants of intel_gt_pm_get/put(). + */ + intel_gt_pm_get_untracked(vma->vm->gt); + } + + return 0; } static void __i915_vma_retire(struct i915_active *ref) { - i915_vma_put(active_to_vma(ref)); + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we can be called from atomic contexts, + * use an async variant of intel_gt_pm_put(). + */ + intel_gt_pm_put_async_untracked(vma->vm->gt); + } + + i915_vma_put(vma); } static struct i915_vma * @@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, struct i915_vma_work *work = NULL; struct dma_fence *moving = NULL; struct i915_vma_resource *vma_res = NULL; - intel_wakeref_t wakeref = 0; + intel_wakeref_t wakeref; unsigned int bound; int err; @@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (err) return err; - if (flags & PIN_GLOBAL) - wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); + /* + * In case of a global GTT, we must hold a runtime-pm wakeref + * while global PTEs are updated. In other cases, we hold + * the rpm reference while the VMA is active. Since runtime + * resume may require allocations, which are forbidden inside + * vm->mutex, get the first rpm wakeref outside of the mutex. + */ + wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); if (flags & vma->vm->bind_async_flags) { /* lock VM */ @@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (work) dma_fence_work_commit_imm(&work->base); err_rpm: - if (wakeref) - intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); + intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); if (moving) dma_fence_put(moving);

1 year, 5 months

3
5
0 0

[PATCH 2/2 v3] net: usb: qmi_wwan: add Lonsung U8300/U9300 product

by Coia Prant

Update the net usb qmi_wwan driver to support Longsung U8300/U9300. Enabling DTR on this modem was necessary to ensure stable operation. For U8300 Interface 4 is used by for QMI interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up, to rebind it to qmi_wwan driver. Interface 5 is used by for ADB interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up. The proper configuration is: Interface mapping is: 0: unknown (Debug), 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB T: Bus=05 Lev=01 Prnt=03 Port=02 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b05 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms For U9300 Interface 1 is used by for ADB interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up. Interface 4 is used by for QMI interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up, to rebind it to qmi_wwan driver. The proper configuration is: Interface mapping is: 0: ADB, 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI Note: Interface 3 of some models of the U9300 series can send AT commands. T: Bus=05 Lev=01 Prnt=05 Port=04 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b3c Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms Tested successfully using Modem Manager on U9300. Tested successfully using qmicli on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org Cc: linux-usb(a)vger.kernel.org --- drivers/net/usb/qmi_wwan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index e2e181378f41..3dd8a2e24837 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1380,6 +1380,8 @@ static const struct usb_device_id products[] = { {QMI_FIXED_INTF(0x1c9e, 0x9801, 3)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9803, 4)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9b01, 3)}, /* XS Stick W100-2 from 4G Systems */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b05, 4)}, /* Longsung U8300 */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b3c, 4)}, /* Longsung U9300 */ {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */ {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */ {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */ -- 2.39.2

1 year, 5 months

1
0
0 0

[PATCH 2/2 v2] net: usb: qmi_wwan: add Lonsung U8300/U9300 product

by Coia Prant

Update the net usb qmi_wwan driver to support Longsung U8300/U9300. Enabling DTR on this modem was necessary to ensure stable operation. For U8300 Interface 4 is used by for QMI interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up, to rebind it to qmi_wwan driver. Interface 5 is used by for ADB interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up. The proper configuration is: Interface mapping is: 0: unknown (Debug), 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB T: Bus=05 Lev=01 Prnt=03 Port=02 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b05 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms For U9300 Interface 1 is used by for ADB interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up. Interface 4 is used by for QMI interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up, to rebind it to qmi_wwan driver. The proper configuration is: Interface mapping is: 0: ADB, 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB Note: Interface 3 of some models of the U9300 series can send AT commands. T: Bus=05 Lev=01 Prnt=05 Port=04 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b3c Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms Tested successfully using Modem Manager on U9300. Tested successfully using qmicli on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org Cc: linux-usb(a)vger.kernel.org --- drivers/net/usb/qmi_wwan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index e2e181378f41..3dd8a2e24837 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1380,6 +1380,8 @@ static const struct usb_device_id products[] = { {QMI_FIXED_INTF(0x1c9e, 0x9801, 3)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9803, 4)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9b01, 3)}, /* XS Stick W100-2 from 4G Systems */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b05, 4)}, /* Longsung U8300 */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b3c, 4)}, /* Longsung U9300 */ {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */ {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */ {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */ -- 2.39.2

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: disable io-wq execution of multishot NOWAIT" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x bee1d5becdf5bf23d4ca0cd9c6b60bdf3c61d72b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040826-handbrake-five-e04e@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: bee1d5becdf5 ("io_uring: disable io-wq execution of multishot NOWAIT requests") e0e4ab52d170 ("io_uring: refactor DEFER_TASKRUN multishot checks") 3a96378e22cc ("io_uring: fix mshot io-wq checks") eb18c29dd2a3 ("io_uring/net: move recv/recvmsg flags out of retry loop") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bee1d5becdf5bf23d4ca0cd9c6b60bdf3c61d72b Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Mon, 1 Apr 2024 11:30:06 -0600 Subject: [PATCH] io_uring: disable io-wq execution of multishot NOWAIT requests Do the same check for direct io-wq execution for multishot requests that commit 2a975d426c82 did for the inline execution, and disable multishot mode (and revert to single shot) if the file type doesn't support NOWAIT, and isn't opened in O_NONBLOCK mode. For multishot to work properly, it's a requirement that nonblocking read attempts can be done. Cc: stable(a)vger.kernel.org Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 5d4b448fdc50..8baf8afb79c2 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1982,10 +1982,15 @@ void io_wq_submit_work(struct io_wq_work *work) err = -EBADFD; if (!io_file_can_poll(req)) goto fail; - err = -ECANCELED; - if (io_arm_poll_handler(req, issue_flags) != IO_APOLL_OK) - goto fail; - return; + if (req->file->f_flags & O_NONBLOCK || + req->file->f_mode & FMODE_NOWAIT) { + err = -ECANCELED; + if (io_arm_poll_handler(req, issue_flags) != IO_APOLL_OK) + goto fail; + return; + } else { + req->flags &= ~REQ_F_APOLL_MULTISHOT; + } } if (req->flags & REQ_F_FORCE_ASYNC) {

1 year, 5 months

3
3
0 0

[PATCH 1/2 v2] USB: serial: option: add Lonsung U8300/U9300 product

by Coia Prant

Update the USB serial option driver to support Longsung U8300/U9300. For U8300 Interface 4 is used by for QMI interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up, to rebind it to qmi_wwan driver. Interface 5 is used by for ADB interface in stock firmware of U8300, the router which uses U8300 modem. Free the interface up. The proper configuration is: Interface mapping is: 0: unknown (Debug), 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB T: Bus=05 Lev=01 Prnt=03 Port=02 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b05 Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms For U9300 Interface 1 is used by for ADB interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up. Interface 4 is used by for QMI interface in stock firmware of U9300, the router which uses U9300 modem. Free the interface up, to rebind it to qmi_wwan driver. The proper configuration is: Interface mapping is: 0: ADB, 1: AT (Modem), 2: AT, 3: PPP (NDIS / Pipe), 4: QMI, 5: ADB Note: Interface 3 of some models of the U9300 series can send AT commands. T: Bus=05 Lev=01 Prnt=05 Port=04 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1c9e ProdID=9b3c Rev=03.18 S: Manufacturer=Android S: Product=Android C: #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms Tested successfully using Modem Manager on U9300. Tested successfully AT commands using If=1, If=2 and If=3 on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Reviewed-by: Lars Melin <larsm17(a)gmail.com> Cc: stable(a)vger.kernel.org Cc: netdev(a)vger.kernel.org --- drivers/usb/serial/option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..27a116901459 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -412,6 +412,10 @@ static void option_instat_callback(struct urb *urb); */ #define LONGCHEER_VENDOR_ID 0x1c9e +/* Longsung products */ +#define LONGSUNG_U8300_PRODUCT_ID 0x9b05 +#define LONGSUNG_U9300_PRODUCT_ID 0x9b3c + /* 4G Systems products */ /* This one was sold as the VW and Skoda "Carstick LTE" */ #define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 @@ -2054,6 +2058,10 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U8300_PRODUCT_ID), + .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U9300_PRODUCT_ID), + .driver_info = RSVD(0) | RSVD(4) }, { USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) }, { USB_DEVICE_AND_INTERFACE_INFO(HAIER_VENDOR_ID, HAIER_PRODUCT_CE81B, 0xff, 0xff, 0xff) }, /* Pirelli */ -- 2.39.2

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 009/190] block: fix signed int overflow in Amiga partition support

by Sasha Levin

From: Michael Schmitz <schmitzmic(a)gmail.com> [ Upstream commit fc3d092c6bb48d5865fec15ed5b333c12f36288c ] The Amiga partition parser module uses signed int for partition sector address and count, which will overflow for disks larger than 1 TB. Use sector_t as type for sector address and size to allow using disks up to 2 TB without LBD support, and disks larger than 2 TB with LBD. This bug was reported originally in 2012, and the fix was created by the RDB author, Joanne Dow <jdow(a)earthlink.net>. A patch had been discussed and reviewed on linux-m68k at that time but never officially submitted. This patch differs from Joanne's patch only in its use of sector_t instead of unsigned int. No checking for overflows is done (see patch 3 of this series for that). Reported-by: Martin Steigerwald <Martin(a)lichtvoll.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Message-ID: <201206192146.09327.Martin(a)lichtvoll.de> Cc: <stable(a)vger.kernel.org> # 5.2 Signed-off-by: Michael Schmitz <schmitzmic(a)gmail.com> Tested-by: Martin Steigerwald <Martin(a)lichtvoll.de> Reviewed-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/20230620201725.7020-2-schmitzmic@gmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- block/partitions/amiga.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c index 560936617d9c1..4a4160221183b 100644 --- a/block/partitions/amiga.c +++ b/block/partitions/amiga.c @@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state) unsigned char *data; struct RigidDiskBlock *rdb; struct PartitionBlock *pb; - int start_sect, nr_sects, blk, part, res = 0; + sector_t start_sect, nr_sects; + int blk, part, res = 0; int blksize = 1; /* Multiplier for disk block size */ int slot = 1; char b[BDEVNAME_SIZE]; @@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state) /* Tell Kernel about it */ - nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - - be32_to_cpu(pb->pb_Environment[9])) * + nr_sects = ((sector_t)be32_to_cpu(pb->pb_Environment[10]) + 1 - + be32_to_cpu(pb->pb_Environment[9])) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize; if (!nr_sects) continue; - start_sect = be32_to_cpu(pb->pb_Environment[9]) * + start_sect = (sector_t)be32_to_cpu(pb->pb_Environment[9]) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize; -- 2.43.0

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041514-mangy-jet-c955@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041511-earthy-slick-6e64@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041508-licorice-imitation-0cab@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Disable port sync when bigjoiner is used" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041548-aftermath-grafted-5575@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Fri, 5 Apr 2024 00:34:27 +0300 Subject: [PATCH] drm/i915: Disable port sync when bigjoiner is used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current modeset sequence can't handle port sync and bigjoiner at the same time. Refuse port sync when bigjoiner is needed, at least until we fix the modeset sequence. v2: Add a FIXME (Vandite) Cc: stable(a)vger.kernel.org Tested-by: Vidya Srinivas <vidya.srinivas(a)intel.com> Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240404213441.17637-4-ville.… Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> (cherry picked from commit b37e1347b991459c38c56ec2476087854a4f720b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index c587a8efeafc..c17462b4c2ac 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -4256,7 +4256,12 @@ static bool m_n_equal(const struct intel_link_m_n *m_n_1, static bool crtcs_port_sync_compatible(const struct intel_crtc_state *crtc_state1, const struct intel_crtc_state *crtc_state2) { + /* + * FIXME the modeset sequence is currently wrong and + * can't deal with bigjoiner + port sync at the same time. + */ return crtc_state1->hw.active && crtc_state2->hw.active && + !crtc_state1->bigjoiner_pipes && !crtc_state2->bigjoiner_pipes && crtc_state1->output_types == crtc_state2->output_types && crtc_state1->output_format == crtc_state2->output_format && crtc_state1->lane_count == crtc_state2->lane_count &&

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Disable port sync when bigjoiner is used" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041547-freely-probable-b5c9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Fri, 5 Apr 2024 00:34:27 +0300 Subject: [PATCH] drm/i915: Disable port sync when bigjoiner is used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current modeset sequence can't handle port sync and bigjoiner at the same time. Refuse port sync when bigjoiner is needed, at least until we fix the modeset sequence. v2: Add a FIXME (Vandite) Cc: stable(a)vger.kernel.org Tested-by: Vidya Srinivas <vidya.srinivas(a)intel.com> Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240404213441.17637-4-ville.… Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> (cherry picked from commit b37e1347b991459c38c56ec2476087854a4f720b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index c587a8efeafc..c17462b4c2ac 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -4256,7 +4256,12 @@ static bool m_n_equal(const struct intel_link_m_n *m_n_1, static bool crtcs_port_sync_compatible(const struct intel_crtc_state *crtc_state1, const struct intel_crtc_state *crtc_state2) { + /* + * FIXME the modeset sequence is currently wrong and + * can't deal with bigjoiner + port sync at the same time. + */ return crtc_state1->hw.active && crtc_state2->hw.active && + !crtc_state1->bigjoiner_pipes && !crtc_state2->bigjoiner_pipes && crtc_state1->output_types == crtc_state2->output_types && crtc_state1->output_format == crtc_state2->output_format && crtc_state1->lane_count == crtc_state2->lane_count &&

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041519-cosmetics-briar-7ebd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041520-wooing-barman-5421@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Adjust dprefclk by down spread percentage." failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041519-driving-reformat-2eac@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e047dd448d2bc12b8c30d7e3e6e98cea1fc28a17 Mon Sep 17 00:00:00 2001 From: Zhongwei <zhongwei.zhang(a)amd.com> Date: Wed, 27 Mar 2024 13:49:40 +0800 Subject: [PATCH] drm/amd/display: Adjust dprefclk by down spread percentage. [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 101fe96287cb..d9c5692c86c2 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -411,6 +417,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -428,7 +445,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -517,6 +543,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1061,6 +1109,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]);

1 year, 5 months

1
0
0 0

[PATCH 5.15 00/57] 5.15.155-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.155 release. There are 57 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.155-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.155-rc1 Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Kees Cook <keescook(a)chromium.org> gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix panic when DSA master device unbinds on shutdown ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +++++- arch/x86/mm/pat/memtype.c | 49 +++++++++++++++------- block/blk-stat.c | 2 +- drivers/acpi/sleep.c | 12 ------ drivers/bluetooth/btintel.c | 2 +- drivers/cpuidle/driver.c | 3 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/infiniband/core/cm.c | 20 ++++++++- drivers/input/rmi4/rmi_driver.c | 6 ++- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 ++-- drivers/misc/vmw_vmci/vmci_datagram.c | 6 ++- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 ++- drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- drivers/nvme/host/pci.c | 3 ++ drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/intel/vbtn.c | 5 ++- drivers/platform/x86/touchscreen_dmi.c | 9 ++++ drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++- drivers/tty/n_gsm.c | 3 ++ drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/video/fbdev/core/fbmon.c | 7 ++-- drivers/video/fbdev/via/accel.c | 4 +- drivers/virtio/virtio.c | 10 ++++- fs/btrfs/export.c | 9 +++- fs/btrfs/send.c | 10 ++++- fs/btrfs/volumes.c | 12 +++++- fs/ext4/mballoc.c | 5 ++- fs/ext4/super.c | 12 ++++++ fs/isofs/inode.c | 18 +++++++- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 ++--- include/linux/randomize_kstack.h | 2 +- include/linux/sunrpc/sched.h | 2 +- include/uapi/linux/input-event-codes.h | 1 + kernel/panic.c | 8 ++++ kernel/trace/ring_buffer.c | 2 +- mm/memory.c | 4 ++ net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 ++++--- net/dsa/dsa2.c | 25 +++-------- net/netfilter/nf_tables_api.c | 47 ++++++++++++++++----- net/smc/smc_pnet.c | 10 +++++ scripts/gcc-plugins/stackleak_plugin.c | 6 +++ sound/firewire/amdtp-stream.c | 12 ++++-- sound/firewire/amdtp-stream.h | 4 ++ sound/soc/soc-core.c | 3 ++ tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++++--- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + 56 files changed, 326 insertions(+), 128 deletions(-)

1 year, 5 months

14
77
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041522-platform-decompose-f02f@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041521-passport-reiterate-a4ee@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041520-goliath-parameter-038b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041519-zoning-angling-730e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041517-scrubber-skimmer-981c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041516-stack-prevail-2b51@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/cdclk: Fix voltage_level programming edge case" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 6154cc9177ccea00c89ce0bf93352e474b819ff2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041515-scrap-probable-d3c3@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6154cc9177ccea00c89ce0bf93352e474b819ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 18:50:04 +0300 Subject: [PATCH] drm/i915/cdclk: Fix voltage_level programming edge case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we only consider the relationship of the old and new CDCLK frequencies when determining whether to do the repgramming from intel_set_cdclk_pre_plane_update() or intel_set_cdclk_post_plane_update(). It is technically possible to have a situation where the CDCLK frequency is decreasing, but the voltage_level is increasing due a DDI port. In this case we should bump the voltage level already in intel_set_cdclk_pre_plane_update() (so that the voltage_level will have been increased by the time the port gets enabled), while leaving the CDCLK frequency unchanged (as active planes/etc. may still depend on it). We can then reduce the CDCLK frequency to its final value from intel_set_cdclk_post_plane_update(). In order to handle that correctly we shall construct a suitable amalgam of the old and new cdclk states in intel_set_cdclk_pre_plane_update(). And we can simply call intel_set_cdclk() unconditionally in both places as it will not do anything if nothing actually changes vs. the current hw state. v2: Handle cdclk_state->disable_pipes v3: Only synchronize the cd2x update against the pipe's vblank when the cdclk frequency is changing during the current commit phase (Gustavo) Cc: stable(a)vger.kernel.org Cc: Gustavo Sousa <gustavo.sousa(a)intel.com> Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402155016.13733-3-ville.… (cherry picked from commit 34d127e2bdef73a923aa0dcd95cbc3257ad5af52) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c index 4833479e2e17..f672bfd70d45 100644 --- a/drivers/gpu/drm/i915/display/intel_cdclk.c +++ b/drivers/gpu/drm/i915/display/intel_cdclk.c @@ -2534,7 +2534,8 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + struct intel_cdclk_config cdclk_config; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2543,12 +2544,25 @@ intel_set_cdclk_pre_plane_update(struct intel_atomic_state *state) if (IS_DG2(i915)) intel_cdclk_pcode_pre_notify(state); - if (new_cdclk_state->disable_pipes || - old_cdclk_state->actual.cdclk <= new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + if (new_cdclk_state->disable_pipes) { + cdclk_config = new_cdclk_state->actual; + pipe = INVALID_PIPE; + } else { + if (new_cdclk_state->actual.cdclk >= old_cdclk_state->actual.cdclk) { + cdclk_config = new_cdclk_state->actual; + pipe = new_cdclk_state->pipe; + } else { + cdclk_config = old_cdclk_state->actual; + pipe = INVALID_PIPE; + } - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); + cdclk_config.voltage_level = max(new_cdclk_state->actual.voltage_level, + old_cdclk_state->actual.voltage_level); } + + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &cdclk_config, pipe); } /** @@ -2566,7 +2580,7 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_atomic_get_old_cdclk_state(state); const struct intel_cdclk_state *new_cdclk_state = intel_atomic_get_new_cdclk_state(state); - enum pipe pipe = new_cdclk_state->pipe; + enum pipe pipe; if (!intel_cdclk_changed(&old_cdclk_state->actual, &new_cdclk_state->actual)) @@ -2576,11 +2590,14 @@ intel_set_cdclk_post_plane_update(struct intel_atomic_state *state) intel_cdclk_pcode_post_notify(state); if (!new_cdclk_state->disable_pipes && - old_cdclk_state->actual.cdclk > new_cdclk_state->actual.cdclk) { - drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + new_cdclk_state->actual.cdclk < old_cdclk_state->actual.cdclk) + pipe = new_cdclk_state->pipe; + else + pipe = INVALID_PIPE; - intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); - } + drm_WARN_ON(&i915->drm, !new_cdclk_state->base.changed); + + intel_set_cdclk(i915, &new_cdclk_state->actual, pipe); } static int intel_pixel_rate_to_cdclk(const struct intel_crtc_state *crtc_state)

1 year, 5 months

1
0
0 0

Re: Patch "Revert "s390/ism: fix receive message buffer allocation"" has been added to the 6.8-stable tree

by Heiko Carstens

On Mon, Apr 15, 2024 at 04:59:24AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Revert "s390/ism: fix receive message buffer allocation" > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > revert-s390-ism-fix-receive-message-buffer-allocatio.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 8568beeed3944bd4bf4c3683993a9df6ae53fbb7 > Author: Gerd Bayer <gbayer(a)linux.ibm.com> > Date: Tue Apr 9 13:37:53 2024 +0200 > > Revert "s390/ism: fix receive message buffer allocation" > > [ Upstream commit d51dc8dd6ab6f93a894ff8b38d3b8d02c98eb9fb ] > > This reverts commit 58effa3476536215530c9ec4910ffc981613b413. > Review was not finished on this patch. So it's not ready for > upstreaming. > > Signed-off-by: Gerd Bayer <gbayer(a)linux.ibm.com> > Link: https://lore.kernel.org/r/20240409113753.2181368-1-gbayer@linux.ibm.com > Fixes: 58effa347653 ("s390/ism: fix receive message buffer allocation") > Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> I'm not sure if it makes sense to add and revert a patch within a single stable queue (the same applies to 6.6). It might make sense to drop both patches.

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] accel/ivpu: Check return code of ipc->lock init" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f0cf7ffcd02953c72fed5995378805883d16203e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041555-provable-follicle-38d5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0cf7ffcd02953c72fed5995378805883d16203e Mon Sep 17 00:00:00 2001 From: "Wachowski, Karol" <karol.wachowski(a)intel.com> Date: Tue, 2 Apr 2024 12:49:22 +0200 Subject: [PATCH] accel/ivpu: Check return code of ipc->lock init Return value of drmm_mutex_init(ipc->lock) was unchecked. Fixes: 5d7422cfb498 ("accel/ivpu: Add IPC driver and JSM messages") Cc: <stable(a)vger.kernel.org> # v6.3+ Signed-off-by: Wachowski, Karol <karol.wachowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Reviewed-by: Jeffrey Hugo <quic_jhugo(a)quicinc.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402104929.941186-2-jacek… diff --git a/drivers/accel/ivpu/ivpu_ipc.c b/drivers/accel/ivpu/ivpu_ipc.c index 04ac4b9840fb..56ff067f63e2 100644 --- a/drivers/accel/ivpu/ivpu_ipc.c +++ b/drivers/accel/ivpu/ivpu_ipc.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Copyright (C) 2020-2023 Intel Corporation + * Copyright (C) 2020-2024 Intel Corporation */ #include <linux/genalloc.h> @@ -501,7 +501,11 @@ int ivpu_ipc_init(struct ivpu_device *vdev) spin_lock_init(&ipc->cons_lock); INIT_LIST_HEAD(&ipc->cons_list); INIT_LIST_HEAD(&ipc->cb_msg_list); - drmm_mutex_init(&vdev->drm, &ipc->lock); + ret = drmm_mutex_init(&vdev->drm, &ipc->lock); + if (ret) { + ivpu_err(vdev, "Failed to initialize ipc->lock, ret %d\n", ret); + goto err_free_rx; + } ivpu_ipc_reset(vdev); return 0;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 74e97958121aa1f5854da6effba70143f051b0cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041500-iodize-marina-a41e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 74e97958121a ("btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations") 3324d0547861 ("btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted") 1b53e51a4a8f ("btrfs: don't commit transaction for every subvol create") 45c40c8f9541 ("btrfs: move root tree prototypes to their own header") 2839c2c142dd ("btrfs: move delalloc space related prototypes to delalloc-space.h") a0231804affe ("btrfs: move extent-tree helpers into their own header file") e2f13b343c14 ("btrfs: move btrfs_account_ro_block_groups_free_space into space-info.c") 8483d40242c5 ("btrfs: remove extra space info prototypes in ctree.h") 6db75318823a ("btrfs: use struct fscrypt_str instead of struct qstr") ab3c5c18e8fa ("btrfs: setup qstr from dentrys using fscrypt helper") e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs") 07e81dc94474 ("btrfs: move accessor helpers into accessors.h") ad1ac5012c2b ("btrfs: move btrfs_map_token to accessors") 55e5cfd36da5 ("btrfs: remove fs_info::pending_changes and related code") 7966a6b5959b ("btrfs: move fs_info::flags enum to fs.h") fc97a410bd78 ("btrfs: move mount option definitions to fs.h") 0d3a9cf8c306 ("btrfs: convert incompat and compat flag test helpers to macros") ec8eb376e271 ("btrfs: move BTRFS_FS_STATE* definitions and helpers to fs.h") 9b569ea0be6f ("btrfs: move the printk helpers out of ctree.h") e118578a8df7 ("btrfs: move assert helpers out of ctree.h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 74e97958121aa1f5854da6effba70143f051b0cd Mon Sep 17 00:00:00 2001 From: Boris Burkov <boris(a)bur.io> Date: Thu, 21 Mar 2024 10:02:04 -0700 Subject: [PATCH] btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. When quota groups (squota or qgroups) are enabled, this reserves qgroup metadata of type PREALLOC. Once the operation is associated to a transaction, we convert PREALLOC to PERTRANS, which gets cleared in bulk at the end of the transaction. However, the error paths of these three operations were not implementing this lifecycle correctly. They unconditionally converted the PREALLOC to PERTRANS in a generic cleanup step regardless of errors or whether the operation was fully associated to a transaction or not. This resulted in error paths occasionally converting this rsv to PERTRANS without calling record_root_in_trans successfully, which meant that unless that root got recorded in the transaction by some other thread, the end of the transaction would not free that root's PERTRANS, leaking it. Ultimately, this resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount for the leaked reservation. The fix is to ensure that every qgroup PREALLOC reservation observes the following properties: 1. any failure before record_root_in_trans is called successfully results in freeing the PREALLOC reservation. 2. after record_root_in_trans, we convert to PERTRANS, and now the transaction owns freeing the reservation. This patch enforces those properties on the three operations. Without it, generic/269 with squotas enabled at mkfs time would fail in ~5-10 runs on my system. With this patch, it ran successfully 1000 times in a row. Fixes: e85fde5162bf ("btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 37701531eeb1..1f9e74c4161d 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -4503,6 +4503,7 @@ int btrfs_delete_subvolume(struct btrfs_inode *dir, struct dentry *dentry) struct btrfs_trans_handle *trans; struct btrfs_block_rsv block_rsv; u64 root_flags; + u64 qgroup_reserved = 0; int ret; down_write(&fs_info->subvol_sem); @@ -4547,12 +4548,20 @@ int btrfs_delete_subvolume(struct btrfs_inode *dir, struct dentry *dentry) ret = btrfs_subvolume_reserve_metadata(root, &block_rsv, 5, true); if (ret) goto out_undead; + qgroup_reserved = block_rsv.qgroup_rsv_reserved; trans = btrfs_start_transaction(root, 0); if (IS_ERR(trans)) { ret = PTR_ERR(trans); goto out_release; } + ret = btrfs_record_root_in_trans(trans, root); + if (ret) { + btrfs_abort_transaction(trans, ret); + goto out_end_trans; + } + btrfs_qgroup_convert_reserved_meta(root, qgroup_reserved); + qgroup_reserved = 0; trans->block_rsv = &block_rsv; trans->bytes_reserved = block_rsv.size; @@ -4611,7 +4620,9 @@ int btrfs_delete_subvolume(struct btrfs_inode *dir, struct dentry *dentry) ret = btrfs_end_transaction(trans); inode->i_flags |= S_DEAD; out_release: - btrfs_subvolume_release_metadata(root, &block_rsv); + btrfs_block_rsv_release(fs_info, &block_rsv, (u64)-1, NULL); + if (qgroup_reserved) + btrfs_qgroup_free_meta_prealloc(root, qgroup_reserved); out_undead: if (ret) { spin_lock(&dest->root_item_lock); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 38459a89b27c..5a507237c4fa 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -613,6 +613,7 @@ static noinline int create_subvol(struct mnt_idmap *idmap, int ret; dev_t anon_dev; u64 objectid; + u64 qgroup_reserved = 0; root_item = kzalloc(sizeof(*root_item), GFP_KERNEL); if (!root_item) @@ -650,13 +651,18 @@ static noinline int create_subvol(struct mnt_idmap *idmap, trans_num_items, false); if (ret) goto out_new_inode_args; + qgroup_reserved = block_rsv.qgroup_rsv_reserved; trans = btrfs_start_transaction(root, 0); if (IS_ERR(trans)) { ret = PTR_ERR(trans); - btrfs_subvolume_release_metadata(root, &block_rsv); - goto out_new_inode_args; + goto out_release_rsv; } + ret = btrfs_record_root_in_trans(trans, BTRFS_I(dir)->root); + if (ret) + goto out; + btrfs_qgroup_convert_reserved_meta(root, qgroup_reserved); + qgroup_reserved = 0; trans->block_rsv = &block_rsv; trans->bytes_reserved = block_rsv.size; /* Tree log can't currently deal with an inode which is a new root. */ @@ -767,9 +773,11 @@ static noinline int create_subvol(struct mnt_idmap *idmap, out: trans->block_rsv = NULL; trans->bytes_reserved = 0; - btrfs_subvolume_release_metadata(root, &block_rsv); - btrfs_end_transaction(trans); +out_release_rsv: + btrfs_block_rsv_release(fs_info, &block_rsv, (u64)-1, NULL); + if (qgroup_reserved) + btrfs_qgroup_free_meta_prealloc(root, qgroup_reserved); out_new_inode_args: btrfs_new_inode_args_destroy(&new_inode_args); out_inode: @@ -791,6 +799,8 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, struct btrfs_pending_snapshot *pending_snapshot; unsigned int trans_num_items; struct btrfs_trans_handle *trans; + struct btrfs_block_rsv *block_rsv; + u64 qgroup_reserved = 0; int ret; /* We do not support snapshotting right now. */ @@ -827,19 +837,19 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, goto free_pending; } - btrfs_init_block_rsv(&pending_snapshot->block_rsv, - BTRFS_BLOCK_RSV_TEMP); + block_rsv = &pending_snapshot->block_rsv; + btrfs_init_block_rsv(block_rsv, BTRFS_BLOCK_RSV_TEMP); /* * 1 to add dir item * 1 to add dir index * 1 to update parent inode item */ trans_num_items = create_subvol_num_items(inherit) + 3; - ret = btrfs_subvolume_reserve_metadata(BTRFS_I(dir)->root, - &pending_snapshot->block_rsv, + ret = btrfs_subvolume_reserve_metadata(BTRFS_I(dir)->root, block_rsv, trans_num_items, false); if (ret) goto free_pending; + qgroup_reserved = block_rsv->qgroup_rsv_reserved; pending_snapshot->dentry = dentry; pending_snapshot->root = root; @@ -852,6 +862,13 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, ret = PTR_ERR(trans); goto fail; } + ret = btrfs_record_root_in_trans(trans, BTRFS_I(dir)->root); + if (ret) { + btrfs_end_transaction(trans); + goto fail; + } + btrfs_qgroup_convert_reserved_meta(root, qgroup_reserved); + qgroup_reserved = 0; trans->pending_snapshot = pending_snapshot; @@ -881,7 +898,9 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, if (ret && pending_snapshot->snap) pending_snapshot->snap->anon_dev = 0; btrfs_put_root(pending_snapshot->snap); - btrfs_subvolume_release_metadata(root, &pending_snapshot->block_rsv); + btrfs_block_rsv_release(fs_info, block_rsv, (u64)-1, NULL); + if (qgroup_reserved) + btrfs_qgroup_free_meta_prealloc(root, qgroup_reserved); free_pending: if (pending_snapshot->anon_dev) free_anon_bdev(pending_snapshot->anon_dev); diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c index 4bb538a372ce..7007f9e0c972 100644 --- a/fs/btrfs/root-tree.c +++ b/fs/btrfs/root-tree.c @@ -548,13 +548,3 @@ int btrfs_subvolume_reserve_metadata(struct btrfs_root *root, } return ret; } - -void btrfs_subvolume_release_metadata(struct btrfs_root *root, - struct btrfs_block_rsv *rsv) -{ - struct btrfs_fs_info *fs_info = root->fs_info; - u64 qgroup_to_release; - - btrfs_block_rsv_release(fs_info, rsv, (u64)-1, &qgroup_to_release); - btrfs_qgroup_convert_reserved_meta(root, qgroup_to_release); -} diff --git a/fs/btrfs/root-tree.h b/fs/btrfs/root-tree.h index 6f929cf3bd49..8f5739e732b9 100644 --- a/fs/btrfs/root-tree.h +++ b/fs/btrfs/root-tree.h @@ -18,8 +18,6 @@ struct btrfs_trans_handle; int btrfs_subvolume_reserve_metadata(struct btrfs_root *root, struct btrfs_block_rsv *rsv, int nitems, bool use_global_rsv); -void btrfs_subvolume_release_metadata(struct btrfs_root *root, - struct btrfs_block_rsv *rsv); int btrfs_add_root_ref(struct btrfs_trans_handle *trans, u64 root_id, u64 ref_id, u64 dirid, u64 sequence, const struct fscrypt_str *name);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: qgroup: correctly model root qgroup rsv in convert" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 141fb8cd206ace23c02cd2791c6da52c1d77d42a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041534-compel-iguana-50ce@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 141fb8cd206a ("btrfs: qgroup: correctly model root qgroup rsv in convert") 4fd786e6c3d6 ("btrfs: Remove 'objectid' member from struct btrfs_root") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 141fb8cd206ace23c02cd2791c6da52c1d77d42a Mon Sep 17 00:00:00 2001 From: Boris Burkov <boris(a)bur.io> Date: Tue, 19 Mar 2024 10:54:22 -0700 Subject: [PATCH] btrfs: qgroup: correctly model root qgroup rsv in convert We use add_root_meta_rsv and sub_root_meta_rsv to track prealloc and pertrans reservations for subvolumes when quotas are enabled. The convert function does not properly increment pertrans after decrementing prealloc, so the count is not accurate. Note: we check that the fs is not read-only to mirror the logic in qgroup_convert_meta, which checks that before adding to the pertrans rsv. Fixes: 8287475a2055 ("btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c index 5f90f0605b12..cf8820ce7aa2 100644 --- a/fs/btrfs/qgroup.c +++ b/fs/btrfs/qgroup.c @@ -4495,6 +4495,8 @@ void btrfs_qgroup_convert_reserved_meta(struct btrfs_root *root, int num_bytes) BTRFS_QGROUP_RSV_META_PREALLOC); trace_qgroup_meta_convert(root, num_bytes); qgroup_convert_meta(fs_info, root->root_key.objectid, num_bytes); + if (!sb_rdonly(fs_info->sb)) + add_root_meta_rsv(root, num_bytes, BTRFS_QGROUP_RSV_META_PERTRANS); } /*

1 year, 5 months

1
0
0 0

[PATCH 6.6/6.1 0/1] pppoe: Fix memory leak in pppoe_sendmsg()

by Gavrilov Ilia

syzbot reports a memory leak in pppoe_sendmsg in 6.6 and 6.1 stable releases. The problem has been fixed by the following patch which can be cleanly applied to the 6.6 and 6.1 branches. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller Gavrilov Ilia (1): pppoe: Fix memory leak in pppoe_sendmsg() drivers/net/ppp/pppoe.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) -- 2.39.2

1 year, 5 months

1
1
0 0

[PATCH 5.15/5.10/5.4/4.19 0/1] pppoe: Fix memory leak in pppoe_sendmsg()

by Gavrilov Ilia

syzbot reports a memory leak in pppoe_sendmsg in 5.15, 5.10, 5.4 and 4.19 stable releases. The problem has been fixed by the following patch which can be cleanly applied to the 5.15, 5.10, 5.4 and 4.19 branches. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller Gavrilov Ilia (1): pppoe: Fix memory leak in pppoe_sendmsg() drivers/net/ppp/pppoe.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) -- 2.39.2

1 year, 5 months

1
1
0 0

[PATCH 5.10.y 1/1] mailbox: imx: fix suspend failue

by Daisuke Mizobuchi

When an interrupt occurs, it always wakes up. Suspend fails as follows: armadillo:~# echo mem > /sys/power/state [ 2614.602432] PM: suspend entry (deep) [ 2614.610640] Filesystems sync: 0.004 seconds [ 2614.618016] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 2614.626555] OOM killer disabled. [ 2614.629792] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 2614.638456] printk: Suspending console(s) (use no_console_suspend to debug) [ 2614.649504] PM: Some devices failed to suspend, or early wake event detected [ 2614.730103] PM: resume devices took 0.080 seconds [ 2614.741924] OOM killer enabled. [ 2614.745073] Restarting tasks ... done. [ 2614.754532] PM: suspend exit ash: write error: Resource busy armadillo:~# Upstream is correct, so it seems to be a mistake in cheery-pick. Cc: <stable(a)vger.kernel.org> Fixes: a16f5ae8ade1 ("mailbox: imx: fix wakeup failure from freeze mode") Signed-off-by: Daisuke Mizobuchi <mizo(a)atmark-techno.com> --- drivers/mailbox/imx-mailbox.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c index c5663398c6b7..28f5450e4130 100644 --- a/drivers/mailbox/imx-mailbox.c +++ b/drivers/mailbox/imx-mailbox.c @@ -331,8 +331,6 @@ static int imx_mu_startup(struct mbox_chan *chan) break; } - priv->suspend = true; - return 0; } @@ -550,8 +548,6 @@ static int imx_mu_probe(struct platform_device *pdev) clk_disable_unprepare(priv->clk); - priv->suspend = false; - return 0; disable_runtime_pm: @@ -614,6 +610,8 @@ static int __maybe_unused imx_mu_suspend_noirq(struct device *dev) if (!priv->clk) priv->xcr = imx_mu_read(priv, priv->dcfg->xCR); + priv->suspend = true; + return 0; } @@ -632,6 +630,8 @@ static int __maybe_unused imx_mu_resume_noirq(struct device *dev) if (!imx_mu_read(priv, priv->dcfg->xCR) && !priv->clk) imx_mu_write(priv, priv->xcr, priv->dcfg->xCR); + priv->suspend = false; + return 0; } -- 2.30.2

1 year, 5 months

3
2
0 0

[PATCH 4.19.y v4 0/2] Double-free bug discovery on testing trigger-field-variable-support.tc

by George Guo

1) About v4-0001-tracing-Remove-hist-trigger-synth_var_refs.patch: The reason I am backporting this patch is that no one found the double-free bug at that time, then later the code was removed on upstream, but 4.19-stable has the bug. This is tested via "./ftracetest test.d/trigger/inter-event/ trigger-field-variable-support.tc" ================================================================== BUG: KASAN: use-after-free in destroy_hist_field+0x115/0x140 Read of size 4 at addr ffff888012e95318 by task ftracetest/1858 CPU: 1 PID: 1858 Comm: ftracetest Kdump: loaded Tainted: GE 4.19.90-89 #24 Source Version: Unknown Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0 Call Trace: dump_stack+0xcb/0x10b print_address_description.cold+0x54/0x249 kasan_report_error.cold+0x63/0xab ? destroy_hist_field+0x115/0x140 __asan_report_load4_noabort+0x8d/0xa0 ? destroy_hist_field+0x115/0x140 destroy_hist_field+0x115/0x140 destroy_hist_data+0x4e4/0x9a0 event_hist_trigger_free+0x212/0x2f0 ? update_cond_flag+0x128/0x170 ? event_hist_trigger_func+0x2880/0x2880 hist_unregister_trigger+0x2f2/0x4f0 event_hist_trigger_func+0x168c/0x2880 ? tracing_map_read_var_once+0xd0/0xd0 ? create_key_field+0x520/0x520 ? __mutex_lock_slowpath+0x10/0x10 event_trigger_write+0x2f4/0x490 ? trigger_start+0x180/0x180 ? __fget_light+0x369/0x5d0 ? count_memcg_event_mm+0x104/0x2b0 ? trigger_start+0x180/0x180 __vfs_write+0x81/0x100 vfs_write+0x1e1/0x540 ksys_write+0x12a/0x290 ? __ia32_sys_read+0xb0/0xb0 ? __close_fd+0x1d3/0x280 do_syscall_64+0xe3/0x2d0 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 RIP: 0033:0x7efdd342ee04 Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 48 8d 05 39 34 0c 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5 RSP: 002b:00007ffda01f5e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000000000b4 RCX: 00007efdd342ee04 RDX: 00000000000000b4 RSI: 000055c5b41b1e90 RDI: 0000000000000001 RBP: 000055c5b41b1e90 R08: 000000000000000a R09: 0000000000000000 R10: 000000000000000a R11: 0000000000000246 R12: 00007efdd34ed5c0 R13: 00000000000000b4 R14: 00007efdd34ed7c0 R15: 00000000000000b4 ================================================================== 2) About v4-0002-tracing-Use-var_refs-for-hist-trigger-reference-c.patch: Only v4-0001-tracing-Remove-hist-trigger-synth_var_refs.patch will lead to compilation errors: ../kernel/trace/trace_events_hist.c: In function ��find_var_ref��: ../kernel/trace/trace_events_hist.c:1364:36: error: ��struct hist_trigger_data�� has no member named ��n_synth_var_refs��; did you mean ��n_var_refs��? 1364 | for (i = 0; i < hist_data->n_synth_var_refs; i++) { | ^~~~~~~~~~~~~~~~ | n_var_refs ../kernel/trace/trace_events_hist.c:1365:41: error: ��struct hist_trigger_data�� has no member named ��synth_var_refs��; did you mean ��n_var_refs��? 1365 | hist_field = hist_data->synth_var_refs[i]; | ^~~~~~~~~~~~~~ | n_var_refs Tom Zanussi (2): tracing: Remove hist trigger synth_var_refs tracing: Use var_refs[] for hist trigger reference checking kernel/trace/trace_events_hist.c | 86 ++++---------------------------- 1 file changed, 11 insertions(+), 75 deletions(-) -- 2.34.1

1 year, 5 months

2
4
0 0

[PATCH 4.14-openela 049/190] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling

by Sasha Levin

From: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> [ Upstream commit b65ba0c362be665192381cc59e3ac3ef6f0dd1e1 ] In commit 92af4fc6ec33 ("usb: musb: Fix suspend with devices connected for a64"), the logic to support the MUSB_QUIRK_B_DISCONNECT_99 quirk was modified to only conditionally schedule the musb->irq_work delayed work. This commit badly breaks ECM Gadget on AM335X. Indeed, with this commit, one can observe massive packet loss: $ ping 192.168.0.100 ... 15 packets transmitted, 3 received, 80% packet loss, time 14316ms Reverting this commit brings back a properly functioning ECM Gadget. An analysis of the commit seems to indicate that a mistake was made: the previous code was not falling through into the MUSB_QUIRK_B_INVALID_VBUS_91, but now it is, unless the condition is taken. Changing the logic to be as it was before the problematic commit *and* only conditionally scheduling musb->irq_work resolves the regression: $ ping 192.168.0.100 ... 64 packets transmitted, 64 received, 0% packet loss, time 64475ms Fixes: 92af4fc6ec33 ("usb: musb: Fix suspend with devices connected for a64") Cc: stable(a)vger.kernel.org Tested-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Tested-by: Drew Fustini <drew(a)beagleboard.org> Acked-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Link: https://lore.kernel.org/r/20210528140446.278076-1-thomas.petazzoni@bootlin.… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/musb/musb_core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c index 9ed604ddbb585..580f4c12eada3 100644 --- a/drivers/usb/musb/musb_core.c +++ b/drivers/usb/musb/musb_core.c @@ -1869,9 +1869,8 @@ static void musb_pm_runtime_check_session(struct musb *musb) schedule_delayed_work(&musb->irq_work, msecs_to_jiffies(1000)); musb->quirk_retries--; - break; } - /* fall through */ + break; case MUSB_QUIRK_B_INVALID_VBUS_91: if (musb->quirk_retries && !musb->flush_irq_work) { musb_dbg(musb, -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 046/190] ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit 13736654481198e519059d4a2e2e3b20fa9fdb3e ] MS confirm that "AISi" name of SMB2_CREATE_ALLOCATION_SIZE in MS-SMB2 specification is a typo. cifs/ksmbd have been using this wrong name from MS-SMB2. It should be "AlSi". Also It will cause problem when running smb2.create.open test in smbtorture against ksmbd. Cc: stable(a)vger.kernel.org Fixes: 12197a7fdda9 ("Clarify SMB2/SMB3 create context and add missing ones") Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Reviewed-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/cifs/smb2pdu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h index 407425d31b2eb..9ba9412c392f1 100644 --- a/fs/cifs/smb2pdu.h +++ b/fs/cifs/smb2pdu.h @@ -485,7 +485,7 @@ struct smb2_tree_disconnect_rsp { #define SMB2_CREATE_SD_BUFFER "SecD" /* security descriptor */ #define SMB2_CREATE_DURABLE_HANDLE_REQUEST "DHnQ" #define SMB2_CREATE_DURABLE_HANDLE_RECONNECT "DHnC" -#define SMB2_CREATE_ALLOCATION_SIZE "AISi" +#define SMB2_CREATE_ALLOCATION_SIZE "AlSi" #define SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST "MxAc" #define SMB2_CREATE_TIMEWARP_REQUEST "TWrp" #define SMB2_CREATE_QUERY_ON_DISK_ID "QFid" -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 045/190] PCI: keystone: Don't discard .probe() callback

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit 7994db905c0fd692cf04c527585f08a91b560144 ] The __init annotation makes the ks_pcie_probe() function disappear after booting completes. However a device can also be bound later. In that case, we try to call ks_pcie_probe(), but the backing memory is likely already overwritten. The right thing to do is do always have the probe callback available. Note that the (wrong) __refdata annotation prevented this issue to be noticed by modpost. Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver") Link: https://lore.kernel.org/r/20231001170254.2506508-5-u.kleine-koenig@pengutro… Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/dwc/pci-keystone.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/dwc/pci-keystone.c b/drivers/pci/dwc/pci-keystone.c index 54fe75fd46b9d..6696d3999bffc 100644 --- a/drivers/pci/dwc/pci-keystone.c +++ b/drivers/pci/dwc/pci-keystone.c @@ -388,7 +388,7 @@ static int ks_pcie_remove(struct platform_device *pdev) return 0; } -static int __init ks_pcie_probe(struct platform_device *pdev) +static int ks_pcie_probe(struct platform_device *pdev) { struct device *dev = &pdev->dev; struct dw_pcie *pci; @@ -455,7 +455,7 @@ static int __init ks_pcie_probe(struct platform_device *pdev) return ret; } -static struct platform_driver ks_pcie_driver __refdata = { +static struct platform_driver ks_pcie_driver = { .probe = ks_pcie_probe, .remove = ks_pcie_remove, .driver = { -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 044/190] PCI: keystone: Don't discard .remove() callback

by Sasha Levin

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> [ Upstream commit 200bddbb3f5202bbce96444fdc416305de14f547 ] With CONFIG_PCIE_KEYSTONE=y and ks_pcie_remove() marked with __exit, the function is discarded from the driver. In this case a bound device can still get unbound, e.g via sysfs. Then no cleanup code is run resulting in resource leaks or worse. The right thing to do is do always have the remove callback available. Note that this driver cannot be compiled as a module, so ks_pcie_remove() was always discarded before this change and modpost couldn't warn about this issue. Furthermore the __ref annotation also prevents a warning. Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver") Link: https://lore.kernel.org/r/20231001170254.2506508-4-u.kleine-koenig@pengutro… Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/dwc/pci-keystone.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/dwc/pci-keystone.c b/drivers/pci/dwc/pci-keystone.c index 3ea8288c16053..54fe75fd46b9d 100644 --- a/drivers/pci/dwc/pci-keystone.c +++ b/drivers/pci/dwc/pci-keystone.c @@ -379,7 +379,7 @@ static const struct dw_pcie_ops dw_pcie_ops = { .link_up = ks_dw_pcie_link_up, }; -static int __exit ks_pcie_remove(struct platform_device *pdev) +static int ks_pcie_remove(struct platform_device *pdev) { struct keystone_pcie *ks_pcie = platform_get_drvdata(pdev); @@ -457,7 +457,7 @@ static int __init ks_pcie_probe(struct platform_device *pdev) static struct platform_driver ks_pcie_driver __refdata = { .probe = ks_pcie_probe, - .remove = __exit_p(ks_pcie_remove), + .remove = ks_pcie_remove, .driver = { .name = "keystone-pcie", .of_match_table = of_match_ptr(ks_pcie_of_match), -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 034/190] ASoC: cs42l51: fix driver to properly autoload with automatic module loading

by Sasha Levin

From: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> [ Upstream commit e51df4f81b02bcdd828a04de7c1eb6a92988b61e ] In commit 2cb1e0259f50 ("ASoC: cs42l51: re-hook of_match_table pointer"), 9 years ago, some random guy fixed the cs42l51 after it was split into a core part and an I2C part to properly match based on a Device Tree compatible string. However, the fix in this commit is wrong: the MODULE_DEVICE_TABLE(of, ....) is in the core part of the driver, not the I2C part. Therefore, automatic module loading based on module.alias, based on matching with the DT compatible string, loads the core part of the driver, but not the I2C part. And threfore, the i2c_driver is not registered, and the codec is not known to the system, nor matched with a DT node with the corresponding compatible string. In order to fix that, we move the MODULE_DEVICE_TABLE(of, ...) into the I2C part of the driver. The cs42l51_of_match[] array is also moved as well, as it is not possible to have this definition in one file, and the MODULE_DEVICE_TABLE(of, ...) invocation in another file, due to how MODULE_DEVICE_TABLE works. Thanks to this commit, the I2C part of the driver now properly autoloads, and thanks to its dependency on the core part, the core part gets autoloaded as well, resulting in a functional sound card without having to manually load kernel modules. Fixes: 2cb1e0259f50 ("ASoC: cs42l51: re-hook of_match_table pointer") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Link: https://lore.kernel.org/r/20230713112112.778576-1-thomas.petazzoni@bootlin.… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/cs42l51-i2c.c | 6 ++++++ sound/soc/codecs/cs42l51.c | 7 ------- sound/soc/codecs/cs42l51.h | 1 - 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/sound/soc/codecs/cs42l51-i2c.c b/sound/soc/codecs/cs42l51-i2c.c index 9bad478474fa3..5614378557d0c 100644 --- a/sound/soc/codecs/cs42l51-i2c.c +++ b/sound/soc/codecs/cs42l51-i2c.c @@ -23,6 +23,12 @@ static struct i2c_device_id cs42l51_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, cs42l51_i2c_id); +const struct of_device_id cs42l51_of_match[] = { + { .compatible = "cirrus,cs42l51", }, + { } +}; +MODULE_DEVICE_TABLE(of, cs42l51_of_match); + static int cs42l51_i2c_probe(struct i2c_client *i2c, const struct i2c_device_id *id) { diff --git a/sound/soc/codecs/cs42l51.c b/sound/soc/codecs/cs42l51.c index f8072f1897d4c..b9de9836f2f4c 100644 --- a/sound/soc/codecs/cs42l51.c +++ b/sound/soc/codecs/cs42l51.c @@ -562,13 +562,6 @@ int cs42l51_probe(struct device *dev, struct regmap *regmap) } EXPORT_SYMBOL_GPL(cs42l51_probe); -const struct of_device_id cs42l51_of_match[] = { - { .compatible = "cirrus,cs42l51", }, - { } -}; -MODULE_DEVICE_TABLE(of, cs42l51_of_match); -EXPORT_SYMBOL_GPL(cs42l51_of_match); - MODULE_AUTHOR("Arnaud Patard <arnaud.patard(a)rtp-net.org>"); MODULE_DESCRIPTION("Cirrus Logic CS42L51 ALSA SoC Codec Driver"); MODULE_LICENSE("GPL"); diff --git a/sound/soc/codecs/cs42l51.h b/sound/soc/codecs/cs42l51.h index 0ca805492ac4b..8c55bf384bc65 100644 --- a/sound/soc/codecs/cs42l51.h +++ b/sound/soc/codecs/cs42l51.h @@ -22,7 +22,6 @@ struct device; extern const struct regmap_config cs42l51_regmap; int cs42l51_probe(struct device *dev, struct regmap *regmap); -extern const struct of_device_id cs42l51_of_match[]; #define CS42L51_CHIP_ID 0x1B #define CS42L51_CHIP_REV_A 0x00 -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 033/190] PCI: qcom: Disable write access to read only registers for IP v2.3.3

by Sasha Levin

From: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [ Upstream commit a33d700e8eea76c62120cb3dbf5e01328f18319a ] In the post init sequence of v2.9.0, write access to read only registers are not disabled after updating the registers. Fix it by disabling the access after register update. Link: https://lore.kernel.org/r/20230619150408.8468-2-manivannan.sadhasivam@linar… Fixes: 5d76117f070d ("PCI: qcom: Add support for IPQ8074 PCIe controller") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Lorenzo Pieralisi <lpieralisi(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/dwc/pcie-qcom.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pci/dwc/pcie-qcom.c b/drivers/pci/dwc/pcie-qcom.c index fe710f83e59bc..431bc0e4d3eec 100644 --- a/drivers/pci/dwc/pcie-qcom.c +++ b/drivers/pci/dwc/pcie-qcom.c @@ -730,6 +730,8 @@ static int qcom_pcie_get_resources_2_4_0(struct qcom_pcie *pcie) if (IS_ERR(res->phy_ahb_reset)) return PTR_ERR(res->phy_ahb_reset); + dw_pcie_dbi_ro_wr_dis(pci); + return 0; } -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 032/190] pinctrl: amd: Only use special debounce behavior for GPIO 0

by Sasha Levin

From: Mario Limonciello <mario.limonciello(a)amd.com> [ Upstream commit 0d5ace1a07f7e846d0f6d972af60d05515599d0b ] It's uncommon to use debounce on any other pin, but technically we should only set debounce to 0 when working off GPIO0. Cc: stable(a)vger.kernel.org Tested-by: Jan Visser <starquake(a)linuxeverywhere.org> Fixes: 968ab9261627 ("pinctrl: amd: Detect internal GPIO0 debounce handling") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://lore.kernel.org/r/20230705133005.577-2-mario.limonciello@amd.com Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pinctrl/pinctrl-amd.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c index 41f12fa15143c..693137e0574fd 100644 --- a/drivers/pinctrl/pinctrl-amd.c +++ b/drivers/pinctrl/pinctrl-amd.c @@ -116,9 +116,11 @@ static int amd_gpio_set_debounce(struct gpio_chip *gc, unsigned offset, raw_spin_lock_irqsave(&gpio_dev->lock, flags); /* Use special handling for Pin0 debounce */ - pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG); - if (pin_reg & INTERNAL_GPIO0_DEBOUNCE) - debounce = 0; + if (offset == 0) { + pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG); + if (pin_reg & INTERNAL_GPIO0_DEBOUNCE) + debounce = 0; + } pin_reg = readl(gpio_dev->base + offset * 4); -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 031/190] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

by Sasha Levin

From: Daniel Vacek <neelx(a)redhat.com> [ Upstream commit e6f57c6881916df39db7d95981a8ad2b9c3458d6 ] Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `sendmsg` system call. [ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI [ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1] -- [ 1080.974535] Call Trace: [ 1080.976990] <TASK> [ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1] [ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1] [ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1] [ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib] [ 1081.046978] dev_hard_start_xmit+0xc4/0x210 -- [ 1081.148347] __sys_sendmsg+0x59/0xa0 crash> ipoib_txreq 0xffff9cfeba229f00 struct ipoib_txreq { txreq = { list = { next = 0xffff9cfeba229f00, prev = 0xffff9cfeba229f00 }, descp = 0xffff9cfeba229f40, coalesce_buf = 0x0, wait = 0xffff9cfea4e69a48, complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>, packet_len = 0x46d, tlen = 0x0, num_desc = 0x0, desc_limit = 0x6, next_descq_idx = 0x45c, coalesce_idx = 0x0, flags = 0x0, descs = {{ qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63) }, { qw = { 0x3800014231b108, 0x4} }, { qw = { 0x310000e4ee0fcf0, 0x8} }, { qw = { 0x3000012e9f8000, 0x8} }, { qw = { 0x59000dfb9d0000, 0x8} }, { qw = { 0x78000e02e40000, 0x8} }} }, sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62) complete = 0x0, priv = 0x0, txq = 0xffff9cfea4e69880, skb = 0xffff9d099809f400 } If an SDMA send consists of exactly 6 descriptors and requires dword padding (in the 7th descriptor), the sdma_txreq descriptor array is not properly expanded and the packet will overflow into the container structure. This results in a panic when the send completion runs. The exact panic varies depending on what elements of the container structure get corrupted. The fix is to use the correct expression in _pad_sdma_tx_descs() to test the need to expand the descriptor array. With this patch the crashes are no longer reproducible and the machine is stable. Fixes: fd8958efe877 ("IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors") Cc: stable(a)vger.kernel.org Reported-by: Mats Kronberg <kronberg(a)nsc.liu.se> Tested-by: Mats Kronberg <kronberg(a)nsc.liu.se> Signed-off-by: Daniel Vacek <neelx(a)redhat.com> Link: https://lore.kernel.org/r/20240201081009.1109442-1-neelx@redhat.com Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/hw/hfi1/sdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c index aeaed09360055..4067273fdd7b1 100644 --- a/drivers/infiniband/hw/hfi1/sdma.c +++ b/drivers/infiniband/hw/hfi1/sdma.c @@ -3212,7 +3212,7 @@ int _pad_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx) { int rval = 0; - if ((unlikely(tx->num_desc + 1 == tx->desc_limit))) { + if ((unlikely(tx->num_desc == tx->desc_limit))) { rval = _extend_sdma_tx_descs(dd, tx); if (rval) { __sdma_txclean(dd, tx); -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 029/190] smb: client: fix OOB in smbCalcSize()

by Sasha Levin

From: Paulo Alcantara <pc(a)manguebit.com> [ Upstream commit b35858b3786ddbb56e1c35138ba25d6adf8d0bef ] Validate @smb->WordCount to avoid reading off the end of @smb and thus causing the following KASAN splat: BUG: KASAN: slab-out-of-bounds in smbCalcSize+0x32/0x40 [cifs] Read of size 2 at addr ffff88801c024ec5 by task cifsd/1328 CPU: 1 PID: 1328 Comm: cifsd Not tainted 6.7.0-rc5 #9 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x4a/0x80 print_report+0xcf/0x650 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? __phys_addr+0x46/0x90 kasan_report+0xd8/0x110 ? smbCalcSize+0x32/0x40 [cifs] ? smbCalcSize+0x32/0x40 [cifs] kasan_check_range+0x105/0x1b0 smbCalcSize+0x32/0x40 [cifs] checkSMB+0x162/0x370 [cifs] ? __pfx_checkSMB+0x10/0x10 [cifs] cifs_handle_standard+0xbc/0x2f0 [cifs] ? srso_alias_return_thunk+0x5/0xfbef5 cifs_demultiplex_thread+0xed1/0x1360 [cifs] ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] ? srso_alias_return_thunk+0x5/0xfbef5 ? lockdep_hardirqs_on_prepare+0x136/0x210 ? __pfx_lock_release+0x10/0x10 ? srso_alias_return_thunk+0x5/0xfbef5 ? mark_held_locks+0x1a/0x90 ? lockdep_hardirqs_on_prepare+0x136/0x210 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? __kthread_parkme+0xce/0xf0 ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] kthread+0x18d/0x1d0 ? kthread+0xdb/0x1d0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> This fixes CVE-2023-6606. Reported-by: j51569436(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218218 Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/cifs/misc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index d0e024856c0d4..d22454f4cf841 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -334,6 +334,10 @@ checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server) cifs_dbg(VFS, "Length less than smb header size\n"); } return -EIO; + } else if (total_read < sizeof(*smb) + 2 * smb->WordCount) { + cifs_dbg(VFS, "%s: can't read BCC due to invalid WordCount(%u)\n", + __func__, smb->WordCount); + return -EIO; } /* otherwise, there is enough to get to the BCC */ -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 028/190] btrfs: do not allow non subvolume root targets for snapshot

by Sasha Levin

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit a8892fd71933126ebae3d60aec5918d4dceaae76 ] Our btrfs subvolume snapshot <source> <destination> utility enforces that <source> is the root of the subvolume, however this isn't enforced in the kernel. Update the kernel to also enforce this limitation to avoid problems with other users of this ioctl that don't have the appropriate checks in place. Reported-by: Martin Michaelis <code(a)mgjm.de> CC: stable(a)vger.kernel.org # 4.14+ Reviewed-by: Neal Gompa <neal(a)gompa.dev> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/ioctl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index c8bc8cf5a41f2..61ab4bc3ca1b5 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1695,6 +1695,15 @@ static noinline int btrfs_ioctl_snap_create_transid(struct file *file, * are limited to own subvolumes only */ ret = -EPERM; + } else if (btrfs_ino(BTRFS_I(src_inode)) != BTRFS_FIRST_FREE_OBJECTID) { + /* + * Snapshots must be made with the src_inode referring + * to the subvolume inode, otherwise the permission + * checking above is useless because we may have + * permission on a lower directory but not the subvol + * itself. + */ + ret = -EINVAL; } else { ret = btrfs_mksubvol(&file->f_path, name, namelen, BTRFS_I(src_inode)->root, -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 025/190] arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names

by Sasha Levin

From: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> [ Upstream commit 24165c5dad7ba7c7624d05575a5e0cc851396c71 ] Fix a unit_address_vs_reg warning for the USB VBUS fixed regulators by renaming the regulator nodes from regulator@{0,1} to regulator-usb-p0 and regulator-usb-p1. Cc: stable(a)vger.kernel.org Fixes: c0891284a74a ("arm64: dts: mediatek: add USB3 DRD driver") Link: https://lore.kernel.org/r/20231025093816.44327-8-angelogioacchino.delregno@… Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/mediatek/mt8173-evb.dts b/arch/arm64/boot/dts/mediatek/mt8173-evb.dts index 1c3634fa94bf4..03ffb331008af 100644 --- a/arch/arm64/boot/dts/mediatek/mt8173-evb.dts +++ b/arch/arm64/boot/dts/mediatek/mt8173-evb.dts @@ -51,7 +51,7 @@ id-gpio = <&pio 16 GPIO_ACTIVE_HIGH>; }; - usb_p1_vbus: regulator@0 { + usb_p1_vbus: regulator-usb-p1 { compatible = "regulator-fixed"; regulator-name = "usb_vbus"; regulator-min-microvolt = <5000000>; @@ -60,7 +60,7 @@ enable-active-high; }; - usb_p0_vbus: regulator@1 { + usb_p0_vbus: regulator-usb-p0 { compatible = "regulator-fixed"; regulator-name = "vbus"; regulator-min-microvolt = <5000000>; -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 023/190] fbdev: stifb: Make the STI next font pointer a 32-bit signed offset

by Sasha Levin

From: Helge Deller <deller(a)gmx.de> [ Upstream commit 8a32aa17c1cd48df1ddaa78e45abcb8c7a2220d6 ] The pointer to the next STI font is actually a signed 32-bit offset. With this change the 64-bit kernel will correctly subract the (signed 32-bit) offset instead of adding a (unsigned 32-bit) offset. It has no effect on 32-bit kernels. This fixes the stifb driver with a 64-bit kernel on qemu. Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/video/fbdev/sticore.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/video/fbdev/sticore.h b/drivers/video/fbdev/sticore.h index fb8f58f9867a7..0416e2bc27d85 100644 --- a/drivers/video/fbdev/sticore.h +++ b/drivers/video/fbdev/sticore.h @@ -237,7 +237,7 @@ struct sti_rom_font { u8 height; u8 font_type; /* language type */ u8 bytes_per_char; - u32 next_font; + s32 next_font; /* note: signed int */ u8 underline_height; u8 underline_pos; u8 res008[2]; -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 022/190] smb3: fix touch -h of symlink

by Sasha Levin

From: Steve French <stfrench(a)microsoft.com> [ Upstream commit 475efd9808a3094944a56240b2711349e433fb66 ] For example: touch -h -t 02011200 testfile where testfile is a symlink would not change the timestamp, but touch -t 02011200 testfile does work to change the timestamp of the target Suggested-by: David Howells <dhowells(a)redhat.com> Reported-by: Micah Veilleux <micah.veilleux(a)iba-group.com> Closes: https://bugzilla.samba.org/show_bug.cgi?id=14476 Cc: stable(a)vger.kernel.org Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/cifs/cifsfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 1d3f98572068f..c676d916b4b6d 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -924,6 +924,7 @@ const struct inode_operations cifs_file_inode_ops = { const struct inode_operations cifs_symlink_inode_ops = { .get_link = cifs_get_link, + .setattr = cifs_setattr, .permission = cifs_permission, .listxattr = cifs_listxattr, }; -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 021/190] MIPS: KVM: Fix a build warning about variable set but not used

by Sasha Levin

From: Huacai Chen <chenhuacai(a)loongson.cn> [ Upstream commit 83767a67e7b6a0291cde5681ec7e3708f3f8f877 ] After commit 411740f5422a ("KVM: MIPS/MMU: Implement KVM_CAP_SYNC_MMU") old_pte is no longer used in kvm_mips_map_page(). So remove it to fix a build warning about variable set but not used: arch/mips/kvm/mmu.c: In function 'kvm_mips_map_page': >> arch/mips/kvm/mmu.c:701:29: warning: variable 'old_pte' set but not used [-Wunused-but-set-variable] 701 | pte_t *ptep, entry, old_pte; | ^~~~~~~ Cc: stable(a)vger.kernel.org Fixes: 411740f5422a960 ("KVM: MIPS/MMU: Implement KVM_CAP_SYNC_MMU") Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202310070530.aARZCSfh-lkp@intel.com/ Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> Signed-off-by: Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/mips/kvm/mmu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/mips/kvm/mmu.c b/arch/mips/kvm/mmu.c index ee64db0327933..0ed17805dfe4c 100644 --- a/arch/mips/kvm/mmu.c +++ b/arch/mips/kvm/mmu.c @@ -701,7 +701,7 @@ static int kvm_mips_map_page(struct kvm_vcpu *vcpu, unsigned long gpa, gfn_t gfn = gpa >> PAGE_SHIFT; int srcu_idx, err; kvm_pfn_t pfn; - pte_t *ptep, entry, old_pte; + pte_t *ptep, entry; bool writeable; unsigned long prot_bits; unsigned long mmu_seq; @@ -774,7 +774,6 @@ static int kvm_mips_map_page(struct kvm_vcpu *vcpu, unsigned long gpa, entry = pfn_pte(pfn, __pgprot(prot_bits)); /* Write the PTE */ - old_pte = *ptep; set_pte(ptep, entry); err = 0; -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 013/190] iio: exynos-adc: request second interupt only when touchscreen mode is used

by Sasha Levin

From: Marek Szyprowski <m.szyprowski(a)samsung.com> [ Upstream commit 865b080e3229102f160889328ce2e8e97aa65ea0 ] Second interrupt is needed only when touchscreen mode is used, so don't request it unconditionally. This removes the following annoying warning during boot: exynos-adc 14d10000.adc: error -ENXIO: IRQ index 1 not found Fixes: 2bb8ad9b44c5 ("iio: exynos-adc: add experimental touchscreen support") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Link: https://lore.kernel.org/r/20231009101412.916922-1-m.szyprowski@samsung.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iio/adc/exynos_adc.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/drivers/iio/adc/exynos_adc.c b/drivers/iio/adc/exynos_adc.c index 019153882e700..f8324261e74d4 100644 --- a/drivers/iio/adc/exynos_adc.c +++ b/drivers/iio/adc/exynos_adc.c @@ -787,6 +787,12 @@ static int exynos_adc_probe(struct platform_device *pdev) } } + /* leave out any TS related code if unreachable */ + if (IS_REACHABLE(CONFIG_INPUT)) { + has_ts = of_property_read_bool(pdev->dev.of_node, + "has-touchscreen") || pdata; + } + irq = platform_get_irq(pdev, 0); if (irq < 0) { dev_err(&pdev->dev, "no irq resource?\n"); @@ -794,11 +800,15 @@ static int exynos_adc_probe(struct platform_device *pdev) } info->irq = irq; - irq = platform_get_irq(pdev, 1); - if (irq == -EPROBE_DEFER) - return irq; + if (has_ts) { + irq = platform_get_irq(pdev, 1); + if (irq == -EPROBE_DEFER) + return irq; - info->tsirq = irq; + info->tsirq = irq; + } else { + info->tsirq = -1; + } info->dev = &pdev->dev; @@ -865,12 +875,6 @@ static int exynos_adc_probe(struct platform_device *pdev) if (info->data->init_hw) info->data->init_hw(info); - /* leave out any TS related code if unreachable */ - if (IS_REACHABLE(CONFIG_INPUT)) { - has_ts = of_property_read_bool(pdev->dev.of_node, - "has-touchscreen") || pdata; - } - if (pdata) info->delay = pdata->delay; else -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 012/190] selftests/ftrace: Add new test case which checks non unique symbol

by Sasha Levin

From: Francis Laniel <flaniel(a)linux.microsoft.com> [ Upstream commit 03b80ff8023adae6780e491f66e932df8165e3a0 ] If name_show() is non unique, this test will try to install a kprobe on this function which should fail returning EADDRNOTAVAIL. On kernel where name_show() is not unique, this test is skipped. Link: https://lore.kernel.org/all/20231020104250.9537-3-flaniel@linux.microsoft.c… Cc: stable(a)vger.kernel.org Signed-off-by: Francis Laniel <flaniel(a)linux.microsoft.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc new file mode 100644 index 0000000000000..bc9514428dbaf --- /dev/null +++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_non_uniq_symbol.tc @@ -0,0 +1,13 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# description: Test failure of registering kprobe on non unique symbol +# requires: kprobe_events + +SYMBOL='name_show' + +# We skip this test on kernel where SYMBOL is unique or does not exist. +if [ "$(grep -c -E "[[:alnum:]]+ t ${SYMBOL}" /proc/kallsyms)" -le '1' ]; then + exit_unsupported +fi + +! echo "p:test_non_unique ${SYMBOL}" > kprobe_events -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 008/190] iio: addac: stx104: Fix race condition for stx104_write_raw()

by Sasha Levin

From: William Breathitt Gray <william.gray(a)linaro.org> [ Upstream commit 9740827468cea80c42db29e7171a50e99acf7328 ] The priv->chan_out_states array and actual DAC value can become mismatched if stx104_write_raw() is called concurrently. Prevent such a race condition by utilizing a mutex. Fixes: 97a445dad37a ("iio: Add IIO support for the DAC on the Apex Embedded Systems STX104") Signed-off-by: William Breathitt Gray <william.gray(a)linaro.org> Link: https://lore.kernel.org/r/c95c9a77fcef36b2a052282146950f23bbc1ebdc.16807905… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iio/adc/stx104.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/iio/adc/stx104.c b/drivers/iio/adc/stx104.c index 2da741d27540f..edc3b29eed621 100644 --- a/drivers/iio/adc/stx104.c +++ b/drivers/iio/adc/stx104.c @@ -23,6 +23,7 @@ #include <linux/kernel.h> #include <linux/module.h> #include <linux/moduleparam.h> +#include <linux/mutex.h> #include <linux/spinlock.h> #define STX104_OUT_CHAN(chan) { \ @@ -54,10 +55,12 @@ MODULE_PARM_DESC(base, "Apex Embedded Systems STX104 base addresses"); /** * struct stx104_iio - IIO device private data structure + * @lock: synchronization lock to prevent I/O race conditions * @chan_out_states: channels' output states * @base: base port address of the IIO device */ struct stx104_iio { + struct mutex lock; unsigned int chan_out_states[STX104_NUM_OUT_CHAN]; unsigned int base; }; @@ -160,9 +163,12 @@ static int stx104_write_raw(struct iio_dev *indio_dev, if ((unsigned int)val > 65535) return -EINVAL; + mutex_lock(&priv->lock); + priv->chan_out_states[chan->channel] = val; outw(val, priv->base + 4 + 2 * chan->channel); + mutex_unlock(&priv->lock); return 0; } return -EINVAL; @@ -323,6 +329,8 @@ static int stx104_probe(struct device *dev, unsigned int id) priv = iio_priv(indio_dev); priv->base = base[id]; + mutex_init(&priv->lock); + /* configure device for software trigger operation */ outb(0, base[id] + 9); -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 007/190] IMA: allow/fix UML builds

by Sasha Levin

From: Randy Dunlap <rdunlap(a)infradead.org> [ Upstream commit 644f17412f5acf01a19af9d04a921937a2bc86c6 ] UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling NO_IOMEM). Current IMA build on UML fails on allmodconfig (with TCG_TPM=m): ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry': ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend' ld: security/integrity/ima/ima_init.o: in function `ima_init': ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip' ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm': ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read' ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read' Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM is set, regardless of the UML Kconfig setting. This updates TCG_TPM from =m to =y and fixes the linker errors. Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") Cc: Stable <stable(a)vger.kernel.org> # v5.14+ Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: Fabio Estevam <festevam(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Anton Ivanov <anton.ivanov(a)cambridgegreys.com> Cc: Johannes Berg <johannes(a)sipsolutions.net> Cc: linux-um(a)lists.infradead.org Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/integrity/ima/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 6a8f67714c831..a8bf67557eb54 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -8,7 +8,7 @@ config IMA select CRYPTO_MD5 select CRYPTO_SHA1 select CRYPTO_HASH_INFO - select TCG_TPM if HAS_IOMEM && !UML + select TCG_TPM if HAS_IOMEM select TCG_TIS if TCG_TPM && X86 select TCG_CRB if TCG_TPM && ACPI select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 005/190] btrfs: fix extent buffer leak after tree mod log failure at split_node()

by Sasha Levin

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit ede600e497b1461d06d22a7d17703d9096868bc3 ] At split_node(), if we fail to log the tree mod log copy operation, we return without unlocking the split extent buffer we just allocated and without decrementing the reference we own on it. Fix this by unlocking it and decrementing the ref count before returning. Fixes: 5de865eebb83 ("Btrfs: fix tree mod logging") CC: stable(a)vger.kernel.org # 5.4+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/btrfs/ctree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 156716f9e3e21..61ed69c688d58 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -3537,6 +3537,8 @@ static noinline int split_node(struct btrfs_trans_handle *trans, ret = tree_mod_log_eb_copy(fs_info, split, c, 0, mid, c_nritems - mid); if (ret) { + btrfs_tree_unlock(split); + free_extent_buffer(split); btrfs_abort_transaction(trans, ret); return ret; } -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 004/190] pinctrl: amd: Detect internal GPIO0 debounce handling

by Sasha Levin

From: Mario Limonciello <mario.limonciello(a)amd.com> [ Upstream commit 968ab9261627fa305307e3935ca1a32fcddd36cb ] commit 4e5a04be88fe ("pinctrl: amd: disable and mask interrupts on probe") had a mistake in loop iteration 63 that it would clear offset 0xFC instead of 0x100. Offset 0xFC is actually `WAKE_INT_MASTER_REG`. This was clearing bits 13 and 15 from the register which significantly changed the expected handling for some platforms for GPIO0. commit b26cd9325be4 ("pinctrl: amd: Disable and mask interrupts on resume") actually fixed this bug, but lead to regressions on Lenovo Z13 and some other systems. This is because there was no handling in the driver for bit 15 debounce behavior. Quoting a public BKDG: ``` EnWinBlueBtn. Read-write. Reset: 0. 0=GPIO0 detect debounced power button; Power button override is 4 seconds. 1=GPIO0 detect debounced power button in S3/S5/S0i3, and detect "pressed less than 2 seconds" and "pressed 2~10 seconds" in S0; Power button override is 10 seconds ``` Cross referencing the same master register in Windows it's obvious that Windows doesn't use debounce values in this configuration. So align the Linux driver to do this as well. This fixes wake on lid when WAKE_INT_MASTER_REG is properly programmed. Cc: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=217315 Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://lore.kernel.org/r/20230421120625.3366-2-mario.limonciello@amd.com Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pinctrl/pinctrl-amd.c | 7 +++++++ drivers/pinctrl/pinctrl-amd.h | 1 + 2 files changed, 8 insertions(+) diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c index 509ba4bceefcb..41f12fa15143c 100644 --- a/drivers/pinctrl/pinctrl-amd.c +++ b/drivers/pinctrl/pinctrl-amd.c @@ -114,6 +114,12 @@ static int amd_gpio_set_debounce(struct gpio_chip *gc, unsigned offset, struct amd_gpio *gpio_dev = gpiochip_get_data(gc); raw_spin_lock_irqsave(&gpio_dev->lock, flags); + + /* Use special handling for Pin0 debounce */ + pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG); + if (pin_reg & INTERNAL_GPIO0_DEBOUNCE) + debounce = 0; + pin_reg = readl(gpio_dev->base + offset * 4); if (debounce) { @@ -191,6 +197,7 @@ static void amd_gpio_dbg_show(struct seq_file *s, struct gpio_chip *gc) char *output_value; char *output_enable; + seq_printf(s, "WAKE_INT_MASTER_REG: 0x%08x\n", readl(gpio_dev->base + WAKE_INT_MASTER_REG)); for (bank = 0; bank < gpio_dev->hwbank_num; bank++) { seq_printf(s, "GPIO bank%d\t", bank); diff --git a/drivers/pinctrl/pinctrl-amd.h b/drivers/pinctrl/pinctrl-amd.h index 884f48f7a6a36..c6be602c3df73 100644 --- a/drivers/pinctrl/pinctrl-amd.h +++ b/drivers/pinctrl/pinctrl-amd.h @@ -21,6 +21,7 @@ #define AMD_GPIO_PINS_BANK3 32 #define WAKE_INT_MASTER_REG 0xfc +#define INTERNAL_GPIO0_DEBOUNCE (1 << 15) #define EOI_MASK (1 << 29) #define WAKE_INT_STATUS_REG0 0x2f8 -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 4.14-openela 003/190] ALSA: jack: Fix mutex call in snd_jack_report()

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit 89dbb335cb6a627a4067bc42caa09c8bc3326d40 ] snd_jack_report() is supposed to be callable from an IRQ context, too, and it's indeed used in that way from virtsnd driver. The fix for input_dev race in commit 1b6a6fc5280e ("ALSA: jack: Access input_dev under mutex"), however, introduced a mutex lock in snd_jack_report(), and this resulted in a potential sleep-in-atomic. For addressing that problem, this patch changes the relevant code to use the object get/put and removes the mutex usage. That is, snd_jack_report(), it takes input_get_device() and leaves with input_put_device() for assuring the input_dev being assigned. Although the whole mutex could be reduced, we keep it because it can be still a protection for potential races between creation and deletion. Fixes: 1b6a6fc5280e ("ALSA: jack: Access input_dev under mutex") Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/r/cf95f7fe-a748-4990-8378-000491b40329@moroto.mount… Tested-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20230706155357.3470-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/core/jack.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/sound/core/jack.c b/sound/core/jack.c index d2f9a92453f2f..6340de60f26ef 100644 --- a/sound/core/jack.c +++ b/sound/core/jack.c @@ -378,6 +378,7 @@ void snd_jack_report(struct snd_jack *jack, int status) { struct snd_jack_kctl *jack_kctl; #ifdef CONFIG_SND_JACK_INPUT_DEV + struct input_dev *idev; int i; #endif @@ -389,30 +390,28 @@ void snd_jack_report(struct snd_jack *jack, int status) status & jack_kctl->mask_bits); #ifdef CONFIG_SND_JACK_INPUT_DEV - mutex_lock(&jack->input_dev_lock); - if (!jack->input_dev) { - mutex_unlock(&jack->input_dev_lock); + idev = input_get_device(jack->input_dev); + if (!idev) return; - } for (i = 0; i < ARRAY_SIZE(jack->key); i++) { int testbit = SND_JACK_BTN_0 >> i; if (jack->type & testbit) - input_report_key(jack->input_dev, jack->key[i], + input_report_key(idev, jack->key[i], status & testbit); } for (i = 0; i < ARRAY_SIZE(jack_switch_types); i++) { int testbit = 1 << i; if (jack->type & testbit) - input_report_switch(jack->input_dev, + input_report_switch(idev, jack_switch_types[i], status & testbit); } - input_sync(jack->input_dev); - mutex_unlock(&jack->input_dev_lock); + input_sync(idev); + input_put_device(idev); #endif /* CONFIG_SND_JACK_INPUT_DEV */ } EXPORT_SYMBOL(snd_jack_report); -- 2.43.0

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040520-unselect-antitrust-a41b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 5 months

4
14
0 0

Re: Patch "arm64: dts: qcom: Add support for Xiaomi Redmi Note 9S" has been added to the 6.8-stable tree

by Konrad Dybcio

On 4/10/24 17:57, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > arm64: dts: qcom: Add support for Xiaomi Redmi Note 9S autosel has been reeaaaaaly going over the top lately, particularly with dts patches.. I'm not sure adding support for a device is something that should go to stable Konrad

1 year, 5 months

6
9
0 0

[PATCH v5] mtd: limit OTP NVMEM cell parse to non-NAND devices

by Christian Marangi

MTD OTP logic is very fragile on parsing NVMEM cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- To backport this to v6.6 and previous, config.no_of_node = mtd_type_is_nand(mtd); should be used as it does pose the same usage of add_legacy_fixed_of_cells. Changes v5: - Lower case of cell and use non-NAND Changes v4: - Add info on how to backport this to previous kernel - Fix Fixes tag - Reformat commit description as it was unprecise and had false statement Changes v3: - Fix commit description Changes v2: - Use mtd_type_is_nand instead of node name check drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 5 months

2
1
0 0

[PATCH AUTOSEL 4.19 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index 2399d500b8812..8970d4b3b42c3 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -216,7 +216,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -694,7 +694,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -703,7 +703,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 5 months

1
3
0 0

[PATCH AUTOSEL 5.4 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index 22104cb84b1ca..efa8fb59d3ad2 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -201,7 +201,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -679,7 +679,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 5 months

1
3
0 0

[PATCH AUTOSEL 5.10 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index b67617b68e509..f4437015d43a7 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -202,7 +202,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -697,7 +697,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 5 months

1
3
0 0

[PATCH AUTOSEL 5.15 1/4] ALSA: line6: Zero-initialize message buffers

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit c4e51e424e2c772ce1836912a8b0b87cd61bc9d5 ] For shutting up spurious KMSAN uninit-value warnings, just replace kmalloc() calls with kzalloc() for the buffers used for communications. There should be no real issue with the original code, but it's still better to cover. Reported-by: syzbot+7fb05ccf7b3d2f9617b3(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000084b18706150bcca5@google.com Message-ID: <20240402063628.26609-1-tiwai(a)suse.de> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/line6/driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c index b67617b68e509..f4437015d43a7 100644 --- a/sound/usb/line6/driver.c +++ b/sound/usb/line6/driver.c @@ -202,7 +202,7 @@ int line6_send_raw_message_async(struct usb_line6 *line6, const char *buffer, struct urb *urb; /* create message: */ - msg = kmalloc(sizeof(struct message), GFP_ATOMIC); + msg = kzalloc(sizeof(struct message), GFP_ATOMIC); if (msg == NULL) return -ENOMEM; @@ -688,7 +688,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) int ret; /* initialize USB buffers: */ - line6->buffer_listen = kmalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); + line6->buffer_listen = kzalloc(LINE6_BUFSIZE_LISTEN, GFP_KERNEL); if (!line6->buffer_listen) return -ENOMEM; @@ -697,7 +697,7 @@ static int line6_init_cap_control(struct usb_line6 *line6) return -ENOMEM; if (line6->properties->capabilities & LINE6_CAP_CONTROL_MIDI) { - line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); + line6->buffer_message = kzalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL); if (!line6->buffer_message) return -ENOMEM; -- 2.43.0

1 year, 5 months

1
3
0 0

[PATCH AUTOSEL 6.1 1/6] scsi: ufs: core: WLUN suspend dev/link state error recovery

by Sasha Levin

From: Peter Wang <peter.wang(a)mediatek.com> [ Upstream commit 6bc5e70b1c792b31b497e48b4668a9a2909aca0d ] When wl suspend error occurs, for example BKOP or SSU timeout, the host triggers an error handler and returns -EBUSY to break the wl suspend process. However, it is possible for the runtime PM to enter wl suspend again before the error handler has finished, and return -EINVAL because the device is in an error state. To address this, ensure that the rumtime PM waits for the error handler to finish, or trigger the error handler in such cases, because returning -EINVAL can cause the I/O to hang. Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> Link: https://lore.kernel.org/r/20240329015036.15707-1-peter.wang@mediatek.com Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ufs/core/ufshcd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index f3c25467e571f..948449a13247c 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -9044,7 +9044,10 @@ static int __ufshcd_wl_suspend(struct ufs_hba *hba, enum ufs_pm_op pm_op) /* UFS device & link must be active before we enter in this function */ if (!ufshcd_is_ufs_dev_active(hba) || !ufshcd_is_link_active(hba)) { - ret = -EINVAL; + /* Wait err handler finish or trigger err recovery */ + if (!ufshcd_eh_in_progress(hba)) + ufshcd_force_error_recovery(hba); + ret = -EBUSY; goto enable_scaling; } -- 2.43.0

1 year, 5 months

1
5
0 0

[PATCH AUTOSEL 6.6 01/12] ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend

by Sasha Levin

From: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> [ Upstream commit c61115b37ff964d63191dbf4a058f481daabdf57 ] SoCs with ACE architecture are tailored to use s2idle instead deep (S3) suspend state and the IMR content is lost when the system is forced to enter even to S3. When waking up from S3 state the IMR boot will fail as the content is lost. Set the skip_imr_boot flag to make sure that we don't try IMR in this case. Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Rander Wang <rander.wang(a)intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Link: https://msgid.link/r/20240322112504.4192-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/intel/hda-dsp.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sound/soc/sof/intel/hda-dsp.c b/sound/soc/sof/intel/hda-dsp.c index 44f39a520bb39..e80a2a5ec56a1 100644 --- a/sound/soc/sof/intel/hda-dsp.c +++ b/sound/soc/sof/intel/hda-dsp.c @@ -681,17 +681,27 @@ static int hda_suspend(struct snd_sof_dev *sdev, bool runtime_suspend) struct sof_intel_hda_dev *hda = sdev->pdata->hw_pdata; const struct sof_intel_dsp_desc *chip = hda->desc; struct hdac_bus *bus = sof_to_bus(sdev); + bool imr_lost = false; int ret, j; /* - * The memory used for IMR boot loses its content in deeper than S3 state - * We must not try IMR boot on next power up (as it will fail). - * + * The memory used for IMR boot loses its content in deeper than S3 + * state on CAVS platforms. + * On ACE platforms due to the system architecture the IMR content is + * lost at S3 state already, they are tailored for s2idle use. + * We must not try IMR boot on next power up in these cases as it will + * fail. + */ + if (sdev->system_suspend_target > SOF_SUSPEND_S3 || + (chip->hw_ip_version >= SOF_INTEL_ACE_1_0 && + sdev->system_suspend_target == SOF_SUSPEND_S3)) + imr_lost = true; + + /* * In case of firmware crash or boot failure set the skip_imr_boot to true * as well in order to try to re-load the firmware to do a 'cold' boot. */ - if (sdev->system_suspend_target > SOF_SUSPEND_S3 || - sdev->fw_state == SOF_FW_CRASHED || + if (imr_lost || sdev->fw_state == SOF_FW_CRASHED || sdev->fw_state == SOF_FW_BOOT_FAILED) hda->skip_imr_boot = true; -- 2.43.0

1 year, 5 months

1
11
0 0

[PATCH AUTOSEL 6.8 01/15] ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend

by Sasha Levin

From: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> [ Upstream commit c61115b37ff964d63191dbf4a058f481daabdf57 ] SoCs with ACE architecture are tailored to use s2idle instead deep (S3) suspend state and the IMR content is lost when the system is forced to enter even to S3. When waking up from S3 state the IMR boot will fail as the content is lost. Set the skip_imr_boot flag to make sure that we don't try IMR in this case. Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Rander Wang <rander.wang(a)intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Link: https://msgid.link/r/20240322112504.4192-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/intel/hda-dsp.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sound/soc/sof/intel/hda-dsp.c b/sound/soc/sof/intel/hda-dsp.c index 2445ae7f6b2e9..1506982a56c30 100644 --- a/sound/soc/sof/intel/hda-dsp.c +++ b/sound/soc/sof/intel/hda-dsp.c @@ -681,17 +681,27 @@ static int hda_suspend(struct snd_sof_dev *sdev, bool runtime_suspend) struct sof_intel_hda_dev *hda = sdev->pdata->hw_pdata; const struct sof_intel_dsp_desc *chip = hda->desc; struct hdac_bus *bus = sof_to_bus(sdev); + bool imr_lost = false; int ret, j; /* - * The memory used for IMR boot loses its content in deeper than S3 state - * We must not try IMR boot on next power up (as it will fail). - * + * The memory used for IMR boot loses its content in deeper than S3 + * state on CAVS platforms. + * On ACE platforms due to the system architecture the IMR content is + * lost at S3 state already, they are tailored for s2idle use. + * We must not try IMR boot on next power up in these cases as it will + * fail. + */ + if (sdev->system_suspend_target > SOF_SUSPEND_S3 || + (chip->hw_ip_version >= SOF_INTEL_ACE_1_0 && + sdev->system_suspend_target == SOF_SUSPEND_S3)) + imr_lost = true; + + /* * In case of firmware crash or boot failure set the skip_imr_boot to true * as well in order to try to re-load the firmware to do a 'cold' boot. */ - if (sdev->system_suspend_target > SOF_SUSPEND_S3 || - sdev->fw_state == SOF_FW_CRASHED || + if (imr_lost || sdev->fw_state == SOF_FW_CRASHED || sdev->fw_state == SOF_FW_BOOT_FAILED) hda->skip_imr_boot = true; -- 2.43.0

1 year, 5 months

1
14
0 0

[PATCH] fuse: fix leaked ENOSYS error on first statx call

by Danny Lin

FUSE attempts to detect server support for statx by trying it once and setting no_statx=1 if it fails with ENOSYS, but consider the following scenario: - Userspace (e.g. sh) calls stat() on a file * succeeds - Userspace (e.g. lsd) calls statx(BTIME) on the same file - request_mask = STATX_BASIC_STATS | STATX_BTIME - first pass: sync=true due to differing cache_mask - statx fails and returns ENOSYS - set no_statx and retry - retry sets mask = STATX_BASIC_STATS - now mask == cache_mask; sync=false (time_before: still valid) - so we take the "else if (stat)" path - "err" is still ENOSYS from the failed statx call Fix this by zeroing "err" before retrying the failed call. Fixes: d3045530bdd2 ("fuse: implement statx") Cc: stable(a)vger.kernel.org # v6.6 Signed-off-by: Danny Lin <danny(a)orbstack.dev> --- fs/fuse/dir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index de452cdbf3cf..a63125ce70a4 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1362,6 +1362,7 @@ static int fuse_update_get_attr(struct inode *inode, struct file *file, err = fuse_do_statx(inode, file, stat); if (err == -ENOSYS) { fc->no_statx = 1; + err = 0; goto retry; } } else { -- 2.44.0

1 year, 5 months

2
1
0 0

[PATCH 1/2] USB: serial: option: add Lonsung U8300/U9300 product Update the USB serial option driver to support Longsung U8300/U9300.

by Coia Prant

ID 1c9e:9b05 OMEGA TECHNOLOGY (U8300) ID 1c9e:9b3c OMEGA TECHNOLOGY (U9300) U8300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=option, 480M (Debug) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 5, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b05 OMEGA TECHNOLOGY U9300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b3c OMEGA TECHNOLOGY Tested successfully using Modem Manager on U9300. Tested successfully AT commands using If=1, If=2 and If=3 on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/usb/serial/option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..27a116901459 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -412,6 +412,10 @@ static void option_instat_callback(struct urb *urb); */ #define LONGCHEER_VENDOR_ID 0x1c9e +/* Longsung products */ +#define LONGSUNG_U8300_PRODUCT_ID 0x9b05 +#define LONGSUNG_U9300_PRODUCT_ID 0x9b3c + /* 4G Systems products */ /* This one was sold as the VW and Skoda "Carstick LTE" */ #define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 @@ -2054,6 +2058,10 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U8300_PRODUCT_ID), + .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U9300_PRODUCT_ID), + .driver_info = RSVD(0) | RSVD(4) }, { USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) }, { USB_DEVICE_AND_INTERFACE_INFO(HAIER_VENDOR_ID, HAIER_PRODUCT_CE81B, 0xff, 0xff, 0xff) }, /* Pirelli */ -- 2.39.2

1 year, 5 months

3
2
0 0

[PATCH v2 01/43] drm/fbdev-generic: Do not set physical framebuffer address

by Thomas Zimmermann

Framebuffer memory is allocated via vzalloc() from non-contiguous physical pages. The physical framebuffer start address is therefore meaningless. Do not set it. The value is not used within the kernel and only exported to userspace on dedicated ARM configs. No functional change is expected. v2: - refer to vzalloc() in commit message (Javier) Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: a5b44c4adb16 ("drm/fbdev-generic: Always use shadow buffering") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Zack Rusin <zackr(a)vmware.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v6.4+ Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Reviewed-by: Zack Rusin <zack.rusin(a)broadcom.com> Reviewed-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> Tested-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> --- drivers/gpu/drm/drm_fbdev_generic.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/drm_fbdev_generic.c b/drivers/gpu/drm/drm_fbdev_generic.c index be357f926faec..97e579c33d84a 100644 --- a/drivers/gpu/drm/drm_fbdev_generic.c +++ b/drivers/gpu/drm/drm_fbdev_generic.c @@ -113,7 +113,6 @@ static int drm_fbdev_generic_helper_fb_probe(struct drm_fb_helper *fb_helper, /* screen */ info->flags |= FBINFO_VIRTFB | FBINFO_READS_FAST; info->screen_buffer = screen_buffer; - info->fix.smem_start = page_to_phys(vmalloc_to_page(info->screen_buffer)); info->fix.smem_len = screen_size; /* deferred I/O */ -- 2.44.0

1 year, 5 months

2
1
0 0

[PATCH] drm/mst: Fix NULL pointer dereference in drm_dp_add_payload_part2 (again)

by Jeff Mahoney

Commit 54d217406afe (drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2) appears to have been accidentially reverted as part of commit 5aa1dfcdf0a42 (drm/mst: Refactor the flow for payload allocation/removement). I've been seeing NULL pointer dereferences in drm_dp_add_payload_part2 due to state->dev being NULL in the debug message printed if the payload allocation has failed. This commit restores mgr->dev to avoid the Oops. Fixes: 5aa1dfcdf0a42 ("drm/mst: Refactor the flow for payload allocation/removement") Cc: stable(a)vger.kernel.org Signed-off-by: Jeff Mahoney <jeffm(a)suse.com> --- drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index 03d528209426..3dc966f25c0c 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -3437,7 +3437,7 @@ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr, /* Skip failed payloads */ if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) { - drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n", + drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n", payload->port->connector->name); return -EIO; } -- 2.44.0

1 year, 5 months

2
2
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041448-washcloth-flanked-1878@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 5 months

1
0
0 0

6.8.3+ panic at boot with CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y

by Mihai Moldovan

Hi Since you backported 41044b41ad2c8c8165a42ec6e9a4096826dcf153 to 6.8.3 and higher, the kernel crashes hard on boot if BTRFS's sanity checks have been enabled (CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y). Please backport b2136cc288fce2f24a92f3d656531b2d50ebec5a to the stable/mainline series fix this issue. Best regards Mihai Moldovan

1 year, 5 months

2
1
0 0

[PATCH] media: cec: core: remove length check of Timer Status solution applies to 5.4 and 4.19

by Nini Song (宋宛妮)

Hi @stable@vger.kernel.org<mailto:stable@vger.kernel.org> This patch has been merged in mainline as commit ce5d241c3ad45. [patch diff] [cid:image001.png@01DA8D04.BCD8A070] Because of our customer used v5.15, v5.4 and 4.19 for MP production, which requires this solution. We need your help apply the patch in v5.15, v5.4 and 4.19. Thanks! BR, Nini Song

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] r8169: fix LED-related deadlock on module removal" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 19fa4f2a85d777a8052e869c1b892a2f7556569d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041459-lagging-tiny-7189@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 19fa4f2a85d7 ("r8169: fix LED-related deadlock on module removal") be51ed104ba9 ("r8169: add LED support for RTL8125/RTL8126") 3907f1ffc0ec ("r8169: add support for RTL8126A") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19fa4f2a85d777a8052e869c1b892a2f7556569d Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Mon, 8 Apr 2024 20:47:40 +0200 Subject: [PATCH] r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on module removal we get a RTNL-related deadlock. Fix this by avoiding the device-managed LED functions. Note: We can safely call led_classdev_unregister() for a LED even if registering it failed, because led_classdev_unregister() detects this and is a no-op in this case. Fixes: 18764b883e15 ("r8169: add support for LED's on RTL8168/RTL8101") Cc: stable(a)vger.kernel.org Reported-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/realtek/r8169.h b/drivers/net/ethernet/realtek/r8169.h index 4c043052198d..00882ffc7a02 100644 --- a/drivers/net/ethernet/realtek/r8169.h +++ b/drivers/net/ethernet/realtek/r8169.h @@ -73,6 +73,7 @@ enum mac_version { }; struct rtl8169_private; +struct r8169_led_classdev; void r8169_apply_firmware(struct rtl8169_private *tp); u16 rtl8168h_2_get_adc_bias_ioffset(struct rtl8169_private *tp); @@ -84,7 +85,8 @@ void r8169_get_led_name(struct rtl8169_private *tp, int idx, char *buf, int buf_len); int rtl8168_get_led_mode(struct rtl8169_private *tp); int rtl8168_led_mod_ctrl(struct rtl8169_private *tp, u16 mask, u16 val); -void rtl8168_init_leds(struct net_device *ndev); +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev); int rtl8125_get_led_mode(struct rtl8169_private *tp, int index); int rtl8125_set_led_mode(struct rtl8169_private *tp, int index, u16 mode); -void rtl8125_init_leds(struct net_device *ndev); +struct r8169_led_classdev *rtl8125_init_leds(struct net_device *ndev); +void r8169_remove_leds(struct r8169_led_classdev *leds); diff --git a/drivers/net/ethernet/realtek/r8169_leds.c b/drivers/net/ethernet/realtek/r8169_leds.c index 7c5dc9d0df85..e10bee706bc6 100644 --- a/drivers/net/ethernet/realtek/r8169_leds.c +++ b/drivers/net/ethernet/realtek/r8169_leds.c @@ -146,22 +146,22 @@ static void rtl8168_setup_ldev(struct r8169_led_classdev *ldev, led_cdev->hw_control_get_device = r8169_led_hw_control_get_device; /* ignore errors */ - devm_led_classdev_register(&ndev->dev, led_cdev); + led_classdev_register(&ndev->dev, led_cdev); } -void rtl8168_init_leds(struct net_device *ndev) +struct r8169_led_classdev *rtl8168_init_leds(struct net_device *ndev) { - /* bind resource mgmt to netdev */ - struct device *dev = &ndev->dev; struct r8169_led_classdev *leds; int i; - leds = devm_kcalloc(dev, RTL8168_NUM_LEDS, sizeof(*leds), GFP_KERNEL); + leds = kcalloc(RTL8168_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL); if (!leds) - return; + return NULL; for (i = 0; i < RTL8168_NUM_LEDS; i++) rtl8168_setup_ldev(leds + i, ndev, i); + + return leds; } static int rtl8125_led_hw_control_is_supported(struct led_classdev *led_cdev, @@ -245,20 +245,31 @@ static void rtl8125_setup_led_ldev(struct r8169_led_classdev *ldev, led_cdev->hw_control_get_device = r8169_led_hw_control_get_device; /* ignore errors */ - devm_led_classdev_register(&ndev->dev, led_cdev); + led_classdev_register(&ndev->dev, led_cdev); } -void rtl8125_init_leds(struct net_device *ndev) +struct r8169_led_classdev *rtl8125_init_leds(struct net_device *ndev) { - /* bind resource mgmt to netdev */ - struct device *dev = &ndev->dev; struct r8169_led_classdev *leds; int i; - leds = devm_kcalloc(dev, RTL8125_NUM_LEDS, sizeof(*leds), GFP_KERNEL); + leds = kcalloc(RTL8125_NUM_LEDS + 1, sizeof(*leds), GFP_KERNEL); if (!leds) - return; + return NULL; for (i = 0; i < RTL8125_NUM_LEDS; i++) rtl8125_setup_led_ldev(leds + i, ndev, i); + + return leds; +} + +void r8169_remove_leds(struct r8169_led_classdev *leds) +{ + if (!leds) + return; + + for (struct r8169_led_classdev *l = leds; l->ndev; l++) + led_classdev_unregister(&l->led); + + kfree(leds); } diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 6f1e6f386b7b..8a27328eae34 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -647,6 +647,8 @@ struct rtl8169_private { const char *fw_name; struct rtl_fw *rtl_fw; + struct r8169_led_classdev *leds; + u32 ocp_base; }; @@ -5044,6 +5046,8 @@ static void rtl_remove_one(struct pci_dev *pdev) cancel_work_sync(&tp->wk.work); + r8169_remove_leds(tp->leds); + unregister_netdev(tp->dev); if (tp->dash_type != RTL_DASH_NONE) @@ -5501,9 +5505,9 @@ static int rtl_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) if (IS_ENABLED(CONFIG_R8169_LEDS)) { if (rtl_is_8125(tp)) - rtl8125_init_leds(dev); + tp->leds = rtl8125_init_leds(dev); else if (tp->mac_version > RTL_GIGA_MAC_VER_06) - rtl8168_init_leds(dev); + tp->leds = rtl8168_init_leds(dev); } netdev_info(dev, "%s, %pM, XID %03x, IRQ %d\n",

1 year, 5 months

1
0
0 0

S4 fix for Phoenix laptops

by Mario Limonciello

Hi, This fix was sent out for fixing S4 under stress on some Phoenix laptops. 31729e8c21ec ("drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11") David Markey confirmed[1] it helps Framework 13 under S4 stress testing. Can you please bring it to 6.1.y and later? [1] https://community.frame.work/t/responded-arch-hibernation-woes-on-amd-13/45… Thanks

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b372e96bd0a32729d55d27f613c8bc80708a82e1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041442-grumble-saggy-01f0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b372e96bd0a32729d55d27f613c8bc80708a82e1 Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb(a)suse.de> Date: Mon, 25 Mar 2024 09:21:20 +1100 Subject: [PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE The page has been marked clean before writepage is called. If we don't redirty it before postponing the write, it might never get written. Cc: stable(a)vger.kernel.org Fixes: 503d4fa6ee28 ("ceph: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Reviewed-by: Xiubo Li <xiubli(a)redhat.org> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 1340d77124ae..ee9caf7916fb 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -795,8 +795,10 @@ static int ceph_writepage(struct page *page, struct writeback_control *wbc) ihold(inode); if (wbc->sync_mode == WB_SYNC_NONE && - ceph_inode_to_fs_client(inode)->write_congested) + ceph_inode_to_fs_client(inode)->write_congested) { + redirty_page_for_writepage(wbc, page); return AOP_WRITEPAGE_ACTIVATE; + } wait_on_page_fscache(page);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b372e96bd0a32729d55d27f613c8bc80708a82e1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041441-unabashed-swarm-244d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b372e96bd0a32729d55d27f613c8bc80708a82e1 Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb(a)suse.de> Date: Mon, 25 Mar 2024 09:21:20 +1100 Subject: [PATCH] ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE The page has been marked clean before writepage is called. If we don't redirty it before postponing the write, it might never get written. Cc: stable(a)vger.kernel.org Fixes: 503d4fa6ee28 ("ceph: remove reliance on bdi congestion") Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Reviewed-by: Xiubo Li <xiubli(a)redhat.org> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 1340d77124ae..ee9caf7916fb 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -795,8 +795,10 @@ static int ceph_writepage(struct page *page, struct writeback_control *wbc) ihold(inode); if (wbc->sync_mode == WB_SYNC_NONE && - ceph_inode_to_fs_client(inode)->write_congested) + ceph_inode_to_fs_client(inode)->write_congested) { + redirty_page_for_writepage(wbc, page); return AOP_WRITEPAGE_ACTIVATE; + } wait_on_page_fscache(page);

1 year, 5 months

1
0
0 0

Add commit "eed14eb48ee1 drm/amdgpu/vpe: power on vpe when hw_init" to kernel 6.8.y

by Gong, Richard

Hi, The commit below resolves s2idle failure on processor for AMD Family 1Ah Model 20h, eed14eb48ee1 drm/amdgpu/vpe: power on vpe when hw_init Please add this commit to stable kernel 6.8.y. Thanks! Regards, Richard

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041458-gurgle-mulled-5492@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: instantiate when creating SFU files" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c6ff459037b2e35450af2351037eac4c8aca1d6b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041457-sequester-eclipse-f130@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6ff459037b2e35450af2351037eac4c8aca1d6b Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 9 Apr 2024 11:28:59 -0300 Subject: [PATCH] smb: client: instantiate when creating SFU files In cifs_sfu_make_node(), on success, instantiate rather than leave it with dentry unhashed negative to support callers that expect mknod(2) to always instantiate. This fixes the following test case: mount.cifs //srv/share /mnt -o ...,sfu mkfifo /mnt/fifo ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo ... BUG: unable to handle page fault for address: 000000034cec4e58 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP PTI CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted 5.14.0-436.3987_1240945149.el9.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20 Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8 d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04 fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206 RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000 RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200 R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000 FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __mutex_lock.constprop.0+0x5f7/0x6a0 ? __die_body.cold+0x8/0xd ? page_fault_oops+0x134/0x170 ? exc_page_fault+0x62/0x150 ? asm_exc_page_fault+0x22/0x30 ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10 __mutex_lock.constprop.0+0x5f7/0x6a0 ? __mod_memcg_lruvec_state+0x84/0xd0 pipe_write+0x47/0x650 ? do_anonymous_page+0x258/0x410 ? inode_security+0x22/0x60 ? selinux_file_permission+0x108/0x150 vfs_write+0x2cb/0x410 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0xf0 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x6b/0xf0 ? sched_clock_cpu+0x9/0xc0 ? exc_page_fault+0x62/0x150 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Cc: stable(a)vger.kernel.org Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index b156eefa75d7..78c94d0350fe 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4964,68 +4964,84 @@ static int smb2_next_header(struct TCP_Server_Info *server, char *buf, return 0; } -int cifs_sfu_make_node(unsigned int xid, struct inode *inode, - struct dentry *dentry, struct cifs_tcon *tcon, - const char *full_path, umode_t mode, dev_t dev) +static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) { - struct cifs_open_info_data buf = {}; struct TCP_Server_Info *server = tcon->ses->server; struct cifs_open_parms oparms; struct cifs_io_parms io_parms = {}; struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb); struct cifs_fid fid; unsigned int bytes_written; - struct win_dev *pdev; + struct win_dev pdev = {}; struct kvec iov[2]; __u32 oplock = server->oplocks ? REQ_OPLOCK : 0; int rc; - if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode)) + switch (mode & S_IFMT) { + case S_IFCHR: + strscpy(pdev.type, "IntxCHR"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFBLK: + strscpy(pdev.type, "IntxBLK"); + pdev.major = cpu_to_le64(MAJOR(dev)); + pdev.minor = cpu_to_le64(MINOR(dev)); + break; + case S_IFIFO: + strscpy(pdev.type, "LnxFIFO"); + break; + default: return -EPERM; + } - oparms = (struct cifs_open_parms) { - .tcon = tcon, - .cifs_sb = cifs_sb, - .desired_access = GENERIC_WRITE, - .create_options = cifs_create_options(cifs_sb, CREATE_NOT_DIR | - CREATE_OPTION_SPECIAL), - .disposition = FILE_CREATE, - .path = full_path, - .fid = &fid, - }; + oparms = CIFS_OPARMS(cifs_sb, tcon, full_path, GENERIC_WRITE, + FILE_CREATE, CREATE_NOT_DIR | + CREATE_OPTION_SPECIAL, ACL_NO_MODE); + oparms.fid = &fid; - rc = server->ops->open(xid, &oparms, &oplock, &buf); + rc = server->ops->open(xid, &oparms, &oplock, NULL); if (rc) return rc; - /* - * BB Do not bother to decode buf since no local inode yet to put - * timestamps in, but we can reuse it safely. - */ - pdev = (struct win_dev *)&buf.fi; io_parms.pid = current->tgid; io_parms.tcon = tcon; - io_parms.length = sizeof(*pdev); - iov[1].iov_base = pdev; - iov[1].iov_len = sizeof(*pdev); - if (S_ISCHR(mode)) { - memcpy(pdev->type, "IntxCHR", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISBLK(mode)) { - memcpy(pdev->type, "IntxBLK", 8); - pdev->major = cpu_to_le64(MAJOR(dev)); - pdev->minor = cpu_to_le64(MINOR(dev)); - } else if (S_ISFIFO(mode)) { - memcpy(pdev->type, "LnxFIFO", 8); - } + io_parms.length = sizeof(pdev); + iov[1].iov_base = &pdev; + iov[1].iov_len = sizeof(pdev); rc = server->ops->sync_write(xid, &fid, &io_parms, &bytes_written, iov, 1); server->ops->close(xid, tcon, &fid); - d_drop(dentry); - /* FIXME: add code here to set EAs */ - cifs_free_open_info(&buf); + return rc; +} + +int cifs_sfu_make_node(unsigned int xid, struct inode *inode, + struct dentry *dentry, struct cifs_tcon *tcon, + const char *full_path, umode_t mode, dev_t dev) +{ + struct inode *new = NULL; + int rc; + + rc = __cifs_sfu_make_node(xid, inode, dentry, tcon, + full_path, mode, dev); + if (rc) + return rc; + + if (tcon->posix_extensions) { + rc = smb311_posix_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid); + } else if (tcon->unix_ext) { + rc = cifs_get_inode_info_unix(&new, full_path, + inode->i_sb, xid); + } else { + rc = cifs_get_inode_info(&new, full_path, NULL, + inode->i_sb, xid, NULL); + } + if (!rc) + d_instantiate(dentry, new); return rc; }

1 year, 5 months

1
0
0 0

[PATCH v3] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- v3: - add NULL pointer check in memblock_free_late() path. v2: - add an early flag in xbc_free_mem() to free memory back to memblock in xbc_init error path or put memory to buddy allocator in normal xbc_exit. --- include/linux/bootconfig.h | 7 ++++++- lib/bootconfig.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h index e5ee2c694401..3f4b4ac527ca 100644 --- a/include/linux/bootconfig.h +++ b/include/linux/bootconfig.h @@ -288,7 +288,12 @@ int __init xbc_init(const char *buf, size_t size, const char **emsg, int *epos); int __init xbc_get_info(int *node_size, size_t *data_size); /* XBC cleanup data structures */ -void __init xbc_exit(void); +void __init _xbc_exit(bool early); + +static inline void xbc_exit(void) +{ + _xbc_exit(false); +} /* XBC embedded bootconfig data in kernel */ #ifdef CONFIG_BOOT_CONFIG_EMBED diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..8841554432d5 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_mem(size_t size) return memblock_alloc(size, SMP_CACHE_BYTES); } -static inline void __init xbc_free_mem(void *addr, size_t size) +static inline void __init xbc_free_mem(void *addr, size_t size, bool early) { - memblock_free(addr, size); + if (early) + memblock_free(addr, size); + else if (addr) + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ @@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t size) return malloc(size); } -static inline void xbc_free_mem(void *addr, size_t size) +static inline void xbc_free_mem(void *addr, size_t size, bool early) { free(addr); } @@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void) * If you need to reuse xbc_init() with new boot config, you can * use this. */ -void __init xbc_exit(void) +void __init _xbc_exit(bool early) { - xbc_free_mem(xbc_data, xbc_data_size); + xbc_free_mem(xbc_data, xbc_data_size, early); xbc_data = NULL; xbc_data_size = 0; xbc_node_num = 0; - xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX); + xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early); xbc_nodes = NULL; brace_index = 0; } @@ -963,7 +966,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) if (!xbc_nodes) { if (emsg) *emsg = "Failed to allocate bootconfig nodes"; - xbc_exit(); + _xbc_exit(true); return -ENOMEM; } memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX); @@ -977,7 +980,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) *epos = xbc_err_pos; if (emsg) *emsg = xbc_err_msg; - xbc_exit(); + _xbc_exit(true); } else ret = xbc_node_num; -- 2.39.2

1 year, 5 months

2
1
0 0

[PATCH v2] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- v2: - add an early flag in xbc_free_mem() to free memory back to memblock in xbc_init error path or put memory to buddy allocator in normal xbc_exit. --- include/linux/bootconfig.h | 7 ++++++- lib/bootconfig.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/include/linux/bootconfig.h b/include/linux/bootconfig.h index e5ee2c694401..3f4b4ac527ca 100644 --- a/include/linux/bootconfig.h +++ b/include/linux/bootconfig.h @@ -288,7 +288,12 @@ int __init xbc_init(const char *buf, size_t size, const char **emsg, int *epos); int __init xbc_get_info(int *node_size, size_t *data_size); /* XBC cleanup data structures */ -void __init xbc_exit(void); +void __init _xbc_exit(bool early); + +static inline void xbc_exit(void) +{ + _xbc_exit(false); +} /* XBC embedded bootconfig data in kernel */ #ifdef CONFIG_BOOT_CONFIG_EMBED diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..f9a45adc6307 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -61,9 +61,12 @@ static inline void * __init xbc_alloc_mem(size_t size) return memblock_alloc(size, SMP_CACHE_BYTES); } -static inline void __init xbc_free_mem(void *addr, size_t size) +static inline void __init xbc_free_mem(void *addr, size_t size, bool early) { - memblock_free(addr, size); + if (early) + memblock_free(addr, size); + else + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ @@ -73,7 +76,7 @@ static inline void *xbc_alloc_mem(size_t size) return malloc(size); } -static inline void xbc_free_mem(void *addr, size_t size) +static inline void xbc_free_mem(void *addr, size_t size, bool early) { free(addr); } @@ -904,13 +907,13 @@ static int __init xbc_parse_tree(void) * If you need to reuse xbc_init() with new boot config, you can * use this. */ -void __init xbc_exit(void) +void __init _xbc_exit(bool early) { - xbc_free_mem(xbc_data, xbc_data_size); + xbc_free_mem(xbc_data, xbc_data_size, early); xbc_data = NULL; xbc_data_size = 0; xbc_node_num = 0; - xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX); + xbc_free_mem(xbc_nodes, sizeof(struct xbc_node) * XBC_NODE_MAX, early); xbc_nodes = NULL; brace_index = 0; } @@ -963,7 +966,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) if (!xbc_nodes) { if (emsg) *emsg = "Failed to allocate bootconfig nodes"; - xbc_exit(); + _xbc_exit(true); return -ENOMEM; } memset(xbc_nodes, 0, sizeof(struct xbc_node) * XBC_NODE_MAX); @@ -977,7 +980,7 @@ int __init xbc_init(const char *data, size_t size, const char **emsg, int *epos) *epos = xbc_err_pos; if (emsg) *emsg = xbc_err_msg; - xbc_exit(); + _xbc_exit(true); } else ret = xbc_node_num; -- 2.39.2

1 year, 5 months

3
3
0 0

Linux 6.8.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.6 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 + arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 + arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 28 +++ arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 17 ++ arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 18 ++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 + arch/x86/entry/vdso/Makefile | 10 - arch/x86/events/amd/lbr.c | 6 arch/x86/include/asm/xen/hypervisor.h | 5 arch/x86/pci/fixup.c | 48 +++++ arch/x86/platform/pvh/enlighten.c | 3 arch/x86/xen/enlighten.c | 32 +++ arch/x86/xen/enlighten_pvh.c | 68 ++++++++ arch/x86/xen/setup.c | 44 ----- arch/x86/xen/xen-ops.h | 14 + block/blk-stat.c | 2 drivers/accel/habanalabs/common/habanalabs.h | 2 drivers/acpi/resource.c | 7 drivers/acpi/sleep.c | 12 - drivers/acpi/x86/utils.c | 38 ++++ drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 - drivers/bus/mhi/host/pm.c | 20 ++ drivers/cpufreq/cpufreq.c | 17 +- drivers/cpuidle/driver.c | 3 drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/dc/dc.h | 1 drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 1 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/ci/gitlab-ci.yml | 14 + drivers/gpu/drm/ci/test.yml | 1 drivers/gpu/drm/drm_modeset_helper.c | 19 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 + drivers/gpu/drm/drm_probe_helper.c | 21 ++ drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 - drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 drivers/gpu/drm/panel/panel-simple.c | 20 ++ drivers/gpu/drm/ttm/ttm_bo.c | 7 drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/hid/hid-ids.h | 1 drivers/hid/hid-input.c | 2 drivers/i2c/busses/i2c-designware-core.h | 2 drivers/infiniband/core/cm.c | 20 ++ drivers/input/joystick/xpad.c | 3 drivers/input/rmi4/rmi_driver.c | 6 drivers/input/touchscreen/imagis.c | 20 -- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 22 +- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/net/dsa/qca/qca8k-8xxx.c | 3 drivers/net/dummy.c | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 - drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++ drivers/net/geneve.c | 1 drivers/net/loopback.c | 1 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/phy/phy_device.c | 13 - drivers/net/veth.c | 1 drivers/net/vxlan/vxlan_core.c | 1 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 drivers/net/wireless/intel/iwlwifi/cfg/sc.c | 38 ++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 8 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++--- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/pci.c | 60 ++++++- drivers/net/wireless/realtek/rtw89/pci.h | 6 drivers/net/wireless/realtek/rtw89/rtw8851be.c | 2 drivers/net/wireless/realtek/rtw89/rtw8852ae.c | 1 drivers/net/wireless/realtek/rtw89/rtw8852be.c | 1 drivers/net/wireless/realtek/rtw89/rtw8852ce.c | 1 drivers/net/wireless/realtek/rtw89/rtw8922ae.c | 1 drivers/nvme/host/pci.c | 3 drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++ drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/acer-wmi.c | 17 +- drivers/platform/x86/intel/hid.c | 7 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 - drivers/pmdomain/ti/omap_prm.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/soundwire/dmi-quirks.c | 8 drivers/thermal/thermal_of.c | 12 - drivers/thunderbolt/quirks.c | 14 + drivers/thunderbolt/tb.c | 49 +++++ drivers/thunderbolt/tb.h | 4 drivers/thunderbolt/tunnel.c | 16 - drivers/tty/serial/8250/8250_of.c | 44 ++++- drivers/tty/serial/8250/8250_port.c | 24 -- drivers/ufs/host/ufs-qcom.c | 13 + drivers/usb/gadget/function/uvc_video.c | 10 - drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 26 ++- drivers/usb/typec/ucsi/ucsi.h | 11 + drivers/usb/typec/ucsi/ucsi_glink.c | 1 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/xen/balloon.c | 2 fs/btrfs/export.c | 9 - fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 + fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 + fs/isofs/inode.c | 18 +- fs/kernfs/dir.c | 31 ++- fs/kernfs/kernfs-internal.h | 2 fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/acpi/acpi_bus.h | 14 - include/linux/kernfs.h | 2 include/linux/overflow.h | 12 - include/linux/printk.h | 2 include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 + include/linux/sunrpc/sched.h | 2 include/net/bluetooth/hci.h | 8 include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +- kernel/dma/direct.c | 9 - kernel/panic.c | 8 kernel/printk/internal.h | 1 kernel/printk/printk.c | 3 kernel/rcu/tree_nocb.h | 2 kernel/trace/ring_buffer.c | 2 lib/dump_stack.c | 16 + net/bluetooth/hci_event.c | 3 net/core/netdev-genl.c | 15 - net/core/page_pool_user.c | 2 net/ipv4/ip_tunnel.c | 1 net/ipv6/ip6_gre.c | 2 net/ipv6/ip6_tunnel.c | 1 net/ipv6/ip6_vti.c | 1 net/ipv6/sit.c | 1 net/mpls/mpls_gso.c | 3 net/smc/smc_pnet.c | 10 + net/wireless/util.c | 14 + scripts/gcc-plugins/stackleak_plugin.c | 2 scripts/mod/modpost.c | 4 sound/firewire/amdtp-stream.c | 12 - sound/firewire/amdtp-stream.h | 4 sound/pci/hda/patch_realtek.c | 12 + sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/intel/avs/board_selection.c | 85 ++++++++++ sound/soc/intel/boards/sof_rt5682.c | 40 ---- sound/soc/intel/boards/sof_sdw.c | 11 + sound/soc/soc-core.c | 3 sound/soc/sof/amd/acp.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 +- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 191 files changed, 1530 insertions(+), 450 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Limit read size on v1.2 Adam Ford (1): pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Ahmad Rehman (1): drm/amdgpu: Init zone device and drm client after mode-1 reset on reload Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Andre Werner (1): net: phy: phy_device: Prevent nullptr exceptions on ISR Andy Shevchenko (1): serial: 8250_of: Drop quirk fot NPCM from 8250_port Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB Bjorn Andersson (1): arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected Borislav Petkov (AMD) (1): x86/vdso: Fix rethunk patching for vdso-image-x32.o too Brent Lu (1): ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Cezary Rojewski (1): ASoC: Intel: avs: Populate board selection with new I2S entries Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Christian König (1): drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Cristian Ciocaltea (2): net: stmmac: dwmac-starfive: Add support for JH7100 SoC ASoC: SOF: amd: Optimize quirk for Valve Galileo Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (2): PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (2): amdkfd: use calloc instead of kzalloc to avoid integer overflow nouveau: fix devinit paths to only handle display on GSP. David McFarland (1): platform/x86/intel/hid: Don't wake on 5-button releases David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dmitry Baryshkov (1): arm64: dts: qcom: qrb2210-rb1: disable cluster power domains Dmitry Torokhov (1): HID: input: avoid polling stylus battery on Chromebook Pompom Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Chanudet (1): scsi: ufs: qcom: Avoid re-init quirk when gears match Eric Dumazet (2): net: add netdev_lockdep_set_classes() to virtual drivers net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Gil Fine (1): thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities read Greg Kroah-Hartman (1): Linux 6.8.6 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (3): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration() Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Hui Liu (1): arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jakub Kicinski (1): netdev: let netlink core handle -EMSGSIZE errors Jarkko Nikula (1): i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Jason Gunthorpe (1): iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Jichi Zhang (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Johan Jonker (4): ARM: dts: rockchip: fix rk3288 hdmi ports node ARM: dts: rockchip: fix rk322x hdmi ports node arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node Johannes Berg (1): wifi: cfg80211: check A-MSDU format more carefully John Ogness (3): printk: For @suppress_panic_printk check for other CPU in panic panic: Flush kernel log buffer at the end dump_stack: Do not get cpu_sync for panic CPU Josh Poimboeuf (1): x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o Junhao He (1): drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (3): bnx2x: Fix firmware version string character counts overflow: Allow non-type arg to type_max() and type_min() randomize_kstack: Improve entropy diffusion Koby Elbaz (1): accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (3): pmdomain: ti: Add a null pointer check to the omap_prm_domain_init pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luca Weiss (1): usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression M Cooley (1): ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Matt Scialabba (1): Input: xpad - add support for Snakebyte GAMEPADs Max Kellermann (1): modpost: fix null pointer dereference Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (2): usb: gadget: uvc: refactor the check for a valid buffer in the pump worker usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (2): wifi: iwlwifi: pcie: Add the PCI device id for new hardware wifi: iwlwifi: pcie: Add new PCI device id and CNVI Nicholas Kazlauskas (1): drm/amd/display: Disable idle reallow as part of command/gpint execution Nicolas Dufresne (1): media: mediatek: vcodec: Fix oops when HEVC init fails Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Peter Chiu (1): wifi: mt76: mt7996: disable AMSDU for non-data frames Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (2): wifi: rtw89: pci: validate RX tag for RXQ and RPQ wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Po-Hao Huang (1): wifi: rtw89: fix null pointer access when abort scan Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roger Pau Monne (1): x86/xen: attempt to inflate the memory balloon on PVH Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Shayne Chen (2): wifi: mt76: mt7915: add locking for accessing mapped registers wifi: mt76: mt7996: add locking for accessing mapped registers Shradha Gupta (2): drm: Check output polling initialized before disabling drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Sohaib Nadeem (1): drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Stanley.Yang (1): drm/amdgpu: Skip do PCI error slot reset during RAS recovery SungHwan Jung (2): platform/x86: acer-wmi: Add support for Acer PH16-71 platform/x86: acer-wmi: Add predator_v4 module parameter Sviatoslav Harasymchuk (1): ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA Takashi Iwai (2): wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tejun Heo (1): kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Tim Crawford (1): ALSA: hda/realtek: Add quirks for some Clevo laptops Tom Zanussi (1): crypto: iaa - Fix async_disable descriptor leak Tony Lindgren (1): drm/panel: simple: Add BOE BP082WX1-100 8.2" panel Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vignesh Raman (1): drm/ci: uprev mesa version: fix kdl commit fetch Vinicius Peixoto (1): Bluetooth: Add new quirk for broken read key length on ATS2851 Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Vladimir Oltean (1): net: dsa: qca8k: put MDIO controller OF node if unavailable Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yunfei Dong (2): media: mediatek: vcodec: adding lock to protect decoder context list media: mediatek: vcodec: adding lock to protect encoder context list Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups Zqiang (1): rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 5 months

1
1
0 0

Linux 6.6.27

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.27 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 + arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 + arch/x86/events/amd/lbr.c | 6 arch/x86/include/asm/xen/hypervisor.h | 5 arch/x86/pci/fixup.c | 48 +++++ arch/x86/platform/pvh/enlighten.c | 3 arch/x86/xen/enlighten.c | 32 +++ arch/x86/xen/enlighten_pvh.c | 68 ++++++++ arch/x86/xen/setup.c | 44 ----- arch/x86/xen/xen-ops.h | 14 + block/blk-stat.c | 2 drivers/accel/habanalabs/common/habanalabs.h | 2 drivers/acpi/sleep.c | 12 - drivers/acpi/x86/utils.c | 18 +- drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 - drivers/bus/mhi/host/pm.c | 20 ++ drivers/cpufreq/cpufreq.c | 17 +- drivers/cpuidle/driver.c | 3 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_modeset_helper.c | 19 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 + drivers/gpu/drm/drm_probe_helper.c | 21 ++ drivers/gpu/drm/ttm/ttm_bo.c | 7 drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/hid/hid-ids.h | 1 drivers/hid/hid-input.c | 2 drivers/i2c/busses/i2c-designware-core.h | 2 drivers/infiniband/core/cm.c | 20 ++ drivers/input/joystick/xpad.c | 3 drivers/input/rmi4/rmi_driver.c | 6 drivers/input/touchscreen/imagis.c | 20 -- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/net/dummy.c | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 - drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++ drivers/net/geneve.c | 1 drivers/net/loopback.c | 1 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/phy/phy_device.c | 13 - drivers/net/veth.c | 1 drivers/net/vxlan/vxlan_core.c | 1 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++--- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/pci.h | 2 drivers/nvme/host/pci.c | 3 drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++ drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 - drivers/pmdomain/ti/omap_prm.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/soundwire/dmi-quirks.c | 8 drivers/thermal/thermal_of.c | 12 - drivers/thunderbolt/quirks.c | 14 + drivers/thunderbolt/tb.c | 49 +++++ drivers/thunderbolt/tb.h | 4 drivers/usb/gadget/function/uvc_video.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 26 ++- drivers/usb/typec/ucsi/ucsi.h | 11 + drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/xen/balloon.c | 2 fs/btrfs/export.c | 9 - fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 + fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 + fs/isofs/inode.c | 18 +- fs/kernfs/dir.c | 31 ++- fs/kernfs/kernfs-internal.h | 2 fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/acpi/acpi_bus.h | 14 - include/linux/kernfs.h | 2 include/linux/overflow.h | 12 - include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 + include/linux/sunrpc/sched.h | 2 include/net/bluetooth/hci.h | 8 include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +- kernel/dma/direct.c | 9 - kernel/panic.c | 8 kernel/printk/printk.c | 3 kernel/rcu/tree_nocb.h | 2 kernel/trace/ring_buffer.c | 2 net/bluetooth/hci_event.c | 3 net/ipv4/ip_tunnel.c | 1 net/ipv6/ip6_gre.c | 2 net/ipv6/ip6_tunnel.c | 1 net/ipv6/ip6_vti.c | 1 net/ipv6/sit.c | 1 net/mpls/mpls_gso.c | 3 net/smc/smc_pnet.c | 10 + net/wireless/util.c | 14 + scripts/gcc-plugins/stackleak_plugin.c | 2 scripts/mod/modpost.c | 4 sound/firewire/amdtp-stream.c | 12 - sound/firewire/amdtp-stream.h | 4 sound/pci/hda/patch_realtek.c | 12 + sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/intel/avs/board_selection.c | 85 ++++++++++ sound/soc/intel/boards/sof_sdw.c | 11 + sound/soc/soc-core.c | 3 sound/soc/sof/amd/acp.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 +- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 151 files changed, 1134 insertions(+), 309 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Limit read size on v1.2 Adam Ford (1): pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Andre Werner (1): net: phy: phy_device: Prevent nullptr exceptions on ISR Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Cezary Rojewski (1): ASoC: Intel: avs: Populate board selection with new I2S entries Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Christian König (1): drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Cristian Ciocaltea (2): net: stmmac: dwmac-starfive: Add support for JH7100 SoC ASoC: SOF: amd: Optimize quirk for Valve Galileo Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (2): PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dmitry Torokhov (1): HID: input: avoid polling stylus battery on Chromebook Pompom Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (2): net: add netdev_lockdep_set_classes() to virtual drivers net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Geliang Tang (1): selftests: mptcp: display simult in extra_msg Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (1): Linux 6.6.27 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (2): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jarkko Nikula (1): i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Jichi Zhang (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Johan Jonker (4): ARM: dts: rockchip: fix rk3288 hdmi ports node ARM: dts: rockchip: fix rk322x hdmi ports node arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node Johannes Berg (1): wifi: cfg80211: check A-MSDU format more carefully John Ogness (2): printk: For @suppress_panic_printk check for other CPU in panic panic: Flush kernel log buffer at the end Junhao He (1): drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (3): bnx2x: Fix firmware version string character counts overflow: Allow non-type arg to type_max() and type_min() randomize_kstack: Improve entropy diffusion Koby Elbaz (1): accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (3): pmdomain: ti: Add a null pointer check to the omap_prm_domain_init pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression M Cooley (1): ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Matt Scialabba (1): Input: xpad - add support for Snakebyte GAMEPADs Max Kellermann (1): modpost: fix null pointer dereference Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (1): usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (1): wifi: iwlwifi: pcie: Add the PCI device id for new hardware Nicolas Dufresne (1): media: mediatek: vcodec: Fix oops when HEVC init fails Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Peter Chiu (1): wifi: mt76: mt7996: disable AMSDU for non-data frames Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (1): wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Po-Hao Huang (1): wifi: rtw89: fix null pointer access when abort scan Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roger Pau Monne (1): x86/xen: attempt to inflate the memory balloon on PVH Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Shayne Chen (2): wifi: mt76: mt7915: add locking for accessing mapped registers wifi: mt76: mt7996: add locking for accessing mapped registers Shradha Gupta (2): drm: Check output polling initialized before disabling drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Takashi Iwai (2): wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tejun Heo (1): kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Tim Crawford (1): ALSA: hda/realtek: Add quirks for some Clevo laptops Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vinicius Peixoto (1): Bluetooth: Add new quirk for broken read key length on ATS2851 Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yunfei Dong (2): media: mediatek: vcodec: adding lock to protect decoder context list media: mediatek: vcodec: adding lock to protect encoder context list Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups Zqiang (1): rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 5 months

1
1
0 0

Linux 6.1.86

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.86 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 +- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +- arch/x86/events/amd/lbr.c | 6 - block/blk-stat.c | 2 drivers/acpi/sleep.c | 12 -- drivers/bluetooth/btintel.c | 2 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btmtk.h | 1 drivers/bus/mhi/host/init.c | 1 drivers/bus/mhi/host/internal.h | 9 + drivers/bus/mhi/host/pm.c | 20 +++ drivers/cpufreq/cpufreq.c | 17 ++- drivers/cpuidle/driver.c | 3 drivers/firmware/tegra/bpmp-debugfs.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 ++ drivers/gpu/drm/vc4/vc4_plane.c | 5 drivers/infiniband/core/cm.c | 20 +++ drivers/input/rmi4/rmi_driver.c | 6 - drivers/input/touchscreen/imagis.c | 20 +-- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/misc/vmw_vmci/vmci_datagram.c | 6 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 - drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 - drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 drivers/net/wireless/realtek/rtw89/pci.h | 2 drivers/nvme/host/pci.c | 3 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 - drivers/scsi/scsi_lib.c | 52 +++++----- drivers/scsi/sd.c | 4 drivers/soundwire/dmi-quirks.c | 8 + drivers/thermal/thermal_of.c | 12 +- drivers/thunderbolt/quirks.c | 14 ++ drivers/thunderbolt/tb.c | 49 +++++++++ drivers/thunderbolt/tb.h | 4 drivers/tty/n_gsm.c | 3 drivers/usb/gadget/function/uvc_video.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/video/fbdev/core/fbmon.c | 7 - drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 + fs/btrfs/export.c | 9 + fs/btrfs/send.c | 10 + fs/btrfs/volumes.c | 12 ++ fs/ext4/mballoc.c | 5 fs/ext4/super.c | 12 ++ fs/isofs/inode.c | 18 +++ fs/orangefs/super.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 - include/linux/randomize_kstack.h | 2 include/linux/rcupdate.h | 4 include/linux/skbuff.h | 11 ++ include/linux/sunrpc/sched.h | 2 include/scsi/scsi_device.h | 51 ++------- include/uapi/linux/input-event-codes.h | 1 io_uring/io_uring.c | 25 +++- kernel/dma/direct.c | 9 - kernel/panic.c | 8 + kernel/trace/ring_buffer.c | 2 net/mpls/mpls_gso.c | 3 net/netfilter/nf_tables_api.c | 47 ++++++--- net/smc/smc_pnet.c | 10 + scripts/gcc-plugins/stackleak_plugin.c | 2 sound/firewire/amdtp-stream.c | 12 +- sound/firewire/amdtp-stream.h | 4 sound/soc/intel/boards/sof_sdw.c | 11 ++ sound/soc/soc-core.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 ++- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 87 files changed, 544 insertions(+), 224 deletions(-) Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (1): virtio: reenable config if freezing device failed David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Duje Mihanović (1): Input: imagis - use FIELD_GET where applicable Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (1): net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Florian Westphal (2): net: skbuff: add overflow debug check to pull/push helpers net: mpls: error out if inner headers are not set Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (3): Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties" Revert "scsi: core: Add struct for args to execution functions" Linux 6.1.86 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Hans de Goede (1): wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jacob Keller (1): ice: use relative VSI index for VFs instead of PF VSI number Jeffrey Hugo (1): bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Jens Axboe (1): io_uring: clear opcode specific data for an early failure Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): panic: Flush kernel log buffer at the end Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (2): bnx2x: Fix firmware version string character counts randomize_kstack: Improve entropy diffusion Konrad Dybcio (1): thermal/of: Assume polling-delay(-passive) 0 when absent Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Ma Jun (1): Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Markus Elfring (1): firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Markuss Broks (1): input/touchscreen: imagis: Correct the maximum touch area value Martin K. Petersen (1): scsi: sd: usb_storage: uas: Access media prior to querying device properties Maíra Canal (1): drm/vc4: don't check if plane->state->fb == state->fb Michael Grzeschik (1): usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Mika Westerberg (1): thunderbolt: Keep the domain powered when USB4 port is in redrive mode Mike Marshall (1): Julia Lawall reported this null pointer dereference, this should fix it. Mukesh Sisodiya (1): wifi: iwlwifi: pcie: Add the PCI device id for new hardware Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul E. McKenney (1): rcu-tasks: Repair RCU Tasks Trace quiescence check Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ping-Ke Shih (1): wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Rick Edgecombe (1): dma-direct: Leak pages on dma_set_decrypted() failure Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Dionne-Riel (1): drm: panel-orientation-quirks: Add quirk for GPD Win Mini Sandipan Das (1): perf/x86/amd/lbr: Discard erroneous branch entries Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Takashi Iwai (1): Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Viresh Kumar (1): cpufreq: Don't unregister cpufreq cooling on CPU hotplug Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment mosomate (1): ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops

1 year, 5 months

1
1
0 0

Linux 5.15.155

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.155 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++ arch/x86/mm/pat/memtype.c | 49 +++++++--- block/blk-stat.c | 2 drivers/acpi/cppc_acpi.c | 27 ----- drivers/acpi/sleep.c | 12 -- drivers/bluetooth/btintel.c | 2 drivers/cpuidle/driver.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/infiniband/core/cm.c | 20 +++- drivers/input/rmi4/rmi_driver.c | 6 + drivers/media/pci/sta2x11/sta2x11_vip.c | 9 - drivers/misc/vmw_vmci/vmci_datagram.c | 6 - drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 - drivers/net/pcs/pcs-xpcs.c | 4 drivers/net/wireless/ath/ath11k/mhi.c | 2 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/nvme/host/pci.c | 3 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/intel/vbtn.c | 5 - drivers/platform/x86/touchscreen_dmi.c | 9 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 - drivers/tty/n_gsm.c | 3 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/video/fbdev/core/fbmon.c | 7 - drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 +- fs/btrfs/export.c | 9 + fs/btrfs/send.c | 10 +- fs/btrfs/volumes.c | 12 ++ fs/ext4/mballoc.c | 5 - fs/ext4/super.c | 12 ++ fs/isofs/inode.c | 18 +++ fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 -- include/linux/randomize_kstack.h | 2 include/linux/sunrpc/sched.h | 2 include/uapi/linux/input-event-codes.h | 1 kernel/panic.c | 8 + kernel/trace/ring_buffer.c | 2 mm/memory.c | 4 net/dsa/dsa2.c | 25 +---- net/netfilter/nf_tables_api.c | 47 +++++++-- net/smc/smc_pnet.c | 10 ++ scripts/gcc-plugins/stackleak_plugin.c | 6 + sound/firewire/amdtp-stream.c | 12 +- sound/firewire/amdtp-stream.h | 4 sound/soc/soc-core.c | 3 tools/iio/iio_utils.c | 2 tools/lib/perf/evlist.c | 18 ++- tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 56 files changed, 321 insertions(+), 145 deletions(-) Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Ard Biesheuvel (1): gcc-plugins/stackleak: Avoid .head.text section Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (1): media: sta2x11: fix irq handler cast Baochen Qiang (1): wifi: ath11k: decrease MHI channel buffer length to 8KB C Cheng (1): cpuidle: Avoid potential overflow in integer multiplication Chancel Liu (1): ASoC: soc-core.c: Skip dummy codec when adding platforms Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (1): net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman (2): Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses" Linux 5.15.155 Gwendal Grignou (1): platform/x86: intel-vbtn: Update tablet mode switch at end of probe Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): panic: Flush kernel log buffer at the end Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kees Cook (2): gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text randomize_kstack: Improve entropy diffusion Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Serge Semin (1): net: pcs: xpcs: Return EINVAL in the internal methods Shannon Nelson (1): ionic: set adminq irq affinity Takashi Sakamoto (1): ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vladimir Oltean (1): net: dsa: fix panic when DSA master device unbinds on shutdown Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi (1): ext4: add a hint for block bitmap corrupt state in mb_groups linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment

1 year, 5 months

1
1
0 0

Linux 5.10.215

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.215 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++++ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 27 - Documentation/block/queue-sysfs.rst | 7 Documentation/x86/mds.rst | 38 + Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/riscv/include/asm/uaccess.h | 4 arch/s390/kernel/entry.S | 1 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 18 arch/x86/Makefile | 8 arch/x86/entry/entry.S | 23 arch/x86/entry/entry_32.S | 59 -- arch/x86/entry/entry_64.S | 10 arch/x86/entry/entry_64_compat.S | 1 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/asm.h | 5 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 5 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/irqflags.h | 1 arch/x86/include/asm/msr-index.h | 10 arch/x86/include/asm/nospec-branch.h | 47 + arch/x86/include/asm/processor.h | 15 arch/x86/include/asm/ptrace.h | 5 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/segment.h | 30 - arch/x86/include/asm/setup.h | 1 arch/x86/include/asm/stackprotector.h | 79 --- arch/x86/include/asm/suspend_32.h | 12 arch/x86/kernel/Makefile | 1 arch/x86/kernel/asm-offsets_32.c | 5 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 245 ++++++---- arch/x86/kernel/cpu/common.c | 64 ++ arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/doublefault_32.c | 4 arch/x86/kernel/head64.c | 9 arch/x86/kernel/head_32.S | 18 arch/x86/kernel/head_64.S | 24 arch/x86/kernel/nmi.c | 3 arch/x86/kernel/setup_percpu.c | 1 arch/x86/kernel/tls.c | 8 arch/x86/kvm/cpuid.h | 2 arch/x86/kvm/svm/sev.c | 16 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 9 arch/x86/kvm/vmx/vmx.c | 12 arch/x86/kvm/x86.c | 5 arch/x86/lib/insn-eval.c | 4 arch/x86/lib/retpoline.S | 6 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat/memtype.c | 50 +- arch/x86/platform/pvh/head.S | 14 arch/x86/power/cpu.c | 6 arch/x86/xen/enlighten_pv.c | 1 block/blk-settings.c | 41 + block/blk-stat.c | 2 block/blk-sysfs.c | 8 block/ioctl.c | 11 drivers/accessibility/speakup/synth.c | 4 drivers/acpi/acpica/dbnames.c | 8 drivers/acpi/sleep.c | 12 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 - drivers/base/cpu.c | 8 drivers/base/power/wakeirq.c | 4 drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_lrc.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/ttm/ttm_memory.c | 2 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_binding.c | 20 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 92 ++- drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 11 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 12 drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_mob.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 12 drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_so.c | 3 drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 50 -- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 drivers/hwmon/amc6821.c | 11 drivers/infiniband/core/cm.c | 20 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-integrity.c | 2 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 14 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/intel/i40e/i40e_main.c | 7 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/neterion/vxge/vxge-config.c | 2 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/renesas/ravb_main.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 + drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/nvme/host/pci.c | 3 drivers/nvmem/meson-efuse.c | 25 - drivers/of/dynamic.c | 12 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/pci-driver.c | 23 drivers/pci/pci.c | 6 drivers/pci/pci.h | 17 drivers/pci/pcie/Makefile | 2 drivers/pci/pcie/dpc.c | 15 drivers/pci/pcie/err.c | 33 + drivers/pci/pcie/rcec.c | 59 ++ drivers/pci/probe.c | 7 drivers/pci/quirks.c | 100 ++++ drivers/pci/setup-res.c | 8 drivers/phy/tegra/xusb.c | 13 drivers/pinctrl/renesas/core.c | 4 drivers/platform/x86/touchscreen_dmi.c | 9 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gs.c | 2 drivers/scsi/qla2xxx/qla_init.c | 102 +--- drivers/scsi/qla2xxx/qla_target.c | 10 drivers/scsi/sd.c | 7 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 +++- drivers/staging/comedi/drivers/comedi_test.c | 30 + drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/tee/optee/device.c | 3 drivers/tty/n_gsm.c | 3 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/max310x.c | 7 drivers/tty/serial/sc16is7xx.c | 15 drivers/tty/serial/serial_core.c | 12 drivers/tty/vt/vt.c | 2 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 +- drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 53 +- drivers/usb/host/sl811-hcd.c | 2 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/usb/typec/ucsi/ucsi.c | 42 + drivers/usb/typec/ucsi/ucsi.h | 4 drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 drivers/vfio/pci/vfio_pci_intrs.c | 176 ++++--- drivers/vfio/platform/vfio_platform_irq.c | 106 ++-- drivers/vfio/virqfd.c | 21 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 drivers/xen/events/events_base.c | 5 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 - fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 14 fs/exec.c | 1 fs/ext4/mballoc.c | 22 fs/ext4/resize.c | 3 fs/ext4/super.c | 12 fs/fat/nfs.c | 6 fs/fuse/dir.c | 4 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nfs/direct.c | 11 fs/nfs/write.c | 2 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/pstore/zone.c | 2 fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 fs/vboxsf/super.c | 3 include/linux/blkdev.h | 15 include/linux/cpu.h | 2 include/linux/device.h | 1 include/linux/gfp.h | 9 include/linux/hyperv.h | 22 include/linux/nfs_fs.h | 1 include/linux/objtool.h | 8 include/linux/pci.h | 6 include/linux/phy/tegra/xusb.h | 2 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/linux/udp.h | 28 + include/linux/vfio.h | 2 include/net/cfg802154.h | 1 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 include/soc/fsl/qman.h | 9 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 2 io_uring/io_uring.c | 2 kernel/bounds.c | 2 kernel/bpf/verifier.c | 5 kernel/events/core.c | 9 kernel/panic.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 63 +- kernel/time/timer.c | 164 +++--- kernel/trace/ring_buffer.c | 193 ++++--- mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/swapfile.c | 13 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 + net/bluetooth/hci_event.c | 25 + net/bridge/netfilter/ebtables.c | 6 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 13 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mac80211/cfg.c | 5 net/mac802154/llsec.c | 18 net/mptcp/protocol.c | 3 net/mptcp/subflow.c | 3 net/netfilter/nf_tables_api.c | 74 ++- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/smc/smc_pnet.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 scripts/dummy-tools/gcc | 6 scripts/gcc-x86_32-has-stack-protector.sh | 6 scripts/kernel-doc | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/include/linux/objtool.h | 8 tools/lib/perf/evlist.c | 18 tools/lib/perf/include/internal/evlist.h | 4 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 + 334 files changed, 3242 insertions(+), 1521 deletions(-) Alan Stern (3): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in usb_deauthorize_interface() Alban Boyé (1): platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (7): vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Usyskin (2): mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID Amey Narkhede (1): PCI: Cache PCIe Device Capabilities register Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Andy Lutomirski (1): x86/stackprotector/32: Make the canary into a regular percpu variable Antoine Tenart (2): udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: do not accept non-tunnel GSO skbs landing in a tunnel Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (6): staging: vc04_services: changen strncpy() to strscpy_pad() dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Bikash Hazarika (2): scsi: qla2xxx: Update manufacturer details scsi: qla2xxx: Update manufacturer detail Bjorn Helgaas (1): PCI: Work around Intel I210 ROM BAR overlap defect Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (5): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (2): usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christian König (2): drm/vmwgfx: stop using ttm_bo_create v2 drm/vmwgfx: switch over to the new pin interface v2 Christophe JAILLET (2): slimbus: core: Remove usage of the deprecated ida_simple_xx() API vboxsf: Avoid an spurious warning if load_nls_xxx() fails Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Damien Le Moal (2): block: introduce zone_write_granularity limit block: Clear zone limits for a non-zoned stacked queue Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (4): clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geert Uytterhoeven (1): pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (2): cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Linux 5.10.215 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Hariprasad Kelam (1): Octeontx2-af: fix pause frame configuration in GMP mode Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Hugo Villeneuve (2): serial: max310x: fix NULL pointer dereference in I2C instantiation serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ian Rogers (1): libperf evlist: Avoid out-of-bounds access Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (4): drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jason A. Donenfeld (2): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer Jens Axboe (1): io_uring: ensure '0' is returned on file registration success Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jiawei Fu (iBug) (1): drivers/nvme: Add quirks for device 126f:2262 Johan Hovold (1): arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Ogness (2): printk: Update @console_may_schedule in console_trylock_spinning() panic: Flush kernel log buffer at the end John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Jon Hunter (1): usb: gadget: tegra-xudc: Use dev_err_probe() Josef Bacik (1): nfs: fix UAF in direct writes Josh Poimboeuf (1): objtool: Add asm version of STACK_FRAME_NON_STANDARD Josua Mayer (1): hwmon: (amc6821) add of_match table Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (2): pstore/zone: Add a null pointer check to the psz_kmsg_read Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lee Jones (1): drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Manjunath Patil (1): RDMA/cm: add timeout to cm_destroy_id wait Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (2): ext4: fix corruption during on-line resize xen/events: close evtchn after mapping cleanup Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (1): Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Michael Roth (1): x86/head/64: Re-enable stack protection Michal Kubecek (1): kbuild: dummy-tools: adjust to stricter stackprotector check Mika Westerberg (3): PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited PCI/DPC: Quirk PIO log size for certain Intel Root Ports PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (2): fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Min Li (1): block: add check that partition length needs to be aligned with block size Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (4): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS hexagon: vmlinux.lds.S: handle attributes section Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (9): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul Barker (1): net: ravb: Always process TX descriptor ring Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Pawan Gupta (11): x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH KVM/VMX: Move VERW closer to VMentry for MDS mitigation x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Peter Collingbourne (1): serial: Lock console when calling into driver before registration Petr Mladek (1): printk/console: Split out code that enables default console Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Wen (1): x86/srso: Add SRSO mitigation for Hygon processors Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (3): scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Salvatore Bonaccorso (1): scripts: kernel-doc: Fix syntax error due to undeclared args variable Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (3): KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sean V Kelley (2): PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() PCI/ERR: Clear AER status only when we control AER SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Shannon Nelson (1): ionic: set adminq irq affinity Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Shin'ichiro Kawasaki (1): scsi: sd: Fix wrong zone_write_granularity value during revalidate Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Rostedt (Google) (5): ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll net: hns3: tracing: fix hclgevf trace event strings Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Sumit Garg (1): tee: optee: Fix kernel panic caused by incorrect error handling Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Venkata Lakshmi Narayana Gubba (1): arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Xu Wang (1): vxge: remove unnecessary cast in kfree() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Ye Bin (1): ext4: forbid commit inconsistent quota data when errors=remount-ro Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zack Rusin (2): drm/vmwgfx: Fix some static checker warnings drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Zhang Yi (2): ubi: correct the calculation of fastmap size ext4: add a hint for block bitmap corrupt state in mb_groups Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() linke li (1): ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 5 months

1
1
0 0

Linux 5.4.274

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.274 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 6 Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 332 ++++------ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/parisc/include/asm/checksum.h | 107 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/s390/kernel/entry.S | 1 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/include/asm/cpufeature.h | 6 arch/x86/include/asm/cpufeatures.h | 4 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/mmu_context.h | 9 arch/x86/include/asm/msr-index.h | 2 arch/x86/include/asm/nospec-branch.h | 7 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/unwind_hints.h | 2 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 117 +-- arch/x86/kernel/cpu/common.c | 19 arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat.c | 50 + block/blk-stat.c | 2 drivers/acpi/sleep.c | 12 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 - drivers/ata/sata_sx4.c | 6 drivers/base/power/wakeirq.c | 4 drivers/block/loop.c | 185 +++-- drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/firmware/meson/meson_sm.c | 96 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_lrc.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vkms/vkms_drv.c | 2 drivers/hwmon/amc6821.c | 11 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-integrity.c | 2 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 14 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/renesas/ravb_main.c | 7 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 - drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 - drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/nvmem/meson-efuse.c | 45 - drivers/pci/pci-driver.c | 23 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 ++ drivers/staging/comedi/drivers/comedi_test.c | 30 drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/speakup/synth.c | 4 drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c | 40 - drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h | 2 drivers/tty/n_gsm.c | 3 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/max310x.c | 7 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 + drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/typec/tcpm/tcpci.c | 1 drivers/vfio/pci/vfio_pci_intrs.c | 176 +++-- drivers/vfio/platform/vfio_platform_irq.c | 106 ++- drivers/vfio/virqfd.c | 21 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 drivers/xen/events/events_base.c | 5 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 14 fs/exec.c | 1 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/fat/nfs.c | 6 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nilfs2/alloc.c | 38 - fs/nilfs2/btree.c | 51 - fs/nilfs2/cpfile.c | 10 fs/nilfs2/dat.c | 14 fs/nilfs2/direct.c | 23 fs/nilfs2/gcinode.c | 2 fs/nilfs2/ifile.c | 4 fs/nilfs2/inode.c | 31 fs/nilfs2/ioctl.c | 37 - fs/nilfs2/mdt.c | 2 fs/nilfs2/namei.c | 6 fs/nilfs2/nilfs.h | 9 fs/nilfs2/page.c | 11 fs/nilfs2/recovery.c | 32 fs/nilfs2/segbuf.c | 2 fs/nilfs2/segment.c | 38 - fs/nilfs2/sufile.c | 29 fs/nilfs2/super.c | 57 - fs/nilfs2/sysfs.c | 29 fs/nilfs2/the_nilfs.c | 85 +- fs/open.c | 38 - fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 include/linux/firmware/meson/meson_sm.h | 15 include/linux/frame.h | 11 include/linux/fs.h | 3 include/linux/gfp.h | 9 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/linux/vfio.h | 2 include/net/erspan.h | 19 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 include/soc/fsl/qman.h | 9 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 47 - kernel/bounds.c | 2 kernel/events/core.c | 9 kernel/panic.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 6 kernel/time/timer.c | 164 ++-- kernel/trace/ring_buffer.c | 51 + mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 - net/bluetooth/hci_event.c | 25 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 104 ++- net/ipv4/tcp.c | 2 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/mac80211/cfg.c | 5 net/netfilter/nf_tables_api.c | 74 +- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/objtool/Documentation/stack-validation.txt | 8 tools/objtool/arch/x86/decode.c | 6 tools/objtool/check.c | 64 + tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 208 files changed, 2528 insertions(+), 1429 deletions(-) Alan Stern (2): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Fix deadlock in usb_deauthorize_interface() Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (1): i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (6): vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers Alexandre Chartre (2): objtool: is_fentry_call() crashes if call has no destination objtool: Add support for intra-function calls Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (6): dm integrity: fix out-of-range warning staging: vc04_services: changen strncpy() to strscpy_pad() ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (2): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Carlo Caione (1): firmware: meson_sm: Rework driver as a proper platform driver Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christoph Hellwig (3): fs: add a vfs_fchown helper fs: add a vfs_fchmod helper initramfs: switch initramfs unpacking to struct file based APIs Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Drake (1): Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow Dave Stevenson (2): staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Fix client_component for 64 bit kernel David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (3): tcp: properly terminate timers for kernel sockets net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (3): clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Genjian Zhang (1): Revert "loop: Check for overflow while configuring loop" Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (1): Linux 5.4.274 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Guo Mengqi (1): drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() Hangbin Liu (1): ip_gre: do not report erspan version on GRE interface Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Helge Deller (1): parisc: Do not hardcode registers in checksum functions Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Hugo Villeneuve (1): serial: max310x: fix NULL pointer dereference in I2C instantiation Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (3): drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Joe Perches (1): nilfs2: use a more common logging style Johan Jonker (2): arm64: dts: rockchip: fix rk3328 hdmi ports node arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (2): printk: Update @console_may_schedule in console_trylock_spinning() panic: Flush kernel log buffer at the end John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josua Mayer (1): hwmon: (amc6821) add of_match table Juergen Gross (1): x86/alternative: Don't call text_poke() in lazy TLB mode Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (1): Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Lubomir Rintel (1): ARM: dts: mmp2-brownstone: Don't redeclare phandle references Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Felsch (1): usb: typec: tcpci: add generic tcpci fallback compatible Martijn Coenen (5): loop: Call loop_config_discard() only after new config is applied loop: Remove sector_t truncation checks loop: Factor out setting loop device size loop: Refactor loop_set_status() size calculation loop: Factor out configuring loop from status Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): ubifs: Set page uptodate in the correct place bounds: support non-power-of-two CONFIG_NR_CPUS Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (2): ext4: fix corruption during on-line resize xen/events: close evtchn after mapping cleanup Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (1): fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (3): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (9): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion Paul Barker (1): net: ravb: Always process TX descriptor ring Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (1): scsi: qla2xxx: Fix command flush on cable pull Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Rui Qi (1): x86/speculation: Support intra-function call validation Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (1): KVM: Always flush async #PF workqueue when vCPU is being destroyed SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Shannon Nelson (1): ionic: set adminq irq affinity Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Siddh Raman Pant (1): loop: Check for overflow while configuring loop Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Rostedt (Google) (2): ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations William Tu (2): erspan: Add type I version 0 support. erspan: Check IFLA_GRE_ERSPAN_VER is set. Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Yangxi Xiang (1): vt: fix memory overlapping when deleting chars in the buffer Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zhang Shurong (1): firmware: meson_sm: fix to avoid potential NULL pointer dereference Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zhong Jinghua (1): loop: loop_set_status_from_info() check before assignment Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 5 months

1
1
0 0

Linux 4.19.312

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.312 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 18 Documentation/admin-guide/kernel-parameters.txt | 6 Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 332 ++++------ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 arch/parisc/include/asm/checksum.h | 107 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/msr-index.h | 2 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 117 +-- arch/x86/kernel/cpu/common.c | 17 arch/x86/mm/ident_map.c | 23 arch/x86/mm/pat.c | 50 + block/blk-stat.c | 2 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 - drivers/ata/sata_sx4.c | 6 drivers/base/power/wakeirq.c | 4 drivers/block/loop.c | 204 +++--- drivers/bluetooth/btintel.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 4 drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vkms/vkms_drv.c | 2 drivers/hwmon/amc6821.c | 11 drivers/input/rmi4/rmi_driver.c | 6 drivers/md/dm-raid.c | 2 drivers/md/raid5.c | 12 drivers/media/pci/sta2x11/sta2x11_vip.c | 9 drivers/media/tuners/xc4000.c | 4 drivers/misc/vmw_vmci/vmci_datagram.c | 6 drivers/mmc/core/block.c | 10 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 - drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 - drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 40 - drivers/net/wireless/ath/ath9k/antenna.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/pci/pci-driver.c | 23 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/lpfc/lpfc_nportdisc.c | 6 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 ++ drivers/staging/comedi/drivers/comedi_test.c | 30 drivers/staging/speakup/synth.c | 4 drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c | 52 + drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h | 6 drivers/tty/n_gsm.c | 3 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 63 + drivers/usb/dwc2/gadget.c | 4 drivers/usb/dwc2/hcd.c | 47 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/host/sl811-hcd.c | 2 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/vfio/platform/vfio_platform_irq.c | 5 drivers/video/fbdev/core/fbmon.c | 7 drivers/video/fbdev/via/accel.c | 4 drivers/virtio/virtio.c | 10 fs/aio.c | 8 fs/btrfs/export.c | 9 fs/btrfs/ioctl.c | 25 fs/btrfs/send.c | 10 fs/btrfs/volumes.c | 12 fs/exec.c | 1 fs/ext4/resize.c | 3 fs/fat/nfs.c | 6 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/isofs/inode.c | 18 fs/nilfs2/alloc.c | 38 - fs/nilfs2/btree.c | 51 - fs/nilfs2/cpfile.c | 10 fs/nilfs2/dat.c | 14 fs/nilfs2/direct.c | 23 fs/nilfs2/gcinode.c | 2 fs/nilfs2/ifile.c | 4 fs/nilfs2/inode.c | 31 fs/nilfs2/ioctl.c | 37 - fs/nilfs2/mdt.c | 2 fs/nilfs2/namei.c | 6 fs/nilfs2/nilfs.h | 9 fs/nilfs2/page.c | 11 fs/nilfs2/recovery.c | 32 fs/nilfs2/segbuf.c | 2 fs/nilfs2/segment.c | 38 - fs/nilfs2/sufile.c | 29 fs/nilfs2/super.c | 57 - fs/nilfs2/sysfs.c | 29 fs/nilfs2/the_nilfs.c | 85 +- fs/open.c | 38 - fs/sysv/itree.c | 10 fs/ubifs/file.c | 13 include/linux/fs.h | 3 include/linux/gfp.h | 9 include/linux/sunrpc/sched.h | 2 include/linux/timer.h | 18 include/net/erspan.h | 19 include/net/inet_connection_sock.h | 1 include/net/sock.h | 9 include/soc/fsl/qman.h | 9 include/trace/events/timer.h | 17 include/uapi/linux/input-event-codes.h | 1 init/initramfs.c | 77 +- kernel/events/core.c | 9 kernel/power/suspend.c | 1 kernel/printk/printk.c | 6 kernel/time/timer.c | 282 ++++++-- mm/compaction.c | 7 mm/memory-failure.c | 2 mm/memory.c | 4 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/vmscan.c | 5 net/bluetooth/hci_debugfs.c | 48 - net/bluetooth/hci_event.c | 25 net/core/sock.c | 7 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 104 ++- net/ipv4/tcp.c | 2 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/mac80211/cfg.c | 5 net/netfilter/nf_tables_api.c | 22 net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/soc-ops.c | 2 tools/iio/iio_utils.c | 2 tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 tools/testing/ktest/ktest.pl | 1 tools/testing/selftests/net/reuseaddr_conflict.c | 2 virt/kvm/async_pf.c | 31 166 files changed, 2098 insertions(+), 1189 deletions(-) Alan Stern (2): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Fix deadlock in usb_deauthorize_interface() Aleksandr Burakov (1): fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Aleksandr Loktionov (1): i40e: fix vf may be used uninitialized in this function warning Alex Henrie (1): isofs: handle CDs with bad root inode but good Joliet root directory Alex Williamson (1): vfio/platform: Disable virqfds on cleanup Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Anna-Maria Gleixner (3): timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps timer/trace: Improve timer tracing timers: Prepare support for PREEMPT_RT Aric Cyr (1): drm/amd/display: Fix nanosec stat overflow Arnd Bergmann (4): staging: vc04_services: changen strncpy() to strscpy_pad() ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ata: sata_mv: Fix PCI device ID table declaration compilation warning media: sta2x11: fix irq handler cast Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Bart Van Assche (1): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (1): x86/CPU/AMD: Update the Zenbleed microcode revisions Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christoph Hellwig (4): initramfs: factor out a helper to populate the initrd image fs: add a vfs_fchown helper fs: add a vfs_fchmod helper initramfs: switch initramfs unpacking to struct file based APIs Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Colin Ian King (1): usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (1): SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): amdkfd: use calloc instead of kzalloc to avoid integer overflow Dave Stevenson (3): staging: mmal-vchiq: Avoid use of bool in structures staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Fix client_component for 64 bit kernel David Hildenbrand (2): virtio: reenable config if freezing device failed x86/mm/pat: fix VM_PAT handling in COW mappings David Sterba (3): btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: send: handle path ref underflow in header iterate_inode_ref() Dmitry Antipov (1): wifi: ath9k: fix LNA selection in ath_ant_try_scan() Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Adam Davis (1): Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet (3): tcp: properly terminate timers for kernel sockets net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Gabor Juhos (3): clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geert Uytterhoeven (1): initramfs: fix populate_initrd_image() section mismatch Geliang Tang (1): mptcp: add sk_stop_timer_sync helper Genjian Zhang (1): Revert "loop: Check for overflow while configuring loop" Gergo Koteles (1): Input: allocate keycode for Display refresh rate toggle Goldwyn Rodrigues (1): btrfs: allocate btrfs_ioctl_defrag_range_args on stack Greg Kroah-Hartman (1): Linux 4.19.312 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guo Mengqi (1): drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() Hangbin Liu (1): ip_gre: do not report erspan version on GRE interface Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harshit Mogalapalli (1): VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Helge Deller (1): parisc: Do not hardcode registers in checksum functions Holger Hoffstätte (1): loop: properly observe rotational flag of underlying device Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (2): drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Joe Perches (1): nilfs2: use a more common logging style Johan Jonker (1): arm64: dts: rockchip: fix rk3399 hdmi ports node John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josua Mayer (1): hwmon: (amc6821) add of_match table Justin Tee (1): scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Kunwu Chan (1): Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Liu Shixin (1): mm/memory-failure: fix an incorrect use of tail pages Lubomir Rintel (1): ARM: dts: mmp2-brownstone: Don't redeclare phandle references Luiz Augusto von Dentz (1): Bluetooth: btintel: Fixe build regression Mahmoud Adam (1): net/rds: fix possible cp null dereference Martijn Coenen (5): loop: Call loop_config_discard() only after new config is applied loop: Remove sector_t truncation checks loop: Factor out setting loop device size loop: Refactor loop_set_status() size calculation loop: Factor out configuring loop from status Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (1): ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (1): ext4: fix corruption during on-line resize Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Miklos Szeredi (1): fuse: don't unhash root Minas Harutyunyan (4): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (3): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (3): netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow timeout for anonymous sets Petre Rodan (1): tools: iio: replace seekdir() in iio_generic_buffer Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (1): scsi: qla2xxx: Fix command flush on cable pull Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Ricardo B. Marliere (1): ktest: force $buildonly = 1 for 'make_warnings_file' test type Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roman Smirnov (2): block: prevent division by zero in blk_rq_stat_sum() fbmon: prevent division by zero in fb_videomode_from_videomode() Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Samasth Norway Ananda (1): tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (1): KVM: Always flush async #PF workqueue when vCPU is being destroyed Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Siddh Raman Pant (1): loop: Check for overflow while configuring loop Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tetsuo Handa (1): sysv: don't call sb_bread() with pointers_lock held Thadeu Lima de Souza Cascardo (1): tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasiliy Kovalev (1): VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations William Tu (2): erspan: Add type I version 0 support. erspan: Check IFLA_GRE_ERSPAN_VER is set. Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Yangxi Xiang (1): vt: fix memory overlapping when deleting chars in the buffer Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zhong Jinghua (1): loop: loop_set_status_from_info() check before assignment Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 5 months

1
1
0 0

+ mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Fri, 12 Apr 2024 10:57:54 +0800 extend comment per Oscar Link: https://lkml.kernel.org/r/20240412025754.1897615-1-linmiaohe@huawei.com Fixes: a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled with a static_key") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2 +++ a/mm/memory-failure.c @@ -159,6 +159,10 @@ static int __page_handle_poison(struct p * dissolve_free_huge_page() might hold cpu_hotplug_lock via static_key_slow_dec() * when hugetlb vmemmap optimization is enabled. This will break current lock * dependency chain and leads to deadlock. + * Disabling pcp before dissolving the page was a deterministic approach because + * we made sure that those pages cannot end up in any PCP list. Draining PCP lists + * expels those pages to the buddy system, but nothing guarantees that those pages + * do not get back to a PCP queue if we need to refill those. */ ret = dissolve_free_huge_page(page); if (!ret) { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled-v2.patch fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch

1 year, 5 months

1
0
0 0

[PATCH 1/3] drm/xe/vm: prevent UAF with asid based lookup

by Matthew Auld

The asid is only erased from the xarray when the vm refcount reaches zero, however this leads to potential UAF since the xe_vm_get() only works on a vm with refcount != 0. Since the asid is allocated in the vm create ioctl, rather erase it when closing the vm, prior to dropping the potential last ref. This should also work when user closes driver fd without explicit vm destroy. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1594 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_vm.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index a196dbe65252..c5c26b3d1b76 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1581,6 +1581,16 @@ void xe_vm_close_and_put(struct xe_vm *vm) xe->usm.num_vm_in_fault_mode--; else if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe->usm.num_vm_in_non_fault_mode--; + + if (vm->usm.asid) { + void *lookup; + + xe_assert(xe, xe->info.has_asid); + xe_assert(xe, !(vm->flags & XE_VM_FLAG_MIGRATION)); + + lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); + xe_assert(xe, lookup == vm); + } mutex_unlock(&xe->usm.lock); for_each_tile(tile, xe, id) @@ -1596,24 +1606,15 @@ static void vm_destroy_work_func(struct work_struct *w) struct xe_device *xe = vm->xe; struct xe_tile *tile; u8 id; - void *lookup; /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); mutex_destroy(&vm->snap_mutex); - if (!(vm->flags & XE_VM_FLAG_MIGRATION)) { + if (!(vm->flags & XE_VM_FLAG_MIGRATION)) xe_device_mem_access_put(xe); - if (xe->info.has_asid && vm->usm.asid) { - mutex_lock(&xe->usm.lock); - lookup = xa_erase(&xe->usm.asid_to_vm, vm->usm.asid); - xe_assert(xe, lookup == vm); - mutex_unlock(&xe->usm.lock); - } - } - for_each_tile(tile, xe, id) XE_WARN_ON(vm->pt_root[id]); -- 2.44.0

1 year, 5 months

3
3
0 0

[PATCH 6.6 000/114] 6.6.27-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.27 release. There are 114 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.27-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect encoder context list Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect decoder context list Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: mediatek: vcodec: Fix oops when HEVC init fails Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Max Kellermann <max.kellermann(a)ionos.com> modpost: fix null pointer dereference Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: attempt to inflate the memory balloon on PVH Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent M Cooley <m.cooley.198(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Limit read size on v1.2 Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Tejun Heo <tj(a)kernel.org> kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Matt Scialabba <matt.git(a)fastmail.fm> Input: xpad - add support for Snakebyte GAMEPADs Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Jichi Zhang <i(a)jichi.ca> ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Drake <drake(a)endlessos.org> PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Shradha Gupta <shradhagupta(a)linux.microsoft.com> drm: Check output polling initialized before disabling Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: input: avoid polling stylus battery on Chromebook Pompom Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Koby Elbaz <kelbaz(a)habana.ai> accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Populate board selection with new I2S entries Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Christian König <christian.koenig(a)amd.com> drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: SOF: amd: Optimize quirk for Valve Galileo Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Vinicius Peixoto <nukelet64(a)gmail.com> Bluetooth: Add new quirk for broken read key length on ATS2851 Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check A-MSDU format more carefully Takashi Iwai <tiwai(a)suse.de> wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Kees Cook <keescook(a)chromium.org> overflow: Allow non-type arg to type_max() and type_min() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: add locking for accessing mapped registers Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: disable AMSDU for non-data frames Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add locking for accessing mapped registers Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Adam Ford <aford173(a)gmail.com> pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Eric Dumazet <edumazet(a)google.com> net: add netdev_lockdep_set_classes() to virtual drivers Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk322x hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3288 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end John Ogness <john.ogness(a)linutronix.de> printk: For @suppress_panic_printk check for other CPU in panic Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Andre Werner <andre.werner(a)systec-electronic.com> net: phy: phy_device: Prevent nullptr exceptions on ISR Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> net: stmmac: dwmac-starfive: Add support for JH7100 SoC Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: fix null pointer access when abort scan Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++-- arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++- arch/x86/events/amd/lbr.c | 6 +- arch/x86/include/asm/xen/hypervisor.h | 5 ++ arch/x86/pci/fixup.c | 48 ++++++++++++ arch/x86/platform/pvh/enlighten.c | 3 + arch/x86/xen/enlighten.c | 32 ++++++++ arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++ arch/x86/xen/setup.c | 44 ----------- arch/x86/xen/xen-ops.h | 14 ++++ block/blk-stat.c | 2 +- drivers/accel/habanalabs/common/habanalabs.h | 2 +- drivers/acpi/sleep.c | 12 --- drivers/acpi/x86/utils.c | 18 ++++- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++- drivers/bus/mhi/host/pm.c | 20 ++++- drivers/cpufreq/cpufreq.c | 17 +++-- drivers/cpuidle/driver.c | 3 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/drm_modeset_helper.c | 19 ++++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++ drivers/gpu/drm/drm_probe_helper.c | 13 +++- drivers/gpu/drm/ttm/ttm_bo.c | 7 +- drivers/gpu/drm/vc4/vc4_plane.c | 5 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-input.c | 2 + drivers/i2c/busses/i2c-designware-core.h | 2 +- drivers/infiniband/core/cm.c | 20 ++++- drivers/input/joystick/xpad.c | 3 + drivers/input/rmi4/rmi_driver.c | 6 +- drivers/input/touchscreen/imagis.c | 20 ++--- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +-- .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++ .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 + .../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 + .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++ .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 + .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 + drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/net/dummy.c | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++-- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +-- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +- .../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++- drivers/net/geneve.c | 1 + drivers/net/loopback.c | 1 + drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/phy/phy_device.c | 13 ++-- drivers/net/veth.c | 1 + drivers/net/vxlan/vxlan_core.c | 1 + drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++ drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++ drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++-- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------ drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/pci.h | 2 +- drivers/nvme/host/pci.c | 3 + drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++- drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/intel/vbtn.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 9 +++ drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +-- drivers/pmdomain/ti/omap_prm.c | 2 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/soundwire/dmi-quirks.c | 8 ++ drivers/thermal/thermal_of.c | 12 ++- drivers/thunderbolt/quirks.c | 14 ++++ drivers/thunderbolt/tb.c | 49 ++++++++++++- drivers/thunderbolt/tb.h | 4 + drivers/usb/gadget/function/uvc_video.c | 3 + drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/usb/typec/ucsi/ucsi.c | 26 ++++++- drivers/usb/typec/ucsi/ucsi.h | 11 +++ drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/xen/balloon.c | 2 - fs/btrfs/export.c | 9 ++- fs/btrfs/send.c | 10 ++- fs/btrfs/volumes.c | 12 ++- fs/ext4/mballoc.c | 5 +- fs/ext4/super.c | 12 +++ fs/isofs/inode.c | 18 ++++- fs/kernfs/dir.c | 31 +++++--- fs/kernfs/kernfs-internal.h | 2 + fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 +-- include/acpi/acpi_bus.h | 22 +++--- include/linux/kernfs.h | 2 + include/linux/overflow.h | 12 +-- include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++ include/linux/sunrpc/sched.h | 2 +- include/net/bluetooth/hci.h | 8 ++ include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 ++++--- kernel/dma/direct.c | 9 ++- kernel/panic.c | 8 ++ kernel/printk/printk.c | 3 +- kernel/rcu/tree_nocb.h | 2 +- kernel/trace/ring_buffer.c | 2 +- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 ++-- net/bluetooth/hci_event.c | 3 +- net/ipv4/ip_tunnel.c | 1 + net/ipv6/ip6_gre.c | 2 + net/ipv6/ip6_tunnel.c | 1 + net/ipv6/ip6_vti.c | 1 + net/ipv6/sit.c | 1 + net/mpls/mpls_gso.c | 3 + net/smc/smc_pnet.c | 10 +++ net/wireless/util.c | 14 +++- scripts/gcc-plugins/stackleak_plugin.c | 2 + scripts/mod/modpost.c | 4 +- sound/firewire/amdtp-stream.c | 12 ++- sound/firewire/amdtp-stream.h | 4 + sound/pci/hda/patch_realtek.c | 12 +++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++ sound/soc/intel/boards/sof_sdw.c | 11 +++ sound/soc/soc-core.c | 3 + sound/soc/sof/amd/acp.c | 3 +- tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++-- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 +- 152 files changed, 1140 insertions(+), 318 deletions(-)

1 year, 5 months

11
125
0 0

[PATCH 6.1 00/83] 6.1.86-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.86 release. There are 83 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.86-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.86-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Martin K. Petersen <martin.petersen(a)oracle.com> scsi: sd: usb_storage: uas: Access media prior to querying device properties Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: core: Add struct for args to execution functions" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "scsi: sd: usb_storage: uas: Access media prior to querying device properties" Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++++- arch/x86/events/amd/lbr.c | 6 ++- block/blk-stat.c | 2 +- drivers/acpi/sleep.c | 12 ----- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++-- drivers/bus/mhi/host/pm.c | 20 +++++++-- drivers/cpufreq/cpufreq.c | 17 ++++--- drivers/cpuidle/driver.c | 3 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++++ drivers/gpu/drm/vc4/vc4_plane.c | 5 +-- drivers/infiniband/core/cm.c | 20 ++++++++- drivers/input/rmi4/rmi_driver.c | 6 ++- drivers/input/touchscreen/imagis.c | 20 ++++----- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 ++-- drivers/misc/vmw_vmci/vmci_datagram.c | 6 ++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++-- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +++--- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +--- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 ++++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 ++- drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 ++++ drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 + drivers/net/wireless/realtek/rtw89/pci.h | 2 +- drivers/nvme/host/pci.c | 3 ++ drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/intel/vbtn.c | 5 ++- drivers/platform/x86/touchscreen_dmi.c | 9 ++++ drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++- drivers/scsi/scsi_lib.c | 52 +++++++++++----------- drivers/scsi/sd.c | 4 +- drivers/soundwire/dmi-quirks.c | 8 ++++ drivers/thermal/thermal_of.c | 12 +++-- drivers/thunderbolt/quirks.c | 14 ++++++ drivers/thunderbolt/tb.c | 49 +++++++++++++++++++- drivers/thunderbolt/tb.h | 4 ++ drivers/tty/n_gsm.c | 3 ++ drivers/usb/gadget/function/uvc_video.c | 3 ++ drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/video/fbdev/core/fbmon.c | 7 +-- drivers/video/fbdev/via/accel.c | 4 +- drivers/virtio/virtio.c | 10 ++++- fs/btrfs/export.c | 9 +++- fs/btrfs/send.c | 10 ++++- fs/btrfs/volumes.c | 12 ++++- fs/ext4/mballoc.c | 5 ++- fs/ext4/super.c | 12 +++++ fs/isofs/inode.c | 18 +++++++- fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 ++--- include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++++ include/linux/sunrpc/sched.h | 2 +- include/scsi/scsi_device.h | 51 ++++++--------------- include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 +++++++---- kernel/dma/direct.c | 9 ++-- kernel/panic.c | 8 ++++ kernel/trace/ring_buffer.c | 2 +- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 +++--- net/mpls/mpls_gso.c | 3 ++ net/netfilter/nf_tables_api.c | 47 ++++++++++++++----- net/smc/smc_pnet.c | 10 +++++ scripts/gcc-plugins/stackleak_plugin.c | 2 + sound/firewire/amdtp-stream.c | 12 +++-- sound/firewire/amdtp-stream.h | 4 ++ sound/soc/intel/boards/sof_sdw.c | 11 +++++ sound/soc/soc-core.c | 3 ++ tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++++--- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + 88 files changed, 552 insertions(+), 231 deletions(-)

1 year, 5 months

12
97
0 0

[to-be-updated] bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bootconfig: use memblock_free_late to free xbc memory to buddy has been removed from the -mm tree. Its filename was bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: bootconfig: use memblock_free_late to free xbc memory to buddy Date: Fri, 12 Apr 2024 10:41:04 +0800 At the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Link: https://lkml.kernel.org/r/20240412024103.3078378-1-qiang4.zhang@linux.intel… Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mike Rapoport <rppt(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_me static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are

1 year, 5 months

1
0
0 0

+ bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bootconfig: use memblock_free_late to free xbc memory to buddy has been added to the -mm mm-hotfixes-unstable branch. Its filename is bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Qiang Zhang <qiang4.zhang(a)intel.com> Subject: bootconfig: use memblock_free_late to free xbc memory to buddy Date: Fri, 12 Apr 2024 10:41:04 +0800 At the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Link: https://lkml.kernel.org/r/20240412024103.3078378-1-qiang4.zhang@linux.intel… Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mike Rapoport <rppt(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/lib/bootconfig.c~bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy +++ a/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_me static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ _ Patches currently in -mm which might be from qiang4.zhang(a)intel.com are bootconfig-use-memblock_free_late-to-free-xbc-memory-to-buddy.patch

1 year, 5 months

1
0
0 0

[PATCH 6.8 000/143] 6.8.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.6 release. There are 143 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.6-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.6-rc1 Ma Jun <Jun.Ma2(a)amd.com> Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Borislav Petkov (AMD) <bp(a)alien8.de> x86/vdso: Fix rethunk patching for vdso-image-x32.o too Vasiliy Kovalev <kovalev(a)altlinux.org> VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Florian Westphal <fw(a)strlen.de> net: mpls: error out if inner headers are not set Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btintel: Fixe build regression Dave Airlie <airlied(a)gmail.com> nouveau: fix devinit paths to only handle display on GSP. Gwendal Grignou <gwendal(a)chromium.org> platform/x86: intel-vbtn: Update tablet mode switch at end of probe David McFarland <corngood(a)gmail.com> platform/x86/intel/hid: Don't wake on 5-button releases Kees Cook <keescook(a)chromium.org> randomize_kstack: Improve entropy diffusion Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect encoder context list Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: adding lock to protect decoder context list Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: mediatek: vcodec: Fix oops when HEVC init fails Ard Biesheuvel <ardb(a)kernel.org> gcc-plugins/stackleak: Avoid .head.text section Ahmad Rehman <Ahmad.Rehman(a)amd.com> drm/amdgpu: Init zone device and drm client after mode-1 reset on reload Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Roman Smirnov <r.smirnov(a)omp.ru> fbmon: prevent division by zero in fb_videomode_from_videomode() Jiawei Fu (iBug) <i(a)ibugone.com> drivers/nvme: Add quirks for device 126f:2262 Max Kellermann <max.kellermann(a)ionos.com> modpost: fix null pointer dereference Jens Axboe <axboe(a)kernel.dk> io_uring: clear opcode specific data for an early failure Aleksandr Burakov <a.burakov(a)rosalinux.ru> fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: attempt to inflate the memory balloon on PVH Chancel Liu <chancel.liu(a)nxp.com> ASoC: soc-core.c: Skip dummy codec when adding platforms Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/of: Assume polling-delay(-passive) 0 when absent M Cooley <m.cooley.198(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Colin Ian King <colin.i.king(a)gmail.com> usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Marco Felsch <m.felsch(a)pengutronix.de> usb: typec: tcpci: add generic tcpci fallback compatible Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Keep the domain powered when USB4 port is in redrive mode Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_of: Drop quirk fot NPCM from 8250_port Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Limit read size on v1.2 Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: refactor the check for a valid buffer in the pump worker Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities read Luca Weiss <luca.weiss(a)fairphone.com> usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk Tejun Heo <tj(a)kernel.org> kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Jeffrey Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Petre Rodan <petre.rodan(a)subdimension.ro> tools: iio: replace seekdir() in iio_generic_buffer linke li <lilinke99(a)qq.com> ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Matt Scialabba <matt.git(a)fastmail.fm> Input: xpad - add support for Snakebyte GAMEPADs Ricardo B. Marliere <ricardo(a)marliere.net> ktest: force $buildonly = 1 for 'make_warnings_file' test type Jichi Zhang <i(a)jichi.ca> ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Discard erroneous branch entries Alban Boyé <alban.boye(a)protonmail.com> platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet SungHwan Jung <onenowy(a)gmail.com> platform/x86: acer-wmi: Add predator_v4 module parameter SungHwan Jung <onenowy(a)gmail.com> platform/x86: acer-wmi: Add support for Acer PH16-71 Gergo Koteles <soyer(a)irl.hu> Input: allocate keycode for Display refresh rate toggle Duje Mihanović <duje.mihanovic(a)skole.hr> Input: imagis - use FIELD_GET where applicable Manjunath Patil <manjunath.b.patil(a)oracle.com> RDMA/cm: add timeout to cm_destroy_id wait Roman Smirnov <r.smirnov(a)omp.ru> block: prevent division by zero in blk_rq_stat_sum() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Markuss Broks <markuss.broks(a)gmail.com> input/touchscreen: imagis: Correct the maximum touch area value Tom Zanussi <tom.zanussi(a)linux.intel.com> crypto: iaa - Fix async_disable descriptor leak Ian Rogers <irogers(a)google.com> libperf evlist: Avoid out-of-bounds access Daniel Drake <drake(a)endlessos.org> Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Daniel Drake <drake(a)endlessos.org> PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Dai Ngo <dai.ngo(a)oracle.com> SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Shradha Gupta <shradhagupta(a)linux.microsoft.com> drm: Check output polling initialized before disabling Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: input: avoid polling stylus battery on Chromebook Pompom Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Koby Elbaz <kelbaz(a)habana.ai> accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Fix nanosec stat overflow Ye Bin <yebin10(a)huawei.com> ext4: forbid commit inconsistent quota data when errors=remount-ro Zhang Yi <yi.zhang(a)huawei.com> ext4: add a hint for block bitmap corrupt state in mb_groups Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Populate board selection with new I2S entries Josh Poimboeuf <jpoimboe(a)kernel.org> x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o Tony Lindgren <tony(a)atomide.com> drm/panel: simple: Add BOE BP082WX1-100 8.2" panel Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Arnd Bergmann <arnd(a)arndb.de> media: sta2x11: fix irq handler cast Mike Marshall <hubcap(a)omnibond.com> Julia Lawall reported this null pointer dereference, this should fix it. Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Repair RCU Tasks Trace quiescence check Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() mosomate <mosomate(a)gmail.com> ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Brent Lu <brent.lu(a)intel.com> ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards Alex Henrie <alexhenrie24(a)gmail.com> isofs: handle CDs with bad root inode but good Joliet root directory Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Disable idle reallow as part of command/gpint execution Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> sysv: don't call sb_bread() with pointers_lock held Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz Eric Chanudet <echanude(a)redhat.com> scsi: ufs: qcom: Avoid re-init quirk when gears match Christian König <christian.koenig(a)amd.com> drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: SOF: amd: Optimize quirk for Valve Galileo Samuel Dionne-Riel <samuel(a)dionne-riel.com> drm: panel-orientation-quirks: Add quirk for GPD Win Mini Kunwu Chan <chentao(a)kylinos.cn> Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Stanley.Yang <Stanley.Yang(a)amd.com> drm/amdgpu: Skip do PCI error slot reset during RAS recovery Vignesh Raman <vignesh.raman(a)collabora.com> drm/ci: uprev mesa version: fix kdl commit fetch Maíra Canal <mcanal(a)igalia.com> drm/vc4: don't check if plane->state->fb == state->fb Vinicius Peixoto <nukelet64(a)gmail.com> Bluetooth: Add new quirk for broken read key length on ATS2851 Takashi Iwai <tiwai(a)suse.de> Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Edward Adam Davis <eadavis(a)qq.com> Bluetooth: btintel: Fix null ptr deref in btintel_read_version Jakub Kicinski <kuba(a)kernel.org> netdev: let netlink core handle -EMSGSIZE errors Eric Dumazet <edumazet(a)google.com> net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Jacob Keller <jacob.e.keller(a)intel.com> ice: use relative VSI index for VFs instead of PF VSI number David Sterba <dsterba(a)suse.com> btrfs: send: handle path ref underflow in header iterate_inode_ref() David Sterba <dsterba(a)suse.com> btrfs: export: handle invalid inode or root reference in btrfs_get_parent() David Sterba <dsterba(a)suse.com> btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check A-MSDU format more carefully Takashi Iwai <tiwai(a)suse.de> wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Kees Cook <keescook(a)chromium.org> overflow: Allow non-type arg to type_max() and type_min() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Don't unregister cpufreq cooling on CPU hotplug Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: decrease MHI channel buffer length to 8KB Rick Edgecombe <rick.p.edgecombe(a)intel.com> dma-direct: Leak pages on dma_set_decrypted() failure Serge Semin <fancer.lancer(a)gmail.com> net: pcs: xpcs: Return EINVAL in the internal methods Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Kunwu Chan <chentao(a)kylinos.cn> pstore/zone: Add a null pointer check to the psz_kmsg_read Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration() Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: add locking for accessing mapped registers Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: disable AMSDU for non-data frames Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add locking for accessing mapped registers Hans de Goede <hdegoede(a)redhat.com> wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Markus Elfring <elfring(a)users.sourceforge.net> firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Florian Westphal <fw(a)strlen.de> net: skbuff: add overflow debug check to pull/push helpers Shannon Nelson <shannon.nelson(a)amd.com> ionic: set adminq irq affinity Sviatoslav Harasymchuk <sviatoslav.harasymchuk(a)gmail.com> ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA Adam Ford <aford173(a)gmail.com> pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected Eric Dumazet <edumazet(a)google.com> net: add netdev_lockdep_set_classes() to virtual drivers Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3399 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix rk3328 hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk322x hdmi ports node Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix rk3288 hdmi ports node C Cheng <C.Cheng(a)mediatek.com> cpuidle: Avoid potential overflow in integer multiplication Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add new PCI device id and CNVI John Ogness <john.ogness(a)linutronix.de> dump_stack: Do not get cpu_sync for panic CPU John Ogness <john.ogness(a)linutronix.de> panic: Flush kernel log buffer at the end John Ogness <john.ogness(a)linutronix.de> printk: For @suppress_panic_printk check for other CPU in panic Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb2210-rb1: disable cluster power domains Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: qca8k: put MDIO controller OF node if unavailable Hui Liu <quic_huliu(a)quicinc.com> arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: pcie: Add the PCI device id for new hardware Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: validate RX tag for RXQ and RPQ Andre Werner <andre.werner(a)systec-electronic.com> net: phy: phy_device: Prevent nullptr exceptions on ISR Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> net: stmmac: dwmac-starfive: Add support for JH7100 SoC Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Improve exception handling in batadv_throw_uevent() Markus Elfring <elfring(a)users.sourceforge.net> batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Kees Cook <keescook(a)chromium.org> bnx2x: Fix firmware version string character counts Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: fix null pointer access when abort scan Dmitry Antipov <dmantipov(a)yandex.ru> wifi: ath9k: fix LNA selection in ath_ant_try_scan() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++-- arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++- arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 28 +++++++ arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 17 +++++ arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 18 +++++ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++- arch/x86/entry/vdso/Makefile | 10 ++- arch/x86/events/amd/lbr.c | 6 +- arch/x86/include/asm/xen/hypervisor.h | 5 ++ arch/x86/pci/fixup.c | 48 ++++++++++++ arch/x86/platform/pvh/enlighten.c | 3 + arch/x86/xen/enlighten.c | 32 ++++++++ arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++ arch/x86/xen/setup.c | 44 ----------- arch/x86/xen/xen-ops.h | 14 ++++ block/blk-stat.c | 2 +- drivers/accel/habanalabs/common/habanalabs.h | 2 +- drivers/acpi/resource.c | 7 ++ drivers/acpi/sleep.c | 12 --- drivers/acpi/x86/utils.c | 38 +++++++++- drivers/bluetooth/btintel.c | 2 +- drivers/bluetooth/btmtk.c | 1 + drivers/bluetooth/btmtk.h | 1 + drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/init.c | 1 + drivers/bus/mhi/host/internal.h | 9 ++- drivers/bus/mhi/host/pm.c | 20 ++++- drivers/cpufreq/cpufreq.c | 17 +++-- drivers/cpuidle/driver.c | 3 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- drivers/firmware/tegra/bpmp-debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 ++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 +- drivers/gpu/drm/amd/display/dc/dc.h | 1 + drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 1 + .../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +- drivers/gpu/drm/ci/gitlab-ci.yml | 14 +++- drivers/gpu/drm/ci/test.yml | 1 + drivers/gpu/drm/drm_modeset_helper.c | 19 ++++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++ drivers/gpu/drm/drm_probe_helper.c | 13 +++- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm107.c | 12 ++- drivers/gpu/drm/nouveau/nvkm/subdev/devinit/r535.c | 1 + drivers/gpu/drm/panel/panel-simple.c | 20 +++++ drivers/gpu/drm/ttm/ttm_bo.c | 7 +- drivers/gpu/drm/vc4/vc4_plane.c | 5 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-input.c | 2 + drivers/i2c/busses/i2c-designware-core.h | 2 +- drivers/infiniband/core/cm.c | 20 ++++- drivers/input/joystick/xpad.c | 3 + drivers/input/rmi4/rmi_driver.c | 6 +- drivers/input/touchscreen/imagis.c | 20 ++--- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 22 +++--- drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +-- .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++ .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 + .../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 + .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++ .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 + .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 + drivers/misc/vmw_vmci/vmci_datagram.c | 6 +- drivers/net/dsa/qca/qca8k-8xxx.c | 3 +- drivers/net/dummy.c | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++-- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +-- drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +- .../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++- drivers/net/geneve.c | 1 + drivers/net/loopback.c | 1 + drivers/net/pcs/pcs-xpcs.c | 4 +- drivers/net/phy/phy_device.c | 13 ++-- drivers/net/veth.c | 1 + drivers/net/vxlan/vxlan_core.c | 1 + drivers/net/wireless/ath/ath11k/mhi.c | 2 +- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++ drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++ drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 + drivers/net/wireless/intel/iwlwifi/cfg/sc.c | 38 +++++++++- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 8 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 +++- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++-- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------ drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/pci.c | 60 +++++++++++++-- drivers/net/wireless/realtek/rtw89/pci.h | 6 +- drivers/net/wireless/realtek/rtw89/rtw8851be.c | 2 + drivers/net/wireless/realtek/rtw89/rtw8852ae.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8852be.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8852ce.c | 1 + drivers/net/wireless/realtek/rtw89/rtw8922ae.c | 1 + drivers/nvme/host/pci.c | 3 + drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++- drivers/pinctrl/renesas/core.c | 4 +- drivers/platform/x86/acer-wmi.c | 17 ++++- drivers/platform/x86/intel/hid.c | 7 +- drivers/platform/x86/intel/vbtn.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 9 +++ drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +-- drivers/pmdomain/ti/omap_prm.c | 2 + drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +- drivers/soundwire/dmi-quirks.c | 8 ++ drivers/thermal/thermal_of.c | 12 ++- drivers/thunderbolt/quirks.c | 14 ++++ drivers/thunderbolt/tb.c | 49 ++++++++++++- drivers/thunderbolt/tb.h | 4 + drivers/thunderbolt/tunnel.c | 16 ++-- drivers/tty/serial/8250/8250_of.c | 44 ++++++++++- drivers/tty/serial/8250/8250_port.c | 24 ------ drivers/ufs/host/ufs-qcom.c | 13 +++- drivers/usb/gadget/function/uvc_video.c | 10 ++- drivers/usb/host/sl811-hcd.c | 2 + drivers/usb/typec/tcpm/tcpci.c | 1 + drivers/usb/typec/ucsi/ucsi.c | 26 ++++++- drivers/usb/typec/ucsi/ucsi.h | 11 +++ drivers/usb/typec/ucsi/ucsi_glink.c | 1 + drivers/video/fbdev/core/fbmon.c | 7 +- drivers/video/fbdev/via/accel.c | 4 +- drivers/xen/balloon.c | 2 - fs/btrfs/export.c | 9 ++- fs/btrfs/send.c | 10 ++- fs/btrfs/volumes.c | 12 ++- fs/ext4/mballoc.c | 5 +- fs/ext4/super.c | 12 +++ fs/isofs/inode.c | 18 ++++- fs/kernfs/dir.c | 31 +++++--- fs/kernfs/kernfs-internal.h | 2 + fs/orangefs/super.c | 2 +- fs/pstore/zone.c | 2 + fs/sysv/itree.c | 10 +-- include/acpi/acpi_bus.h | 22 +++--- include/linux/kernfs.h | 2 + include/linux/overflow.h | 12 +-- include/linux/printk.h | 2 + include/linux/randomize_kstack.h | 2 +- include/linux/rcupdate.h | 4 +- include/linux/skbuff.h | 11 +++ include/linux/sunrpc/sched.h | 2 +- include/net/bluetooth/hci.h | 8 ++ include/uapi/linux/input-event-codes.h | 1 + io_uring/io_uring.c | 25 ++++--- kernel/dma/direct.c | 9 ++- kernel/panic.c | 8 ++ kernel/printk/internal.h | 1 - kernel/printk/printk.c | 3 +- kernel/rcu/tree_nocb.h | 2 +- kernel/trace/ring_buffer.c | 2 +- lib/dump_stack.c | 16 +++- net/batman-adv/distributed-arp-table.c | 3 +- net/batman-adv/main.c | 14 ++-- net/bluetooth/hci_event.c | 3 +- net/core/netdev-genl.c | 15 +--- net/core/page_pool_user.c | 2 - net/ipv4/ip_tunnel.c | 1 + net/ipv6/ip6_gre.c | 2 + net/ipv6/ip6_tunnel.c | 1 + net/ipv6/ip6_vti.c | 1 + net/ipv6/sit.c | 1 + net/mpls/mpls_gso.c | 3 + net/smc/smc_pnet.c | 10 +++ net/wireless/util.c | 14 +++- scripts/gcc-plugins/stackleak_plugin.c | 2 + scripts/mod/modpost.c | 4 +- sound/firewire/amdtp-stream.c | 12 ++- sound/firewire/amdtp-stream.h | 4 + sound/pci/hda/patch_realtek.c | 12 +++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++ sound/soc/intel/boards/sof_rt5682.c | 40 ---------- sound/soc/intel/boards/sof_sdw.c | 11 +++ sound/soc/soc-core.c | 3 + sound/soc/sof/amd/acp.c | 3 +- tools/iio/iio_utils.c | 2 +- tools/lib/perf/evlist.c | 18 +++-- tools/lib/perf/include/internal/evlist.h | 4 +- .../x86_energy_perf_policy.c | 1 + tools/testing/ktest/ktest.pl | 1 + 192 files changed, 1536 insertions(+), 459 deletions(-)

1 year, 5 months

11
154
0 0

[PATCH v2] arm64: dts: qcom: sa8155p-adp: fix SDHC2 configuration

by Volodymyr Babchuk

There are multiple issues with SDHC2 configuration for SA8155P-ADP, which prevent use of SDHC2 and causes issues with ethernet: - Card Detect pin for SHDC2 on SA8155P-ADP is connected to gpio4 of PMM8155AU_1, not to SoC itself. SoC's gpio4 is used for DWMAC TX. If sdhc driver probes after dwmac driver, it reconfigures gpio4 and this breaks Ethernet MAC. - pinctrl configuration mentions gpio96 as CD pin. It seems it was copied from some SM8150 example, because as mentioned above, correct CD pin is gpio4 on PMM8155AU_1. - L13C voltage regulator limits minimal voltage to 2.504V, which prevents use 1.8V to power SD card, which in turns does not allow card to work in UHS mode. This patch fixes all the mentioned issues. Fixes: 0deb2624e2d0 ("arm64: dts: qcom: sa8155p-adp: Add support for uSD card") Cc: stable(a)vger.kernel.org Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk(a)epam.com> --- In v2: - Added "Fixes:" tag - CCed stable ML - Fixed pinctrl configuration - Extended voltage range for L13C voltage regulator --- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 32 +++++++++++------------- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts index 5e4287f8c8cd1..b9d56bda96759 100644 --- a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts +++ b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts @@ -283,7 +283,7 @@ vreg_l12c_1p808: ldo12 { vreg_l13c_2p96: ldo13 { regulator-name = "vreg_l13c_2p96"; - regulator-min-microvolt = <2504000>; + regulator-min-microvolt = <1800000>; regulator-max-microvolt = <2960000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; }; @@ -384,10 +384,10 @@ &remoteproc_cdsp { &sdhc_2 { status = "okay"; - cd-gpios = <&tlmm 4 GPIO_ACTIVE_LOW>; + cd-gpios = <&pmm8155au_1_gpios 4 GPIO_ACTIVE_LOW>; pinctrl-names = "default", "sleep"; - pinctrl-0 = <&sdc2_on>; - pinctrl-1 = <&sdc2_off>; + pinctrl-0 = <&sdc2_on &pmm8155au_1_sdc2_cd>; + pinctrl-1 = <&sdc2_off &pmm8155au_1_sdc2_cd>; vqmmc-supply = <&vreg_l13c_2p96>; /* IO line power */ vmmc-supply = <&vreg_l17a_2p96>; /* Card power line */ bus-width = <4>; @@ -505,13 +505,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <16>; /* 16 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; sdc2_off: sdc2-off-state { @@ -532,13 +525,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <2>; /* 2 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; usb2phy_ac_en1_default: usb2phy-ac-en1-default-state { @@ -604,3 +590,13 @@ phy-reset-pins { }; }; }; + +&pmm8155au_1_gpios { + pmm8155au_1_sdc2_cd: pmm8155au_1-sdc2-cd { + pins = "gpio4"; + function = "normal"; + input-enable; + bias-pull-up; + power-source = <0>; + }; +}; -- 2.44.0

1 year, 5 months

3
4
0 0

[PATCH] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm() happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> # for arm64 Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> # for x86 Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: linux-arch(a)vger.kernel.org Cc: linux-mm(a)kvack.org Cc: x86(a)kernel.org --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index 0216f63a366b..d0795b5fab46 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> #endif /* _ASM_X86_BARRIER_H */ diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 961f4d88f9ef..5a6c94d7a598 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -296,5 +296,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 001fe047bd5d..35717359d3ca 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3445,13 +3447,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.25.1

1 year, 5 months

2
2
0 0

[PATCH 1/3] tracing/kprobes: Fix symbol counting logic by looking at modules as well

by Maxime MERE

From: Andrii Nakryiko <andrii(a)kernel.org> Recent changes to count number of matching symbols when creating a kprobe event failed to take into account kernel modules. As such, it breaks kprobes on kernel module symbols, by assuming there is no match. Fix this my calling module_kallsyms_on_each_symbol() in addition to kallsyms_on_each_match_symbol() to perform a proper counting. Link: https://lore.kernel.org/all/20231027233126.2073148-1-andrii@kernel.org/ Cc: Francis Laniel <flaniel(a)linux.microsoft.com> Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Fixes: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Song Liu <song(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> --- kernel/trace/trace_kprobe.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 95c5b0668cb7..e834f149695b 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -714,14 +714,30 @@ static int count_symbols(void *data, unsigned long unused) return 0; } +struct sym_count_ctx { + unsigned int count; + const char *name; +}; + +static int count_mod_symbols(void *data, const char *name, unsigned long unused) +{ + struct sym_count_ctx *ctx = data; + + if (strcmp(name, ctx->name) == 0) + ctx->count++; + + return 0; +} + static unsigned int number_of_same_symbols(char *func_name) { - unsigned int count; + struct sym_count_ctx ctx = { .count = 0, .name = func_name }; + + kallsyms_on_each_match_symbol(count_symbols, func_name, &ctx.count); - count = 0; - kallsyms_on_each_match_symbol(count_symbols, func_name, &count); + module_kallsyms_on_each_symbol(NULL, count_mod_symbols, &ctx); - return count; + return ctx.count; } static int __trace_kprobe_create(int argc, const char *argv[]) -- 2.25.1

1 year, 5 months

2
2
0 0

[for-linus][PATCH 4/4] ring-buffer: Only update pages_touched when a new page is touched

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The "buffer_percent" logic that is used by the ring buffer splice code to only wake up the tasks when there's no data after the buffer is filled to the percentage of the "buffer_percent" file is dependent on three variables that determine the amount of data that is in the ring buffer: 1) pages_read - incremented whenever a new sub-buffer is consumed 2) pages_lost - incremented every time a writer overwrites a sub-buffer 3) pages_touched - incremented when a write goes to a new sub-buffer The percentage is the calculation of: (pages_touched - (pages_lost + pages_read)) / nr_pages Basically, the amount of data is the total number of sub-bufs that have been touched, minus the number of sub-bufs lost and sub-bufs consumed. This is divided by the total count to give the buffer percentage. When the percentage is greater than the value in the "buffer_percent" file, it wakes up splice readers waiting for that amount. It was observed that over time, the amount read from the splice was constantly decreasing the longer the trace was running. That is, if one asked for 60%, it would read over 60% when it first starts tracing, but then it would be woken up at under 60% and would slowly decrease the amount of data read after being woken up, where the amount becomes much less than the buffer percent. This was due to an accounting of the pages_touched incrementation. This value is incremented whenever a writer transfers to a new sub-buffer. But the place where it was incremented was incorrect. If a writer overflowed the current sub-buffer it would go to the next one. If it gets preempted by an interrupt at that time, and the interrupt performs a trace, it too will end up going to the next sub-buffer. But only one should increment the counter. Unfortunately, that was not the case. Change the cmpxchg() that does the real switch of the tail-page into a try_cmpxchg(), and on success, perform the increment of pages_touched. This will only increment the counter once for when the writer moves to a new sub-buffer, and not when there's a race and is incremented for when a writer and its preempting writer both move to the same new sub-buffer. Link: https://lore.kernel.org/linux-trace-kernel/20240409151309.0d0e5056@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 25476ead681b..6511dc3a00da 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1393,7 +1393,6 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write); old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries); - local_inc(&cpu_buffer->pages_touched); /* * Just make sure we have seen our old_write and synchronize * with any interrupts that come in. @@ -1430,8 +1429,9 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, */ local_set(&next_page->page->commit, 0); - /* Again, either we update tail_page or an interrupt does */ - (void)cmpxchg(&cpu_buffer->tail_page, tail_page, next_page); + /* Either we update tail_page or an interrupt does */ + if (try_cmpxchg(&cpu_buffer->tail_page, &tail_page, next_page)) + local_inc(&cpu_buffer->pages_touched); } } -- 2.43.0

1 year, 5 months

1
0
0 0

[tip: timers/urgent] selftests: timers: Fix posix_timers ksft_print_msg() warning

by tip-bot2 for John Stultz

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: e4a6bceac98eba3c00e874892736b34ea5fdaca3 Gitweb: https://git.kernel.org/tip/e4a6bceac98eba3c00e874892736b34ea5fdaca3 Author: John Stultz <jstultz(a)google.com> AuthorDate: Wed, 10 Apr 2024 16:26:28 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: timers: Fix posix_timers ksft_print_msg() warning After commit 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") the following warning occurs when building with an older gcc: posix_timers.c:250:2: warning: format not a string literal and no format arguments [-Wformat-security] 250 | ksft_print_msg(errmsg); | ^~~~~~~~~~~~~~ Fix this up by changing it to ksft_print_msg("%s", errmsg) Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Justin Stitt <justinstitt(a)google.com> Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240410232637.4135564-1-jstultz@google.com --- tools/testing/selftests/timers/posix_timers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c index d86a0e0..348f471 100644 --- a/tools/testing/selftests/timers/posix_timers.c +++ b/tools/testing/selftests/timers/posix_timers.c @@ -247,7 +247,7 @@ static int check_timer_distribution(void) ksft_test_result_skip("check signal distribution (old kernel)\n"); return 0; err: - ksft_print_msg(errmsg); + ksft_print_msg("%s", errmsg); return -1; }

1 year, 5 months

1
0
0 0

[tip: timers/urgent] selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn

by tip-bot2 for Nathan Chancellor

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: f7d5bcd35d427daac7e206b1073ca14f5db85c27 Gitweb: https://git.kernel.org/tip/f7d5bcd35d427daac7e206b1073ca14f5db85c27 Author: Nathan Chancellor <nathan(a)kernel.org> AuthorDate: Thu, 11 Apr 2024 11:45:40 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn After commit 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()"), clang warns: tools/testing/selftests/timers/../kselftest.h:398:6: warning: variable 'major' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized] 398 | if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2) | ^~~~~~~~~~~~ tools/testing/selftests/timers/../kselftest.h:401:9: note: uninitialized use occurs here 401 | return major > min_major || (major == min_major && minor >= min_minor); | ^~~~~ tools/testing/selftests/timers/../kselftest.h:398:6: note: remove the '||' if its condition is always false 398 | if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2) | ^~~~~~~~~~~~~~~ tools/testing/selftests/timers/../kselftest.h:395:20: note: initialize the variable 'major' to silence this warning 395 | unsigned int major, minor; | ^ | = 0 This is a false positive because if uname() fails, ksft_exit_fail_msg() will be called, which unconditionally calls exit(), a noreturn function. However, clang does not know that ksft_exit_fail_msg() will call exit() at the point in the pipeline that the warning is emitted because inlining has not occurred, so it assumes control flow will resume normally after ksft_exit_fail_msg() is called. Make it clear to clang that all of the functions that call exit() unconditionally in kselftest.h are noreturn transitively by marking them explicitly with '__attribute__((__noreturn__))', which clears up the warning above and any future warnings that may appear for the same reason. Fixes: 6d029c25b71f ("selftests/timers/posix_timers: Reimplement check_timer_distribution()") Reported-by: John Stultz <jstultz(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240411-mark-kselftest-exit-funcs-noreturn-v1-1-… Closes: https://lore.kernel.org/all/20240410232637.4135564-2-jstultz@google.com/ --- tools/testing/selftests/kselftest.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index 973b18e..0591974 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -80,6 +80,9 @@ #define KSFT_XPASS 3 #define KSFT_SKIP 4 +#ifndef __noreturn +#define __noreturn __attribute__((__noreturn__)) +#endif #define __printf(a, b) __attribute__((format(printf, a, b))) /* counters */ @@ -300,13 +303,13 @@ void ksft_test_result_code(int exit_code, const char *test_name, va_end(args); } -static inline int ksft_exit_pass(void) +static inline __noreturn int ksft_exit_pass(void) { ksft_print_cnts(); exit(KSFT_PASS); } -static inline int ksft_exit_fail(void) +static inline __noreturn int ksft_exit_fail(void) { ksft_print_cnts(); exit(KSFT_FAIL); @@ -333,7 +336,7 @@ static inline int ksft_exit_fail(void) ksft_cnt.ksft_xfail + \ ksft_cnt.ksft_xskip) -static inline __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) +static inline __noreturn __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) { int saved_errno = errno; va_list args; @@ -348,19 +351,19 @@ static inline __printf(1, 2) int ksft_exit_fail_msg(const char *msg, ...) exit(KSFT_FAIL); } -static inline int ksft_exit_xfail(void) +static inline __noreturn int ksft_exit_xfail(void) { ksft_print_cnts(); exit(KSFT_XFAIL); } -static inline int ksft_exit_xpass(void) +static inline __noreturn int ksft_exit_xpass(void) { ksft_print_cnts(); exit(KSFT_XPASS); } -static inline __printf(1, 2) int ksft_exit_skip(const char *msg, ...) +static inline __noreturn __printf(1, 2) int ksft_exit_skip(const char *msg, ...) { int saved_errno = errno; va_list args;

1 year, 5 months

1
0
0 0

[tip: timers/urgent] selftests: timers: Fix abs() warning in posix_timers test

by tip-bot2 for John Stultz

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: ed366de8ec89d4f960d66c85fc37d9de22f7bf6d Gitweb: https://git.kernel.org/tip/ed366de8ec89d4f960d66c85fc37d9de22f7bf6d Author: John Stultz <jstultz(a)google.com> AuthorDate: Wed, 10 Apr 2024 16:26:30 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 12 Apr 2024 14:11:15 +02:00 selftests: timers: Fix abs() warning in posix_timers test Building with clang results in the following warning: posix_timers.c:69:6: warning: absolute value function 'abs' given an argument of type 'long long' but has parameter of type 'int' which may cause truncation of value [-Wabsolute-value] if (abs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { ^ So switch to using llabs() instead. Fixes: 0bc4b0cf1570 ("selftests: add basic posix timers selftests") Signed-off-by: John Stultz <jstultz(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240410232637.4135564-3-jstultz@google.com --- tools/testing/selftests/timers/posix_timers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c index 348f471..c001dd7 100644 --- a/tools/testing/selftests/timers/posix_timers.c +++ b/tools/testing/selftests/timers/posix_timers.c @@ -66,7 +66,7 @@ static int check_diff(struct timeval start, struct timeval end) diff = end.tv_usec - start.tv_usec; diff += (end.tv_sec - start.tv_sec) * USECS_PER_SEC; - if (abs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { + if (llabs(diff - DELAY * USECS_PER_SEC) > USECS_PER_SEC / 2) { printf("Diff too high: %lld..", diff); return -1; }

1 year, 5 months

1
0
0 0

[PATCH] phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6

by Johan Hovold

Commit 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") fixed a regression introduced in 6.5 by making sure that the correct offset is used for the DP_PHY_VCO_DIV register on v3 hardware. Unfortunately, that fix instead broke DisplayPort on v5_5nm and v6 hardware as it failed to add the corresponding offsets also to those register tables. Fixes: 815891eee668 ("phy: qcom-qmp-combo: Introduce orientation variable") Fixes: 5abed58a8bde ("phy: qcom: qmp-combo: Fix VCO div offset on v3") Cc: stable(a)vger.kernel.org # 6.5: 5abed58a8bde Cc: Stephen Boyd <swboyd(a)chromium.org> Cc: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 2 ++ drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h | 1 + drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h | 1 + 3 files changed, 4 insertions(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c index a03b6f6881df..e48e87c3cb05 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c @@ -153,6 +153,7 @@ static const unsigned int qmp_v5_5nm_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V5_COM_BIAS_EN_CLKBUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V5_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V5_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V5_5NM_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V5_5NM_TX_TX_DRV_LVL, @@ -177,6 +178,7 @@ static const unsigned int qmp_v6_usb3phy_regs_layout[QPHY_LAYOUT_SIZE] = { [QPHY_COM_BIAS_EN_CLKBUFLR_EN] = QSERDES_V6_COM_PLL_BIAS_EN_CLK_BUFLR_EN, [QPHY_DP_PHY_STATUS] = QSERDES_V6_DP_PHY_STATUS, + [QPHY_DP_PHY_VCO_DIV] = QSERDES_V6_DP_PHY_VCO_DIV, [QPHY_TX_TX_POL_INV] = QSERDES_V6_TX_TX_POL_INV, [QPHY_TX_TX_DRV_LVL] = QSERDES_V6_TX_TX_DRV_LVL, diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h index f5cfacf9be96..181057421c11 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v5.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V5_H_ /* Only for QMP V5 PHY - DP PHY registers */ +#define QSERDES_V5_DP_PHY_VCO_DIV 0x070 #define QSERDES_V5_DP_PHY_AUX_INTERRUPT_STATUS 0x0d8 #define QSERDES_V5_DP_PHY_STATUS 0x0dc diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h index 01a20d3be4b8..fa967a1af058 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h +++ b/drivers/phy/qualcomm/phy-qcom-qmp-dp-phy-v6.h @@ -7,6 +7,7 @@ #define QCOM_PHY_QMP_DP_PHY_V6_H_ /* Only for QMP V6 PHY - DP PHY registers */ +#define QSERDES_V6_DP_PHY_VCO_DIV 0x070 #define QSERDES_V6_DP_PHY_AUX_INTERRUPT_STATUS 0x0e0 #define QSERDES_V6_DP_PHY_STATUS 0x0e4 -- 2.43.2

1 year, 5 months

5
4
0 0

[PATCH RESEND] bootconfig: use memblock_free_late to free xbc memory to buddy

by qiang4.zhang＠linux.intel.com

From: Qiang Zhang <qiang4.zhang(a)intel.com> On the time to free xbc memory, memblock has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== Cc: Stable(a)vger.kernel.org Signed-off-by: Qiang Zhang <qiang4.zhang(a)intel.com> --- lib/bootconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bootconfig.c b/lib/bootconfig.c index c59d26068a64..4524ee944df0 100644 --- a/lib/bootconfig.c +++ b/lib/bootconfig.c @@ -63,7 +63,7 @@ static inline void * __init xbc_alloc_mem(size_t size) static inline void __init xbc_free_mem(void *addr, size_t size) { - memblock_free(addr, size); + memblock_free_late(__pa(addr), size); } #else /* !__KERNEL__ */ -- 2.39.2

1 year, 5 months

3
2
0 0

RE: [PATCH 6.8 000/143] 6.8.6-rc1 review

by Chris Rankin

The SCSI sg driver oopsed on my 6.8.4 kernel, and I noticed that a patch (presumably) to fix this was pulled from 6.8.5. However, I also noticed this email: >> Reverted this patch and I couldn't see the reposted warning. >> scsi: sg: Avoid sg device teardown race >> [ Upstream commit 27f58c04a8f438078583041468ec60597841284d ] > > Fix is here: > > https://git.kernel.org/mkp/scsi/c/d4e655c49f47 Is this unsuitable for 6.8.6 please? Thanks, Chris

1 year, 5 months

3
7
0 0

[PATCH 6.8 000/399] 6.8.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.3 release. There are 399 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.3-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.3-rc1 Natanael Copa <ncopa(a)alpinelinux.org> tools/resolve_btfids: fix build with musl libc Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Skip ROM range scans and validation for SEV-SNP guests Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix disk not being scanned in after being removed Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Drop duplicate ID Dave Hansen <dave.hansen(a)linux.intel.com> Revert "x86/bugs: Use fixed addressing for VERW operand" Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use fixed addressing for VERW operand Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amd/display: fix IPX enablement Baoquan He <bhe(a)redhat.com> crash: use macro to add crashk_res into iomem early for specific arch Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of the ha->vp_map pointer Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi_acpi: Refactor and fix DELL quirk Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Kyle Tso <kyletso(a)google.com> usb: typec: Return size of buffer if pd_set operation succeeds Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Update PD of Type-C port upon pd_set Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Correct port source pdo array in pd_set callback Xu Yang <xu.yang_2(a)nxp.com> usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in port "disable" sysfs attribute Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Properly set system wakeup Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Fix TCG OPAL unlock on system resume Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> scsi: ufs: qcom: Provide default cycles_in_1us value Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Make wake once of ring_buffer_wait() more robust Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Make sure migration file isn't accessed after reset Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Yongzhi Liu <hyperlyzcs(a)gmail.com> usb: misc: ljca: Fix double free in error handling path Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> mtd: spinand: Add support for 5-byte IDs Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Roman Li <roman.li(a)amd.com> drm/amd/display: Fix bounds check for dcn35 DcfClocks Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Jonathon Hall <jonathon.hall(a)puri.sm> drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsb: Fix DSB vblank waits when using VRR Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Generate VRR "safe window" for DSB Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/vma: Fix UAF on destroy against retire race Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/hwmon: Fix locking inversion in sysfs getter Xi Liu <xi.liu(a)amd.com> drm/amd/display: Set DCN351 BB and IP the same as DCN35 George Shen <george.shen(a)amd.com> drm/amd/display: Remove MPC rate control logic from DCN30 and above Johannes Weiner <hannes(a)cmpxchg.org> drm/amdgpu: fix deadlock while reading mqd from debugfs Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Jocelyn Falempe <jfalempe(a)redhat.com> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau Matthew Auld <matthew.auld(a)intel.com> drm/xe/query: fix gt_id bounds check Christian Marangi <ansuelsmth(a)gmail.com> net: phy: qcom: at803x: fix kernel panic with at8031_probe Herve Codina <herve.codina(a)bootlin.com> net: wan: framer: Add missing static inline qualifiers Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Duoming Zhou <duoming(a)zju.edu.cn> nouveau/dmem: handle kcalloc() allocation failure Daniel Lezcano <daniel.lezcano(a)linaro.org> Revert "thermal: core: Don't update trip points inside the hysteresis range" Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Damien Le Moal <dlemoal(a)kernel.org> block: Do not force full zone append completion in req_bio_endio() Liming Sun <limings(a)nvidia.com> sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Romain Naour <romain.naour(a)skf.com> mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Edward Liaw <edliaw(a)google.com> selftests/mm: fix ARM related issue with fork after pthread_create Edward Liaw <edliaw(a)google.com> selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Johannes Weiner <hannes(a)cmpxchg.org> mm: cachestat: fix two shmem bugs Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev: Select I/O-memory framebuffer ops for SBus Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Harry Wentland <harry.wentland(a)amd.com> Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: handle debugfs names more carefully Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: don't always use FW dump trig Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: disable MLO for the time being Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: add a flag to disable wireless extensions Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix use-after-free in do_zone_finish() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: don't skip block groups with 100% zone unusable Tavian Barnes <tavianator(a)tavianator.com> btrfs: fix race in read_extent_buffer_pages() Anand Jain <anand.jain(a)oracle.com> btrfs: validate device maj:min during open Carlos Maiolino <cem(a)kernel.org> tmpfs: fix race on handling dquot rbtree Zev Weiss <zev(a)bewilderbeest.net> ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Zev Weiss <zev(a)bewilderbeest.net> prctl: generalize PR_SET_MDWE support check to be per-arch Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Reinstate soft limit for initrd loading Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Cast away type warning in use of max() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Add missing boot_params for mixed mode compat entry John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Johannes Weiner <hannes(a)cmpxchg.org> mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: add locks to kcontrols Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: remove digital gain kcontrol Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Tom Zanussi <tom.zanussi(a)linux.intel.com> crypto: iaa - Fix nr_cpus < nr_iaa case Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Include the PLL name in the debug messages Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Replace a memset() with zero initialization Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> mfd: intel-lpss: Switch to generalized quirk table Anand Jain <anand.jain(a)oracle.com> btrfs: do not skip re-registration for the mounted device Filipe Manana <fdmanana(a)suse.com> btrfs: fix warning messages not printing interval at unpin_extent_range() David Sterba <dsterba(a)suse.com> btrfs: handle errors returned from unpin_extent_cache() Vitaly Chikunov <vt(a)altlinux.org> selftests/mm: Fix build with _FORTIFY_SOURCE Zoltan HERPAI <wigyori(a)uid0.hu> pwm: img: fix pwm clock lookup Oleksandr Tymoshenko <ovt(a)google.com> efi: fix panic in kdump kernel Adamos Ttofari <attofari(a)amazon.de> x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Thomas Gleixner <tglx(a)linutronix.de> x86/mpparse: Register APIC address only once KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Flush posted write in irq_eoi() John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present Will Deacon <will(a)kernel.org> swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() Will Deacon <will(a)kernel.org> swiotlb: Fix double-allocation of slots due to broken alignment handling André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Yongqiang Liu <liuyongqiang13(a)huawei.com> ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Ard Biesheuvel <ardb(a)kernel.org> ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Fix position dependent variable references in startup code Borislav Petkov (AMD) <bp(a)alien8.de> x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8821cu: Fix connection failure Linus Torvalds <torvalds(a)linux-foundation.org> Fix memory leak in posix_clock_open() Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "add new YC platform variant (0x63) support" Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Call mixed mode boot services on the firmware's stack Eric Biggers <ebiggers(a)google.com> Revert "crypto: pkcs7 - remove sha1 support" Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Audra Mitchell <audra(a)redhat.com> workqueue: Shorten events_freezable_power_efficient name Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Revert Remove pixle rate limit for subvp Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Remove pixle rate limit for subvp Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: clear the EDID property on failures Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: use drm_bridge_edid_read() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: add ->edid_read hook and drm_bridge_edid_read() Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: validate btrfs_qgroup_inherit parameter David Sterba <dsterba(a)suse.com> btrfs: add helper to get fs_info from struct inode pointer David Sterba <dsterba(a)suse.com> btrfs: add helpers to get fs_info from page/folio pointers David Sterba <dsterba(a)suse.com> btrfs: add helpers to get inode from page/folio pointers David Sterba <dsterba(a)suse.com> btrfs: replace sb::s_blocksize by fs_info::sectorsize Matthew Wilcox (Oracle) <willy(a)infradead.org> btrfs: add set_folio_extent_mapped() helper Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for exiting idle in DC Aric Cyr <aric.cyr(a)amd.com> drm/amd/display: Unify optimize_required flags and VRR adjustments Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Make sure the mapped tt pages are decrypted when needed Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: add per-vendor feature detection callback Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Allen Pan <allen.pan(a)amd.com> drm/amd/display: Add a dc_state NULL check in dc_state_release Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Implement wait_for_odm_update_pending_complete Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Lock all enabled otg pipes even with no planes ChunTao Tso <chuntao.tso(a)amd.com> drm/amd/display: Amend coasting vtotal for replay low hz Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle check for shared firmware state Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Init DPPCLK from SMU on dcn32 Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: Allow dirty rects to be sent to dmub when abm is active Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: Override min required DCFCLK in dml1_validate Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the validity of overdiver power limit Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Swapnil Patel <swapnil.patel(a)amd.com> drm/amd/display: Change default size for dummy plane in DML2 Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Yuli Wang <wangyuli(a)uniontech.com> LoongArch/crypto: Clean up useless assignment operations Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define the __io_aw() hook as mmiowb() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change __my_cpu_offset definition to avoid mis-optimization David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potencial out-of-bounds when buffer offset is invalid Alison Schofield <alison.schofield(a)intel.com> cxl/trace: Properly initialize cxl_poison region name Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> drm/i915: Add missing ; to __assign_str() macros in tracepoint code Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Dragos Tatulea <dtatulea(a)nvidia.com> net: esp: fix bad handling of pages from page_pool Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Jens Axboe <axboe(a)kernel.dk> io_uring/waitid: always remove waitid entry for cancel all Jens Axboe <axboe(a)kernel.dk> io_uring/futex: always remove futex entry for cancel all Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Constrain even more when continuous reads are enabled Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure all continuous terms are always in sync Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Add a helper for calculating a page index Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Fix and simplify again the continuous read derivations Eugene Korenevsky <ekorenevsky(a)astralinux.ru> cifs: open_cached_dir(): add FILE_READ_EA to desired access Shyam Prasad N <sprasad(a)microsoft.com> cifs: reduce warning log level for server not advertising interfaces Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure server interfaces are requested only for SMB3+ Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: truncate page cache before clearing flags when aborting atomic write Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Paul Moore <paul(a)paul-moore.com> lsm: handle the NULL buffer case in lsm_fill_user_ctx() Casey Schaufler <casey(a)schaufler-ca.com> lsm: use 32-bit compatible data types in LSM syscalls Bart Van Assche <bvanassche(a)acm.org> Revert "block/mq-deadline: use correct way to throttling write requests" Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Ley Foon Tan <leyfoon.tan(a)starfivetech.com> clocksource/drivers/timer-riscv: Clear timer interrupt on timer initialization Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/probe-helper: warn about negative .get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Alexander Aring <aahringo(a)redhat.com> dlm: fix user space lkb refcounting Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/ring-buffer: Fix wait_on_pipe() race Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Pavel Begunkov <asml.silence(a)gmail.com> io_uring: clean rings on NO_MMAP alloc fail Jens Axboe <axboe(a)kernel.dk> io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/tpmi: Change vsec offset to u64 Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: replace generic_fillattr with vfs_getattr Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm,tpm_tis: Avoid warning splat at shutdown Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Frank Wunderlich <frank-w(a)public-files.de> thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Steve French <stfrench(a)microsoft.com> cifs: allow changing password during remount Bharath SM <bharathsm(a)microsoft.com> cifs: prevent updating file size from server if we have a read/write lease Michael Kelley <mhklinux(a)outlook.com> PCI: hv: Fix ring buffer size calculation Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom: Enable BDF to SID translation properly Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Benjamin Coddington <bcodding(a)redhat.com> NFS: Read unlock folio on nfs_page_create_from_folio() error Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Sam Ravnborg <sam(a)ravnborg.org> sparc32: Fix parport build with sparc32 Johan Hovold <johan+linaro(a)kernel.org> PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot io-wq checks Jens Axboe <axboe(a)kernel.dk> io_uring/net: correctly handle multishot recvmsg retry setup Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Johannes Berg <johannes.berg(a)intel.com> debugfs: fix wait/cancellation handling during remove Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_queue_proc modifying req->flags Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot read defer taskrun cqe posting Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Christian Marangi <ansuelsmth(a)gmail.com> leds: trigger: netdev: Fix kernel panic on interface rename trig notify Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Bluetooth: btnxpuart: Fix btnxpuart_close Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Tony Battersby <tonyb(a)cybernetics.com> block: Fix page refcounts for unaligned buffers in __bio_release_pages() Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Yu Kuai <yukuai3(a)huawei.com> dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape Yu Kuai <yukuai3(a)huawei.com> dm-raid: add a new helper prepare_suspend() in md_personality Yu Kuai <yukuai3(a)huawei.com> md/dm-raid: don't call md_reap_sync_thread() directly Yu Kuai <yukuai3(a)huawei.com> dm-raid: really frozen sync_thread during suspend Yu Kuai <yukuai3(a)huawei.com> md: add a new helper reshape_interrupted() Yu Kuai <yukuai3(a)huawei.com> md: export helper md_is_rdwr() Yu Kuai <yukuai3(a)huawei.com> md: export helpers to stop sync_thread Yu Kuai <yukuai3(a)huawei.com> md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume Song Liu <song(a)kernel.org> Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Akira Yokosawa <akiyks(a)gmail.com> docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than htmldocs Nick Morrow <morrownr(a)gmail.com> wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: always free reserved space for extent records Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Jonas Gorski <jonas.gorski(a)gmail.com> serial: core: only stop transmit when HW fifo is empty Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: Disable wakeup at remove Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: fix module unload/reload behavior Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Miklos Szeredi <mszeredi(a)redhat.com> fuse: replace remaining make_bad_inode() with fuse_make_bad() Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: track capability/opmode NSS separately Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Always clear the save/restore FDs on reset Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Shivnandan Kumar <quic_kshivnan(a)quicinc.com> cpufreq: Limit resolving a frequency to policy min/max Akira Yokosawa <akiyks(a)gmail.com> docs: Restore "smart quotes" for quotes Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: use mask for write_enable bitfield Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 Gui-Dong Han <2045gemini(a)gmail.com> md/raid5: fix atomicity violation in raid5_cache_count Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Guenter Roeck <linux(a)roeck-us.net> parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Breno Leitao <leitao(a)debian.org> x86/nmi: Fix the inverse "in NMI handler" check Heming Zhao <heming.zhao(a)suse.com> md/md-bitmap: fix incorrect usage for sb_index Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Alexander Sverdlin <alexander.sverdlin(a)siemens.com> mfd: twl: Select MFD_CORE Bernd Schubert <bschubert(a)ddn.com> fuse: fix VM_MAYSHARE and direct_io_allow_mmap Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - change SLAs cleanup flow at shutdown Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Increase nr_cpu_ids to include the boot CPU Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix System Domain probing Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix a register bug Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix locking in TPMI RAPL Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix a NULL pointer dereference Zhang Rui <rui.zhang(a)intel.com> thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature Tor Vic <torvic9(a)mailbox.org> cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Li Lingfeng <lilingfeng3(a)huawei.com> md: use RCU lock to protect traversal in md_spares_need_change() Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Expand MUST_CONNECT flag to always require an enabled link Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Rename pad variable to clarify intent Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add num_links flag to media_pad Marek Vasut <marex(a)denx.de> media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix flags handling when creating pad links Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add local pad to pipeline regardless of the link state Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix the lifetime of the bo cursor memory Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Joakim Zhang <joakim.zhang(a)cixtech.com> remoteproc: virtio: Fix wdg cannot recovery remote processor Krishna chaitanya chundru <quic_krichai(a)quicinc.com> arm64: dts: qcom: sc7280: Add additional MSI interrupts Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: avoid invalid list operation when vendor attach fails Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Unmap the surface before resetting it on a plane state ------------- Diffstat: Documentation/Makefile | 4 +- Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/x86/amd-memory-encryption.rst | 16 +- Documentation/conf.py | 6 +- .../userspace-api/media/mediactl/media-types.rst | 11 +- Makefile | 4 +- arch/arm/Kconfig | 4 +- arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 +- arch/arm/include/asm/mman.h | 14 ++ arch/arm/kernel/Makefile | 2 - arch/arm/kernel/iwmmxt.S | 51 ++-- arch/arm/kernel/pj4-cp0.c | 135 ----------- arch/arm/mm/flush.c | 3 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- arch/arm64/boot/dts/qcom/sm8450-hdk.dts | 4 +- arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/loongarch/crypto/crc32-loongarch.c | 2 - arch/loongarch/include/asm/Kbuild | 1 + arch/loongarch/include/asm/io.h | 2 + arch/loongarch/include/asm/percpu.h | 7 +- arch/loongarch/include/asm/qspinlock.h | 18 -- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/parisc/include/asm/mman.h | 14 ++ arch/parisc/kernel/unaligned.c | 27 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/kernel/prom.c | 12 + arch/powerpc/lib/Makefile | 2 +- arch/sparc/include/asm/parport.h | 259 +-------------------- arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++ arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 -- arch/x86/boot/compressed/efi_mixed.S | 29 ++- arch/x86/coco/core.c | 7 +- arch/x86/events/amd/core.c | 20 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 14 ++ arch/x86/include/asm/coco.h | 8 +- arch/x86/include/asm/crash_core.h | 2 + arch/x86/include/asm/mem_encrypt.h | 15 +- arch/x86/include/asm/nospec-branch.h | 21 +- arch/x86/include/asm/sev.h | 4 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/x86_init.h | 3 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/eisa.c | 3 +- arch/x86/kernel/fpu/xstate.c | 5 +- arch/x86/kernel/fpu/xstate.h | 14 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/nmi.c | 2 +- arch/x86/kernel/probe_roms.c | 10 - arch/x86/kernel/setup.c | 3 +- arch/x86/kernel/sev-shared.c | 12 +- arch/x86/kernel/sev.c | 31 ++- arch/x86/kernel/x86_init.c | 2 + arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/xen.c | 2 +- arch/x86/kvm/xen.h | 18 ++ arch/x86/lib/retpoline.S | 11 +- arch/x86/mm/mem_encrypt_amd.c | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 38 ++- block/bio.c | 7 +- block/blk-mq.c | 9 +- block/blk-settings.c | 4 + block/mq-deadline.c | 3 +- crypto/asymmetric_keys/mscode_parser.c | 3 + crypto/asymmetric_keys/pkcs7_parser.c | 4 + crypto/asymmetric_keys/public_key.c | 3 +- crypto/asymmetric_keys/signature.c | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 8 + crypto/testmgr.h | 80 +++++++ drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/cppc_acpi.c | 31 ++- drivers/ata/ahci.c | 13 -- drivers/ata/libata-eh.c | 5 +- drivers/ata/libata-scsi.c | 9 + drivers/base/power/wakeirq.c | 4 +- drivers/bluetooth/btnxpuart.c | 3 + drivers/char/tpm/tpm_tis_core.c | 3 +- drivers/clk/qcom/camcc-sc8280xp.c | 21 ++ drivers/clk/qcom/gcc-ipq5018.c | 3 + drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-ipq9574.c | 1 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/clocksource/timer-riscv.c | 3 + drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 10 +- drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 +- drivers/crypto/intel/qat/qat_common/adf_rl.c | 20 +- drivers/cxl/core/trace.h | 14 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 1 + drivers/gpio/gpiolib-cdev.c | 38 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 34 +-- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 8 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.h | 2 +- .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 ++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 127 ++++++++-- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 18 ++ drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 + drivers/gpu/drm/amd/display/dc/dc.h | 2 +- drivers/gpu/drm/amd/display/dc/dc_stream.h | 2 - drivers/gpu/drm/amd/display/dc/dc_types.h | 4 +- drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c | 1 + drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c | 14 ++ drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h | 2 + drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c | 1 + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.c | 54 +++-- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.h | 14 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_mpc.c | 5 +- .../amd/display/dc/dcn32/dcn32_resource_helpers.c | 6 + .../amd/display/dc/dml2/dml2_translation_helper.c | 24 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 28 ++- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 3 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 3 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 53 ++--- .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 12 +- .../drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 41 ---- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 71 +++--- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h | 2 + .../gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c | 2 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 41 ---- drivers/gpu/drm/amd/display/dc/inc/hw/opp.h | 3 + .../drm/amd/display/dc/inc/hw/timing_generator.h | 1 + drivers/gpu/drm/amd/display/dc/inc/link.h | 4 +- .../dc/link/protocols/link_edp_panel_control.c | 4 +- .../dc/link/protocols/link_edp_panel_control.h | 4 +- .../gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h | 3 +- .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 8 + .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h | 1 + .../amd/display/dc/resource/dcn32/dcn32_resource.c | 3 + .../amd/display/dc/resource/dcn32/dcn32_resource.h | 3 + .../display/dc/resource/dcn321/dcn321_resource.c | 2 + drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 8 + .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + .../amd/display/modules/info_packet/info_packet.c | 13 +- .../drm/amd/display/modules/power/power_helpers.c | 2 +- .../drm/amd/display/modules/power/power_helpers.h | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 19 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 19 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 31 +-- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 18 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 18 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 +- drivers/gpu/drm/display/drm_dp_helper.c | 7 + drivers/gpu/drm/drm_bridge.c | 46 +++- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/drm_probe_helper.c | 7 + drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/display/icl_dsi.c | 3 +- drivers/gpu/drm/i915/display/intel_bios.c | 46 +++- drivers/gpu/drm/i915/display/intel_cursor.c | 4 +- drivers/gpu/drm/i915/display/intel_display_trace.h | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 76 +++--- drivers/gpu/drm/i915/display/intel_dpll_mgr.h | 4 + drivers/gpu/drm/i915/display/intel_dsb.c | 14 ++ drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/i915/i915_hwmon.c | 37 +-- drivers/gpu/drm/i915/i915_reg.h | 2 +- drivers/gpu/drm/i915/i915_vma.c | 50 +++- drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/ttm/ttm_tt.c | 13 ++ drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 +- drivers/gpu/drm/xe/xe_query.c | 2 +- drivers/hwmon/amc6821.c | 11 + drivers/iio/adc/rockchip_saradc.c | 6 +- drivers/iommu/dma-iommu.c | 9 + drivers/irqchip/irq-renesas-rzg2l.c | 67 ++++-- drivers/leds/trigger/ledtrig-netdev.c | 4 +- drivers/md/dm-raid.c | 93 ++++++-- drivers/md/dm-snap.c | 4 +- drivers/md/md-bitmap.c | 9 +- drivers/md/md.c | 82 +++++-- drivers/md/md.h | 38 ++- drivers/md/raid5.c | 58 ++++- drivers/media/mc/mc-entity.c | 93 ++++++-- .../platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/mfd/Kconfig | 1 + drivers/mfd/intel-lpss-pci.c | 28 ++- drivers/mfd/intel-lpss.c | 9 +- drivers/mfd/intel-lpss.h | 14 +- drivers/mmc/core/block.c | 14 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 28 ++- drivers/mmc/host/sdhci-omap.c | 3 + drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/nand/raw/nand_base.c | 87 ++++--- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/at803x.c | 4 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/bca/core.c | 15 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 60 ++--- .../broadcom/brcm80211/brcmfmac/cfg80211.h | 2 + .../broadcom/brcm80211/brcmfmac/cyw/core.c | 33 ++- .../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 + .../broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 39 ++-- .../broadcom/brcm80211/brcmfmac/wcc/core.c | 16 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +- .../net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw88/mac.c | 7 + drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 46 ++-- drivers/nvmem/meson-efuse.c | 25 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/controller/dwc/pcie-qcom.c | 41 +++- drivers/pci/controller/pci-hyperv.c | 3 +- drivers/pci/pci-driver.c | 7 + drivers/pci/pcie/err.c | 20 ++ drivers/pci/quirks.c | 2 + drivers/phy/tegra/xusb.c | 13 ++ drivers/pinctrl/pinctrl-amd.c | 2 +- drivers/pinctrl/qcom/Kconfig | 2 +- drivers/platform/x86/intel/tpmi.c | 9 +- drivers/powercap/intel_rapl_common.c | 34 ++- drivers/powercap/intel_rapl_msr.c | 8 +- drivers/powercap/intel_rapl_tpmi.c | 15 ++ drivers/pwm/pwm-img.c | 4 +- drivers/remoteproc/remoteproc_virtio.c | 6 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/libsas/sas_expander.c | 51 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +++++----- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++-- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 3 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/scsi_scan.c | 34 +++ drivers/scsi/sd.c | 23 +- drivers/scsi/sg.c | 4 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 25 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/thermal/devfreq_cooling.c | 2 +- .../int340x_thermal/processor_thermal_device.c | 8 +- .../intel/int340x_thermal/processor_thermal_rapl.c | 8 +- drivers/thermal/intel/intel_tcc.c | 12 +- drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 +- drivers/thermal/mediatek/auxadc_thermal.c | 3 + drivers/thermal/thermal_trip.c | 19 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/serial_core.c | 12 + drivers/ufs/host/ufs-qcom.c | 6 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 38 ++- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 72 ++++-- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/dwc3/core.c | 2 + drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-am62.c | 13 +- drivers/usb/dwc3/dwc3-pci.c | 2 - drivers/usb/dwc3/gadget.c | 10 + drivers/usb/dwc3/host.c | 11 + drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++-- drivers/usb/host/xhci.c | 2 + drivers/usb/misc/usb-ljca.c | 22 +- drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/uas.c | 28 ++- drivers/usb/typec/class.c | 7 +- drivers/usb/typec/tcpm/tcpm.c | 6 +- drivers/usb/typec/ucsi/ucsi.c | 56 ++++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++--- drivers/usb/typec/ucsi/ucsi_glink.c | 14 ++ drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/pds/lm.c | 13 ++ drivers/vfio/pci/pds/lm.h | 1 + drivers/vfio/pci/pds/vfio_dev.c | 4 +- drivers/vfio/pci/vfio_pci_intrs.c | 180 ++++++++------ drivers/vfio/platform/vfio_platform_irq.c | 105 ++++++--- drivers/vfio/virqfd.c | 21 ++ drivers/video/fbdev/Kconfig | 3 + drivers/virtio/virtio.c | 4 +- fs/btrfs/block-group.c | 3 +- fs/btrfs/compression.c | 8 +- fs/btrfs/defrag.c | 4 +- fs/btrfs/disk-io.c | 13 +- fs/btrfs/export.c | 2 +- fs/btrfs/extent_io.c | 61 +++-- fs/btrfs/extent_io.h | 1 + fs/btrfs/extent_map.c | 16 +- fs/btrfs/file.c | 14 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/fs.h | 11 + fs/btrfs/inode.c | 54 +++-- fs/btrfs/ioctl.c | 58 ++--- fs/btrfs/lzo.c | 4 +- fs/btrfs/props.c | 2 +- fs/btrfs/qgroup.c | 61 ++++- fs/btrfs/qgroup.h | 3 + fs/btrfs/reflink.c | 12 +- fs/btrfs/relocation.c | 2 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/send.c | 2 +- fs/btrfs/super.c | 2 +- fs/btrfs/volumes.c | 69 +++++- fs/btrfs/zoned.c | 14 +- fs/debugfs/inode.c | 25 +- fs/dlm/user.c | 10 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 4 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 6 +- fs/fuse/file.c | 8 +- fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/nfs/direct.c | 11 +- fs/nfs/read.c | 2 + fs/nfs/write.c | 2 +- fs/nfsd/trace.h | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifs_debug.c | 2 + fs/smb/client/cifsglob.h | 4 + fs/smb/client/cifsproto.h | 6 +- fs/smb/client/connect.c | 6 +- fs/smb/client/file.c | 8 +- fs/smb/client/fs_context.c | 27 ++- fs/smb/client/inode.c | 13 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/sess.c | 4 +- fs/smb/client/smb2ops.c | 2 + fs/smb/client/smb2pdu.c | 10 +- fs/smb/server/smb2misc.c | 26 ++- fs/smb/server/smb2pdu.c | 228 +++++++++++------- fs/smb/server/smb_common.c | 11 +- fs/smb/server/vfs.c | 12 +- fs/ubifs/dir.c | 2 + fs/ubifs/file.c | 13 +- include/drm/drm_bridge.h | 33 +++ include/drm/drm_modeset_helper_vtables.h | 3 +- include/drm/ttm/ttm_tt.h | 9 +- include/linux/cpufreq.h | 15 +- include/linux/framer/framer.h | 4 +- include/linux/intel_rapl.h | 6 + include/linux/intel_tcc.h | 2 +- include/linux/interrupt.h | 3 + include/linux/libata.h | 1 + include/linux/lsm_hook_defs.h | 4 +- include/linux/mman.h | 8 + include/linux/mtd/spinand.h | 2 +- include/linux/nfs_fs.h | 1 + include/linux/oid_registry.h | 4 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 4 +- include/linux/security.h | 8 +- include/linux/serial_core.h | 3 +- include/linux/skbuff.h | 10 + include/linux/syscalls.h | 6 +- include/linux/trace_events.h | 5 +- include/linux/vfio.h | 2 + include/media/media-entity.h | 2 + include/net/cfg80211.h | 2 + include/net/cfg802154.h | 1 + include/scsi/scsi_driver.h | 1 + include/scsi/scsi_host.h | 1 + include/uapi/linux/btrfs.h | 1 + init/initramfs.c | 2 +- io_uring/futex.c | 1 + io_uring/io_uring.c | 5 +- io_uring/net.c | 5 +- io_uring/poll.c | 19 +- io_uring/rw.c | 4 + io_uring/waitid.c | 7 +- kernel/bounds.c | 2 +- kernel/crash_core.c | 8 + kernel/dma/swiotlb.c | 37 +-- kernel/entry/common.c | 8 +- kernel/irq/manage.c | 9 +- kernel/module/Kconfig | 5 + kernel/power/suspend.c | 1 + kernel/printk/printk.c | 27 ++- kernel/sys.c | 7 +- kernel/time/posix-clock.c | 16 +- kernel/trace/ring_buffer.c | 161 ++++++++----- kernel/trace/trace.c | 43 +++- kernel/workqueue.c | 2 +- lib/pci_iomap.c | 2 +- mm/filemap.c | 16 ++ mm/kasan/kasan_test.c | 3 +- mm/memtest.c | 4 +- mm/shmem_quota.c | 10 +- mm/swapfile.c | 13 +- mm/zswap.c | 8 + net/bluetooth/hci_core.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/ipv4/esp4.c | 8 +- net/ipv6/esp6.c | 8 +- net/mac80211/cfg.c | 7 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/rate.c | 2 +- net/mac80211/sta_info.h | 6 +- net/mac80211/vht.c | 46 ++-- net/mac802154/llsec.c | 18 +- net/netfilter/nf_tables_api.c | 3 + net/wireless/wext-core.c | 7 +- scripts/Makefile.extrawarn | 2 + security/apparmor/lsm.c | 4 +- security/landlock/syscalls.c | 18 +- security/lsm_syscalls.c | 10 +- security/security.c | 20 +- security/selinux/hooks.c | 4 +- security/smack/smack_lsm.c | 16 +- sound/pci/hda/tas2781_hda_i2c.c | 83 ++++--- sound/sh/aica.c | 17 +- sound/soc/amd/yc/acp6x-mach.c | 7 - sound/soc/amd/yc/pci-acp6x.c | 1 - tools/include/linux/btf_ids.h | 2 + tools/testing/selftests/lsm/common.h | 6 +- .../testing/selftests/lsm/lsm_get_self_attr_test.c | 10 +- .../testing/selftests/lsm/lsm_list_modules_test.c | 8 +- .../testing/selftests/lsm/lsm_set_self_attr_test.c | 6 +- tools/testing/selftests/mm/gup_test.c | 2 +- tools/testing/selftests/mm/soft-dirty.c | 2 +- tools/testing/selftests/mm/split_huge_page_test.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 3 + tools/testing/selftests/mm/uffd-common.h | 2 + tools/testing/selftests/mm/uffd-unit-tests.c | 13 +- tools/testing/selftests/mqueue/setting | 1 + .../selftests/wireguard/qemu/arch/riscv32.config | 1 + .../selftests/wireguard/qemu/arch/riscv64.config | 1 + virt/kvm/async_pf.c | 31 ++- 482 files changed, 4826 insertions(+), 2566 deletions(-)

1 year, 5 months

19
425
0 0

[PATCH v3 2/2] PCI: of: Attach created of_node to existing device

by Herve Codina

The commit 407d1a51921e ("PCI: Create device tree node for bridge") creates of_node for PCI devices. During the insertion handling of these new DT nodes done by of_platform, new devices (struct device) are created. For each PCI devices a struct device is already present (created and handled by the PCI core). Having a second struct device to represent the exact same PCI device is not correct. On the of_node creation: - tell the of_platform that there is no need to create a device for this node (OF_POPULATED flag), - link this newly created of_node to the already present device, - tell fwnode that the device attached to this of_node is ready using fwnode_dev_initialized(). With this fix, the of_node are available in the sysfs device tree: /sys/devices/platform/soc/d0070000.pcie/ + of_node -> .../devicetree/base/soc/pcie@d0070000 + pci0000:00 + 0000:00:00.0 + of_node -> .../devicetree/base/soc/pcie@d0070000/pci@0,0 + 0000:01:00.0 + of_node -> .../devicetree/base/soc/pcie@d0070000/pci@0,0/dev@0,0 On the of_node removal, revert the operations. Fixes: 407d1a51921e ("PCI: Create device tree node for bridge") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/pci/of.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/drivers/pci/of.c b/drivers/pci/of.c index 51e3dd0ea5ab..5afd2731e876 100644 --- a/drivers/pci/of.c +++ b/drivers/pci/of.c @@ -615,7 +615,8 @@ void of_pci_remove_node(struct pci_dev *pdev) np = pci_device_to_OF_node(pdev); if (!np || !of_node_check_flag(np, OF_DYNAMIC)) return; - pdev->dev.of_node = NULL; + + device_remove_of_node(&pdev->dev); of_changeset_revert(np->data); of_changeset_destroy(np->data); @@ -668,12 +669,22 @@ void of_pci_make_dev_node(struct pci_dev *pdev) if (ret) goto out_free_node; + /* + * This of_node will be added to an existing device. + * Avoid any device creation and use the existing device + */ + of_node_set_flag(np, OF_POPULATED); + np->fwnode.dev = &pdev->dev; + fwnode_dev_initialized(&np->fwnode, true); + ret = of_changeset_apply(cset); if (ret) goto out_free_node; np->data = cset; - pdev->dev.of_node = np; + + /* Add the of_node to the existing device */ + device_add_of_node(&pdev->dev, np); kfree(name); return; -- 2.44.0

1 year, 5 months

3
4
0 0

[PATCH] misc/pvpanic-pci: register attributes via pci_driver

by Thomas Weißschuh

In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Greg, does it make sense to duplicate fields between struct pci_driver and struct device_driver? The fields "name", "groups" and "dev_groups" are duplicated. pci_driver::dev_groups was introduced in commit ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") because "this helps converting PCI drivers sysfs attributes to static" I don't understand the reasoning. The embedded device_driver shares the same storage lifetime and the fields have the exact same type. --- drivers/misc/pvpanic/pvpanic-pci.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver); --- base-commit: 00dcf5d862e86e57f5ce46344039f11bb1ad61f6 change-id: 20240411-pvpanic-pci-dev-groups-e3beebcbc4e4 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 5 months

2
2
0 0

FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033027-expensive-footage-f3ea@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001 From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Date: Tue, 5 Mar 2024 15:35:06 +0100 Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1 [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915] [161.360592] RIP: 0010:debug_print_object+0x80/0xb0 ... [161.361347] debug_object_free+0xeb/0x110 [161.361362] i915_active_fini+0x14/0x130 [i915] [161.361866] release_references+0xfe/0x1f0 [i915] [161.362543] i915_vma_parked+0x1db/0x380 [i915] [161.363129] __gt_park+0x121/0x230 [i915] [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915] That has been tracked down to be happening when another thread is deactivating the VMA inside __active_retire() helper, after the VMA's active counter has been already decremented to 0, but before deactivation of the VMA's object is reported to the object debugging tool. We could prevent from that race by serializing i915_active_fini() with __active_retire() via ref->tree_lock, but that wouldn't stop the VMA from being used, e.g. from __i915_vma_retire() called at the end of __active_retire(), after that VMA has been already freed by a concurrent i915_vma_destroy() on return from the i915_active_fini(). Then, we should rather fix the issue at the VMA level, not in i915_active. Since __i915_vma_parked() is called from __gt_park() on last put of the GT's wakeref, the issue could be addressed by holding the GT wakeref long enough for __active_retire() to complete before that wakeref is released and the GT parked. I believe the issue was introduced by commit d93939730347 ("drm/i915: Remove the vma refcount") which moved a call to i915_active_fini() from a dropped i915_vma_release(), called on last put of the removed VMA kref, to i915_vma_parked() processing path called on last put of a GT wakeref. However, its visibility to the object debugging tool was suppressed by a bug in i915_active that was fixed two weeks later with commit e92eb246feb9 ("drm/i915/active: Fix missing debug object activation"). A VMA associated with a request doesn't acquire a GT wakeref by itself. Instead, it depends on a wakeref held directly by the request's active intel_context for a GT associated with its VM, and indirectly on that intel_context's engine wakeref if the engine belongs to the same GT as the VMA's VM. Those wakerefs are released asynchronously to VMA deactivation. Fix the issue by getting a wakeref for the VMA's GT when activating it, and putting that wakeref only after the VMA is deactivated. However, exclude global GTT from that processing path, otherwise the GPU never goes idle. Since __i915_vma_retire() may be called from atomic contexts, use async variant of wakeref put. Also, to avoid circular locking dependency, take care of acquiring the wakeref before VM mutex when both are needed. v7: Add inline comments with justifications for: - using untracked variants of intel_gt_pm_get/put() (Nirmoy), - using async variant of _put(), - not getting the wakeref in case of a global GTT, - always getting the first wakeref outside vm->mutex. v6: Since __i915_vma_active/retire() callbacks are not serialized, storing a wakeref tracking handle inside struct i915_vma is not safe, and there is no other good place for that. Use untracked variants of intel_gt_pm_get/put_async(). v5: Replace "tile" with "GT" across commit description (Rodrigo), - avoid mentioning multi-GT case in commit description (Rodrigo), - explain why we need to take a temporary wakeref unconditionally inside i915_vma_pin_ww() (Rodrigo). v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm wakerefs") (Andi), - for more easy backporting, split out removal of former insufficient workarounds and move them to separate patches (Nirmoy). - clean up commit message and description a bit. v3: Identify root cause more precisely, and a commit to blame, - identify and drop former workarounds, - update commit message and description. v2: Get the wakeref before VM mutex to avoid circular locking dependency, - drop questionable Fixes: tag. Fixes: d93939730347 ("drm/i915: Remove the vma refcount") Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875 Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org # v5.19+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus… (cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c index d09aad34ba37..b70715b1411d 100644 --- a/drivers/gpu/drm/i915/i915_vma.c +++ b/drivers/gpu/drm/i915/i915_vma.c @@ -34,6 +34,7 @@ #include "gt/intel_engine.h" #include "gt/intel_engine_heartbeat.h" #include "gt/intel_gt.h" +#include "gt/intel_gt_pm.h" #include "gt/intel_gt_requests.h" #include "gt/intel_tlb.h" @@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref) static int __i915_vma_active(struct i915_active *ref) { - return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT; + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_tryget(vma)) + return -ENOENT; + + /* + * Exclude global GTT VMA from holding a GT wakeref + * while active, otherwise GPU never goes idle. + */ + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we and our _retire() counterpart can be + * called asynchronously, storing a wakeref tracking + * handle inside struct i915_vma is not safe, and + * there is no other good place for that. Hence, + * use untracked variants of intel_gt_pm_get/put(). + */ + intel_gt_pm_get_untracked(vma->vm->gt); + } + + return 0; } static void __i915_vma_retire(struct i915_active *ref) { - i915_vma_put(active_to_vma(ref)); + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we can be called from atomic contexts, + * use an async variant of intel_gt_pm_put(). + */ + intel_gt_pm_put_async_untracked(vma->vm->gt); + } + + i915_vma_put(vma); } static struct i915_vma * @@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, struct i915_vma_work *work = NULL; struct dma_fence *moving = NULL; struct i915_vma_resource *vma_res = NULL; - intel_wakeref_t wakeref = 0; + intel_wakeref_t wakeref; unsigned int bound; int err; @@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (err) return err; - if (flags & PIN_GLOBAL) - wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); + /* + * In case of a global GTT, we must hold a runtime-pm wakeref + * while global PTEs are updated. In other cases, we hold + * the rpm reference while the VMA is active. Since runtime + * resume may require allocations, which are forbidden inside + * vm->mutex, get the first rpm wakeref outside of the mutex. + */ + wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); if (flags & vma->vm->bind_async_flags) { /* lock VM */ @@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (work) dma_fence_work_commit_imm(&work->base); err_rpm: - if (wakeref) - intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); + intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); if (moving) dma_fence_put(moving);

1 year, 5 months

3
2
0 0

[PATCH v4] mtd: limit OTP NVMEM Cell parse to non Nand devices

by Christian Marangi

MTD OTP logic is very fragile on parsing NVMEM Cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM Cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how Cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM Cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no Cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- To backport this to v6.6 and previous, config.no_of_node = mtd_type_is_nand(mtd); should be used as it does pose the same usage of add_legacy_fixed_of_cells. Changes v4: - Add info on how to backport this to previous kernel - Fix Fixes tag - Reformat commit description as it was unprecise and had false statement Changes v3: - Fix commit description Changes v2: - Use mtd_type_is_nand instead of node name check drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 5 months

3
3
0 0

[PATCH v2 5.10.y 1/1] mailbox: imx: fix suspend failure

by Daisuke Mizobuchi

imx_mu_isr() always calls pm_system_wakeup() even when it should not, making the system unable to enter sleep. Suspend fails as follows: armadillo:~# echo mem > /sys/power/state [ 2614.602432] PM: suspend entry (deep) [ 2614.610640] Filesystems sync: 0.004 seconds [ 2614.618016] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 2614.626555] OOM killer disabled. [ 2614.629792] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 2614.638456] printk: Suspending console(s) (use no_console_suspend to debug) [ 2614.649504] PM: Some devices failed to suspend, or early wake event detected [ 2614.730103] PM: resume devices took 0.080 seconds [ 2614.741924] OOM killer enabled. [ 2614.745073] Restarting tasks ... done. [ 2614.754532] PM: suspend exit ash: write error: Resource busy armadillo:~# Upstream commit 892cb524ae8a is correct, so this seems to be a mistake during cherry-pick. Cc: <stable(a)vger.kernel.org> Fixes: a16f5ae8ade1 ("mailbox: imx: fix wakeup failure from freeze mode") Signed-off-by: Daisuke Mizobuchi <mizo(a)atmark-techno.com> Reviewed-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> --- drivers/mailbox/imx-mailbox.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c index c5663398c6b7..28f5450e4130 100644 --- a/drivers/mailbox/imx-mailbox.c +++ b/drivers/mailbox/imx-mailbox.c @@ -331,8 +331,6 @@ static int imx_mu_startup(struct mbox_chan *chan) break; } - priv->suspend = true; - return 0; } @@ -550,8 +548,6 @@ static int imx_mu_probe(struct platform_device *pdev) clk_disable_unprepare(priv->clk); - priv->suspend = false; - return 0; disable_runtime_pm: @@ -614,6 +610,8 @@ static int __maybe_unused imx_mu_suspend_noirq(struct device *dev) if (!priv->clk) priv->xcr = imx_mu_read(priv, priv->dcfg->xCR); + priv->suspend = true; + return 0; } @@ -632,6 +630,8 @@ static int __maybe_unused imx_mu_resume_noirq(struct device *dev) if (!imx_mu_read(priv, priv->dcfg->xCR) && !priv->clk) imx_mu_write(priv, priv->xcr, priv->dcfg->xCR); + priv->suspend = false; + return 0; } -- 2.30.2

1 year, 5 months

3
2
0 0

[PATCH v2 5/5] drm/vmwgfx: Sort primary plane formats by order of preference

by Zack Rusin

The table of primary plane formats wasn't sorted at all, leading to applications picking our least desirable formats by defaults. Sort the primary plane formats according to our order of preference. Nice side-effect of this change is that it makes IGT's kms_atomic plane-invalid-params pass because the test picks the first format which for vmwgfx was DRM_FORMAT_XRGB1555 and uses fb's with odd sizes which make Pixman, which IGT depends on assert due to the fact that our 16bpp formats aren't 32 bit aligned like Pixman requires all formats to be. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 36cc79bc9077 ("drm/vmwgfx: Add universal plane support") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ Acked-by: Pekka Paalanen <pekka.paalanen(a)collabora.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h index bf9931e3a728..bf24f2f0dcfc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h @@ -233,10 +233,10 @@ struct vmw_framebuffer_bo { static const uint32_t __maybe_unused vmw_primary_plane_formats[] = { - DRM_FORMAT_XRGB1555, - DRM_FORMAT_RGB565, DRM_FORMAT_XRGB8888, DRM_FORMAT_ARGB8888, + DRM_FORMAT_RGB565, + DRM_FORMAT_XRGB1555, }; static const uint32_t __maybe_unused vmw_cursor_plane_formats[] = { -- 2.40.1

1 year, 5 months

1
0
0 0

[PATCH v2 4/5] drm/vmwgfx: Fix crtc's atomic check conditional

by Zack Rusin

The conditional was supposed to prevent enabling of a crtc state without a set primary plane. Accidently it also prevented disabling crtc state with a set primary plane. Neither is correct. Fix the conditional and just driver-warn when a crtc state has been enabled without a primary plane which will help debug broken userspace. Fixes IGT's kms_atomic_interruptible and kms_atomic_transition tests. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 06ec41909e31 ("drm/vmwgfx: Add and connect CRTC helper functions") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ Reviewed-by: Ian Forbes <ian.forbes(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index e33e5993d8fc..13b2820cae51 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -931,6 +931,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state) { + struct vmw_private *vmw = vmw_priv(crtc->dev); struct drm_crtc_state *new_state = drm_atomic_get_new_crtc_state(state, crtc); struct vmw_display_unit *du = vmw_crtc_to_du(new_state->crtc); @@ -938,9 +939,13 @@ int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, bool has_primary = new_state->plane_mask & drm_plane_mask(crtc->primary); - /* We always want to have an active plane with an active CRTC */ - if (has_primary != new_state->enable) - return -EINVAL; + /* + * This is fine in general, but broken userspace might expect + * some actual rendering so give a clue as why it's blank. + */ + if (new_state->enable && !has_primary) + drm_dbg_driver(&vmw->drm, + "CRTC without a primary plane will be blank.\n"); if (new_state->connector_mask != connector_mask && -- 2.40.1

1 year, 5 months

1
0
0 0

[PATCH v2 3/5] drm/vmwgfx: Fix prime import/export

by Zack Rusin

vmwgfx never supported prime import of external buffers. Furthermore the driver exposes two different objects to userspace: vmw_surface's and gem buffers but prime import/export only worked with vmw_surfaces. Because gem buffers are used through the dumb_buffer interface this meant that the driver created buffers couldn't have been prime exported or imported. Fix prime import/export. Makes IGT's kms_prime pass. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM") Cc: <stable(a)vger.kernel.org> # v6.6+ Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++++++++++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 ++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 ++ drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++++++++++++++ drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +++++++- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++++++++++++++------- 8 files changed, 117 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c index c52c7bf1485b..717d624e9a05 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c @@ -456,8 +456,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, .no_wait_gpu = false }; u32 j, initial_line = dst_offset / dst_stride; - struct vmw_bo_blit_line_data d; + struct vmw_bo_blit_line_data d = {0}; int ret = 0; + struct page **dst_pages = NULL; + struct page **src_pages = NULL; /* Buffer objects need to be either pinned or reserved: */ if (!(dst->pin_count)) @@ -477,12 +479,35 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, return ret; } + if (!src->ttm->pages && src->ttm->sg) { + src_pages = kvmalloc_array(src->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!src_pages) + return -ENOMEM; + ret = drm_prime_sg_to_page_array(src->ttm->sg, src_pages, + src->ttm->num_pages); + if (ret) + goto out; + } + if (!dst->ttm->pages && dst->ttm->sg) { + dst_pages = kvmalloc_array(dst->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!dst_pages) { + ret = -ENOMEM; + goto out; + } + ret = drm_prime_sg_to_page_array(dst->ttm->sg, dst_pages, + dst->ttm->num_pages); + if (ret) + goto out; + } + d.mapped_dst = 0; d.mapped_src = 0; d.dst_addr = NULL; d.src_addr = NULL; - d.dst_pages = dst->ttm->pages; - d.src_pages = src->ttm->pages; + d.dst_pages = dst->ttm->pages ? dst->ttm->pages : dst_pages; + d.src_pages = src->ttm->pages ? src->ttm->pages : src_pages; d.dst_num_pages = PFN_UP(dst->resource->size); d.src_num_pages = PFN_UP(src->resource->size); d.dst_prot = ttm_io_prot(dst, dst->resource, PAGE_KERNEL); @@ -504,6 +529,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, kunmap_atomic(d.src_addr); if (d.dst_addr) kunmap_atomic(d.dst_addr); + if (src_pages) + kvfree(src_pages); + if (dst_pages) + kvfree(dst_pages); return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index bfd41ce3c8f4..e5eb21a471a6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -377,7 +377,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, { struct ttm_operation_ctx ctx = { .interruptible = params->bo_type != ttm_bo_type_kernel, - .no_wait_gpu = false + .no_wait_gpu = false, + .resv = params->resv, }; struct ttm_device *bdev = &dev_priv->bdev; struct drm_device *vdev = &dev_priv->drm; @@ -394,8 +395,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, vmw_bo_placement_set(vmw_bo, params->domain, params->busy_domain); ret = ttm_bo_init_reserved(bdev, &vmw_bo->tbo, params->bo_type, - &vmw_bo->placement, 0, &ctx, NULL, - NULL, destroy); + &vmw_bo->placement, 0, &ctx, + params->sg, params->resv, destroy); if (unlikely(ret)) return ret; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index 0d496dc9c6af..f349642e6190 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -55,6 +55,8 @@ struct vmw_bo_params { enum ttm_bo_type bo_type; size_t size; bool pin; + struct dma_resv *resv; + struct sg_table *sg; }; /** diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 89d3679d2608..41ad13e45554 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1631,6 +1631,7 @@ static const struct drm_driver driver = { .prime_fd_to_handle = vmw_prime_fd_to_handle, .prime_handle_to_fd = vmw_prime_handle_to_fd, + .gem_prime_import_sg_table = vmw_prime_import_sg_table, .fops = &vmwgfx_driver_fops, .name = VMWGFX_DRIVER_NAME, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index ddbceaa31b59..4ecaea0026fc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1107,6 +1107,9 @@ extern int vmw_prime_handle_to_fd(struct drm_device *dev, struct drm_file *file_priv, uint32_t handle, uint32_t flags, int *prime_fd); +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table); /* * MemoryOBject management - vmwgfx_mob.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c index 186150f41fbc..2132a8ad8c0c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c @@ -136,6 +136,38 @@ int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv, return ret; } +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table) +{ + int ret; + struct vmw_private *dev_priv = vmw_priv(dev); + struct drm_gem_object *gem = NULL; + struct vmw_bo *vbo; + struct vmw_bo_params params = { + .domain = (dev_priv->has_mob) ? VMW_BO_DOMAIN_SYS : VMW_BO_DOMAIN_VRAM, + .busy_domain = VMW_BO_DOMAIN_SYS, + .bo_type = ttm_bo_type_sg, + .size = attach->dmabuf->size, + .pin = false, + .resv = attach->dmabuf->resv, + .sg = table, + + }; + + dma_resv_lock(params.resv, NULL); + + ret = vmw_bo_create(dev_priv, &params, &vbo); + if (ret != 0) + goto out_no_bo; + + vbo->tbo.base.funcs = &vmw_gem_object_funcs; + + gem = &vbo->tbo.base; +out_no_bo: + dma_resv_unlock(params.resv); + return gem; +} int vmw_gem_object_create_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index 2d72a5ee7c0c..c99cad444991 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -75,8 +75,12 @@ int vmw_prime_fd_to_handle(struct drm_device *dev, int fd, u32 *handle) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + int ret = ttm_prime_fd_to_handle(tfile, fd, handle); - return ttm_prime_fd_to_handle(tfile, fd, handle); + if (ret) + ret = drm_gem_prime_fd_to_handle(dev, file_priv, fd, handle); + + return ret; } int vmw_prime_handle_to_fd(struct drm_device *dev, @@ -85,5 +89,12 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, int *prime_fd) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - return ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + int ret; + + if (handle > VMWGFX_NUM_MOB) + ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c index 4d23d0a70bcb..621d98b376bb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c @@ -188,13 +188,18 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) switch (dev_priv->map_mode) { case vmw_dma_map_bind: case vmw_dma_map_populate: - vsgt->sgt = &vmw_tt->sgt; - ret = sg_alloc_table_from_pages_segment( - &vmw_tt->sgt, vsgt->pages, vsgt->num_pages, 0, - (unsigned long)vsgt->num_pages << PAGE_SHIFT, - dma_get_max_seg_size(dev_priv->drm.dev), GFP_KERNEL); - if (ret) - goto out_sg_alloc_fail; + if (vmw_tt->dma_ttm.page_flags & TTM_TT_FLAG_EXTERNAL) { + vsgt->sgt = vmw_tt->dma_ttm.sg; + } else { + vsgt->sgt = &vmw_tt->sgt; + ret = sg_alloc_table_from_pages_segment(&vmw_tt->sgt, + vsgt->pages, vsgt->num_pages, 0, + (unsigned long)vsgt->num_pages << PAGE_SHIFT, + dma_get_max_seg_size(dev_priv->drm.dev), + GFP_KERNEL); + if (ret) + goto out_sg_alloc_fail; + } ret = vmw_ttm_map_for_dma(vmw_tt); if (unlikely(ret != 0)) @@ -209,8 +214,9 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) return 0; out_map_fail: - sg_free_table(vmw_tt->vsgt.sgt); - vmw_tt->vsgt.sgt = NULL; + drm_warn(&dev_priv->drm, "VSG table map failed!"); + sg_free_table(vsgt->sgt); + vsgt->sgt = NULL; out_sg_alloc_fail: return ret; } @@ -356,15 +362,17 @@ static void vmw_ttm_destroy(struct ttm_device *bdev, struct ttm_tt *ttm) static int vmw_ttm_populate(struct ttm_device *bdev, struct ttm_tt *ttm, struct ttm_operation_ctx *ctx) { - int ret; + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; - /* TODO: maybe completely drop this ? */ if (ttm_tt_is_populated(ttm)) return 0; - ret = ttm_pool_alloc(&bdev->pool, ttm, ctx); + if (external && ttm->sg) + return drm_prime_sg_to_dma_addr_array(ttm->sg, + ttm->dma_address, + ttm->num_pages); - return ret; + return ttm_pool_alloc(&bdev->pool, ttm, ctx); } static void vmw_ttm_unpopulate(struct ttm_device *bdev, @@ -372,6 +380,10 @@ static void vmw_ttm_unpopulate(struct ttm_device *bdev, { struct vmw_ttm_tt *vmw_tt = container_of(ttm, struct vmw_ttm_tt, dma_ttm); + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; + + if (external) + return; vmw_ttm_unbind(bdev, ttm); @@ -390,6 +402,7 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, { struct vmw_ttm_tt *vmw_be; int ret; + bool external = bo->type == ttm_bo_type_sg; vmw_be = kzalloc(sizeof(*vmw_be), GFP_KERNEL); if (!vmw_be) @@ -398,7 +411,10 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, vmw_be->dev_priv = vmw_priv_from_ttm(bo->bdev); vmw_be->mob = NULL; - if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent) + if (external) + page_flags |= TTM_TT_FLAG_EXTERNAL | TTM_TT_FLAG_EXTERNAL_MAPPABLE; + + if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent || external) ret = ttm_sg_tt_init(&vmw_be->dma_ttm, bo, page_flags, ttm_cached); else -- 2.40.1

1 year, 5 months

1
0
0 0

[PATCH v2] firmware: qcom: uefisecapp: Fix memory related IO errors and crashes

by Maximilian Luz

It turns out that while the QSEECOM APP_SEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory region. Failure to adhere to this has (so far) resulted in either no response being written to the response buffer (causing an EIO to be emitted down the line), the SCM call to fail with EINVAL (i.e., directly from TZ/firmware), or the device to be hard-reset. While this issue can be triggered deterministically, in the current form it seems to happen rather sporadically (which is why it has gone unnoticed during earlier testing). This is likely due to the two kzalloc() calls (for request and response) being directly after each other. Which means that those likely return consecutive regions most of the time, especially when not much else is going on in the system. Fix this by allocating a single memory region for both request and response buffers, properly aligning both structs inside it. This unfortunately also means that the qcom_scm_qseecom_app_send() interface needs to be restructured, as it should no longer map the DMA regions separately. Therefore, move the responsibility of DMA allocation (or mapping) to the caller. Fixes: 759e7a2b62eb ("firmware: Add support for Qualcomm UEFI Secure Application") Cc: stable(a)vger.kernel.org # 6.7 Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Maximilian Luz <luzmaximilian(a)gmail.com> --- Changes in v2: - rename DMA related variables - replace _phys suffix with _dma - drop _virt suffix - use DMA-based naming in comments instead of referring to physical addresses/memory --- .../firmware/qcom/qcom_qseecom_uefisecapp.c | 137 ++++++++++++------ drivers/firmware/qcom/qcom_scm.c | 37 +---- include/linux/firmware/qcom/qcom_qseecom.h | 55 ++++++- include/linux/firmware/qcom/qcom_scm.h | 10 +- 4 files changed, 153 insertions(+), 86 deletions(-) diff --git a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c index 32188f098ef34..bc550ad0dbe0c 100644 --- a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c +++ b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c @@ -221,6 +221,19 @@ struct qsee_rsp_uefi_query_variable_info { * alignment of 8 bytes (64 bits) for GUIDs. Our definition of efi_guid_t, * however, has an alignment of 4 byte (32 bits). So far, this seems to work * fine here. See also the comment on the typedef of efi_guid_t. + * + * Note: It looks like uefisecapp is quite picky about how the memory passed to + * it is structured and aligned. In particular the request/response setup used + * for QSEE_CMD_UEFI_GET_VARIABLE. While qcom_qseecom_app_send(), in theory, + * accepts separate buffers/addresses for the request and response parts, in + * practice, however, it seems to expect them to be both part of a larger + * contiguous block. We initially allocated separate buffers for the request + * and response but this caused the QSEE_CMD_UEFI_GET_VARIABLE command to + * either not write any response to the response buffer or outright crash the + * device. Therefore, we now allocate a single contiguous block of DMA memory + * for both and properly align the data using the macros below. In particular, + * request and response structs are aligned at 8 byte (via __reqdata_offs()), + * following the driver that this has been reverse-engineered from. */ #define qcuefi_buf_align_fields(fields...) \ ({ \ @@ -244,6 +257,12 @@ struct qsee_rsp_uefi_query_variable_info { #define __array_offs(type, count, offset) \ __field_impl(sizeof(type) * (count), __alignof__(type), offset) +#define __array_offs_aligned(type, count, align, offset) \ + __field_impl(sizeof(type) * (count), align, offset) + +#define __reqdata_offs(size, offset) \ + __array_offs_aligned(u8, size, 8, offset) + #define __array(type, count) __array_offs(type, count, NULL) #define __field_offs(type, offset) __array_offs(type, 1, offset) #define __field(type) __array_offs(type, 1, NULL) @@ -277,10 +296,15 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e unsigned long buffer_size = *data_size; efi_status_t efi_status = EFI_SUCCESS; unsigned long name_length; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t guid_offs; size_t name_offs; size_t req_size; size_t rsp_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name || !guid) @@ -304,17 +328,19 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e __array(u8, buffer_size) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(rsp_size, &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(rsp_size, GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_GET_VARIABLE; req_data->data_size = buffer_size; @@ -332,7 +358,9 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size); - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, rsp_size); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -407,9 +435,7 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e memcpy(data, ((void *)rsp_data) + rsp_data->data_offset, rsp_data->data_size); out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -422,10 +448,15 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e struct qsee_rsp_uefi_set_variable *rsp_data; efi_status_t efi_status = EFI_SUCCESS; unsigned long name_length; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t name_offs; size_t guid_offs; size_t data_offs; size_t req_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name || !guid) @@ -450,17 +481,19 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e __array_offs(u8, data_size, &data_offs) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(sizeof(*rsp_data), &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(sizeof(*rsp_data), GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_SET_VARIABLE; req_data->attributes = attributes; @@ -483,8 +516,9 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e if (data_size) memcpy(((void *)req_data) + req_data->data_offset, data, req_data->data_size); - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, - sizeof(*rsp_data)); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, sizeof(*rsp_data)); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -507,9 +541,7 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e } out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -521,10 +553,15 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, struct qsee_req_uefi_get_next_variable *req_data; struct qsee_rsp_uefi_get_next_variable *rsp_data; efi_status_t efi_status = EFI_SUCCESS; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t guid_offs; size_t name_offs; size_t req_size; size_t rsp_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name_size || !name || !guid) @@ -545,17 +582,19 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, __array(*name, *name_size / sizeof(*name)) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(rsp_size, &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(rsp_size, GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_GET_NEXT_VARIABLE; req_data->guid_offset = guid_offs; @@ -572,7 +611,9 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, goto out_free; } - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, rsp_size); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -645,9 +686,7 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, } out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -659,26 +698,34 @@ static efi_status_t qsee_uefi_query_variable_info(struct qcuefi_client *qcuefi, struct qsee_req_uefi_query_variable_info *req_data; struct qsee_rsp_uefi_query_variable_info *rsp_data; efi_status_t efi_status = EFI_SUCCESS; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; + size_t req_offs; + size_t rsp_offs; int status; - req_data = kzalloc(sizeof(*req_data), GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(sizeof(*req_data), &req_offs) + __reqdata_offs(sizeof(*rsp_data), &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(sizeof(*rsp_data), GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_QUERY_VARIABLE_INFO; req_data->attributes = attr; req_data->length = sizeof(*req_data); - status = qcom_qseecom_app_send(qcuefi->client, req_data, sizeof(*req_data), rsp_data, - sizeof(*rsp_data)); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, sizeof(*req_data), + cmd_buf_dma + rsp_offs, sizeof(*rsp_data)); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -711,9 +758,7 @@ static efi_status_t qsee_uefi_query_variable_info(struct qcuefi_client *qcuefi, *max_variable_size = rsp_data->max_variable_size; out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index 81c15aeff934a..f9c9fcfeaadaf 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -1579,9 +1579,9 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_get_id); /** * qcom_scm_qseecom_app_send() - Send to and receive data from a given QSEE app. * @app_id: The ID of the target app. - * @req: Request buffer sent to the app (must be DMA-mappable). + * @req: DMA address of the request buffer sent to the app. * @req_size: Size of the request buffer. - * @rsp: Response buffer, written to by the app (must be DMA-mappable). + * @rsp: DMA address of the response buffer, written to by the app. * @rsp_size: Size of the response buffer. * * Sends a request to the QSEE app associated with the given ID and read back @@ -1592,33 +1592,13 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_get_id); * * Return: Zero on success, nonzero on failure. */ -int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, - size_t rsp_size) +int qcom_scm_qseecom_app_send(u32 app_id, dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { struct qcom_scm_qseecom_resp res = {}; struct qcom_scm_desc desc = {}; - dma_addr_t req_phys; - dma_addr_t rsp_phys; int status; - /* Map request buffer */ - req_phys = dma_map_single(__scm->dev, req, req_size, DMA_TO_DEVICE); - status = dma_mapping_error(__scm->dev, req_phys); - if (status) { - dev_err(__scm->dev, "qseecom: failed to map request buffer\n"); - return status; - } - - /* Map response buffer */ - rsp_phys = dma_map_single(__scm->dev, rsp, rsp_size, DMA_FROM_DEVICE); - status = dma_mapping_error(__scm->dev, rsp_phys); - if (status) { - dma_unmap_single(__scm->dev, req_phys, req_size, DMA_TO_DEVICE); - dev_err(__scm->dev, "qseecom: failed to map response buffer\n"); - return status; - } - - /* Set up SCM call data */ desc.owner = QSEECOM_TZ_OWNER_TZ_APPS; desc.svc = QSEECOM_TZ_SVC_APP_ID_PLACEHOLDER; desc.cmd = QSEECOM_TZ_CMD_APP_SEND; @@ -1626,18 +1606,13 @@ int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, QCOM_SCM_RW, QCOM_SCM_VAL, QCOM_SCM_RW, QCOM_SCM_VAL); desc.args[0] = app_id; - desc.args[1] = req_phys; + desc.args[1] = req; desc.args[2] = req_size; - desc.args[3] = rsp_phys; + desc.args[3] = rsp; desc.args[4] = rsp_size; - /* Perform call */ status = qcom_scm_qseecom_call(&desc, &res); - /* Unmap buffers */ - dma_unmap_single(__scm->dev, rsp_phys, rsp_size, DMA_FROM_DEVICE); - dma_unmap_single(__scm->dev, req_phys, req_size, DMA_TO_DEVICE); - if (status) return status; diff --git a/include/linux/firmware/qcom/qcom_qseecom.h b/include/linux/firmware/qcom/qcom_qseecom.h index 5c28298a98bec..366243ee96096 100644 --- a/include/linux/firmware/qcom/qcom_qseecom.h +++ b/include/linux/firmware/qcom/qcom_qseecom.h @@ -10,6 +10,7 @@ #define __QCOM_QSEECOM_H #include <linux/auxiliary_bus.h> +#include <linux/dma-mapping.h> #include <linux/types.h> #include <linux/firmware/qcom/qcom_scm.h> @@ -24,12 +25,57 @@ struct qseecom_client { u32 app_id; }; +/** + * qseecom_scm_dev() - Get the SCM device associated with the QSEECOM client. + * @client: The QSEECOM client device. + * + * Returns the SCM device under which the provided QSEECOM client device + * operates. This function is intended to be used for DMA allocations. + */ +static inline struct device *qseecom_scm_dev(struct qseecom_client *client) +{ + return client->aux_dev.dev.parent->parent; +} + +/** + * qseecom_dma_alloc() - Allocate DMA memory for a QSEECOM client. + * @client: The QSEECOM client to allocate the memory for. + * @size: The number of bytes to allocate. + * @dma_handle: Pointer to where the DMA address should be stored. + * @gfp: Allocation flags. + * + * Wrapper function for dma_alloc_coherent(), allocating DMA memory usable for + * TZ/QSEECOM communication. Refer to dma_alloc_coherent() for details. + */ +static inline void *qseecom_dma_alloc(struct qseecom_client *client, size_t size, + dma_addr_t *dma_handle, gfp_t gfp) +{ + return dma_alloc_coherent(qseecom_scm_dev(client), size, dma_handle, gfp); +} + +/** + * dma_free_coherent() - Free QSEECOM DMA memory. + * @client: The QSEECOM client for which the memory has been allocated. + * @size: The number of bytes allocated. + * @cpu_addr: Virtual memory address to free. + * @dma_handle: DMA memory address to free. + * + * Wrapper function for dma_free_coherent(), freeing memory previously + * allocated with qseecom_dma_alloc(). Refer to dma_free_coherent() for + * details. + */ +static inline void qseecom_dma_free(struct qseecom_client *client, size_t size, + void *cpu_addr, dma_addr_t dma_handle) +{ + return dma_free_coherent(qseecom_scm_dev(client), size, cpu_addr, dma_handle); +} + /** * qcom_qseecom_app_send() - Send to and receive data from a given QSEE app. * @client: The QSEECOM client associated with the target app. - * @req: Request buffer sent to the app (must be DMA-mappable). + * @req: DMA address of the request buffer sent to the app. * @req_size: Size of the request buffer. - * @rsp: Response buffer, written to by the app (must be DMA-mappable). + * @rsp: DMA address of the response buffer, written to by the app. * @rsp_size: Size of the response buffer. * * Sends a request to the QSEE app associated with the given client and read @@ -43,8 +89,9 @@ struct qseecom_client { * * Return: Zero on success, nonzero on failure. */ -static inline int qcom_qseecom_app_send(struct qseecom_client *client, void *req, size_t req_size, - void *rsp, size_t rsp_size) +static inline int qcom_qseecom_app_send(struct qseecom_client *client, + dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { return qcom_scm_qseecom_app_send(client->app_id, req, req_size, rsp, rsp_size); } diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h index ccaf288460546..aaa19f93ac430 100644 --- a/include/linux/firmware/qcom/qcom_scm.h +++ b/include/linux/firmware/qcom/qcom_scm.h @@ -118,8 +118,8 @@ bool qcom_scm_lmh_dcvsh_available(void); #ifdef CONFIG_QCOM_QSEECOM int qcom_scm_qseecom_app_get_id(const char *app_name, u32 *app_id); -int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, - size_t rsp_size); +int qcom_scm_qseecom_app_send(u32 app_id, dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size); #else /* CONFIG_QCOM_QSEECOM */ @@ -128,9 +128,9 @@ static inline int qcom_scm_qseecom_app_get_id(const char *app_name, u32 *app_id) return -EINVAL; } -static inline int qcom_scm_qseecom_app_send(u32 app_id, void *req, - size_t req_size, void *rsp, - size_t rsp_size) +static inline int qcom_scm_qseecom_app_send(u32 app_id, + dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { return -EINVAL; } -- 2.44.0

1 year, 5 months

3
2
0 0

[PATCH v2 5.10/5.15] ata: libata-scsi: check cdb length for VARIABLE_LENGTH_CMD commands

by Mikhail Ukhin

No upstream commit exists for this patch. Fuzzing of 5.10 stable branch reports a slab-out-of-bounds error in ata_scsi_pass_thru. The error is fixed in 5.18 by commit ce70fd9a551a ("scsi: core: Remove the cmd field from struct scsi_request") upstream. Backporting this commit would require significant changes to the code so it is bettter to use a simple fix for that particular error. The problem is that the length of the received SCSI command is not validated if scsi_op == VARIABLE_LENGTH_CMD. It can lead to out-of-bounds reading if the user sends a request with SCSI command of length less than 32. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> Signed-off-by: Mikhail Ivanov <iwanov-23(a)bk.ru> Signed-off-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru> --- v2: The new addresses were added and the text was updated. drivers/ata/libata-scsi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index dfa090ccd21c..77589e911d3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -4065,6 +4065,9 @@ int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev) if (unlikely(!scmd->cmd_len)) goto bad_cdb_len; + + if (scsi_op == VARIABLE_LENGTH_CMD && scmd->cmd_len < 32) + goto bad_cdb_len; if (dev->class == ATA_DEV_ATA || dev->class == ATA_DEV_ZAC) { if (unlikely(scmd->cmd_len > dev->cdb_len)) -- 2.25.1

1 year, 5 months

2
1
0 0

[PATCH v2] ACPI: CPPC: Fix access width used for PCC registers

by Vanshidhar Konda

commit 2f4a4d63a193be6fd530d180bb13c3592052904c modified cpc_read/cpc_write to use access_width to read CPC registers. For PCC registers the access width field in the ACPI register macro specifies the PCC subspace id. For non-zero PCC subspace id the access width is incorrectly treated as access width. This causes errors when reading from PCC registers in the CPPC driver. For PCC registers base the size of read/write on the bit width field. The debug message in cpc_read/cpc_write is updated to print relevant information for the address space type used to read the register. Signed-off-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Tested-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Jarred White <jarredwhite(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ --- When testing v6.9-rc1 kernel on AmpereOne system dmesg showed that cpufreq policy had failed to initialize on some cores during boot because cpufreq->get() always returned 0. On this system CPPC registers are in PCC subspace index 2 that are 32 bits wide. With this patch the CPPC driver interpreted the access width field as 16 bits, causing the register read to roll over too quickly to provide valid values during frequency computation. v2: - Use size variable in debug print message - Use size instead of reg->bit_width for acpi_os_read_memory and acpi_os_write_memory drivers/acpi/cppc_acpi.c | 53 ++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 4bfbe55553f4..a037e9d15f48 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -1002,14 +1002,14 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) } *val = 0; + size = GET_BIT_WIDTH(reg); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; status = acpi_os_read_port((acpi_io_address)reg->address, - &val_u32, width); + &val_u32, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to read SystemIO port %llx\n", reg->address); @@ -1018,17 +1018,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = val_u32; return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_read_ffh(cpu, reg, val); else return acpi_os_read_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); switch (size) { case 8: @@ -1044,8 +1049,13 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = readq_relaxed(vaddr); break; default: - pr_debug("Error: Cannot read %u bit width from PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot read %u width from for system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot read %u bit width to PCC for ss: %d\n", + size, pcc_ss_id); + } return -EFAULT; } @@ -1063,12 +1073,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; + size = GET_BIT_WIDTH(reg); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, - (u32)val, width); + (u32)val, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to write SystemIO port %llx\n", reg->address); @@ -1076,17 +1087,22 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) } return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_write_ffh(cpu, reg, val); else return acpi_os_write_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) val = MASK_VAL(reg, val); @@ -1105,8 +1121,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) writeq_relaxed(val, vaddr); break; default: - pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot write %u width from for system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", + size, pcc_ss_id); + } ret_val = -EFAULT; break; } -- 2.43.1

1 year, 5 months

2
1
0 0

[PATCH RESEND 0/2] usb: typec: tipd: fix event checking in interrupt service routines

by Javier Carrasco

The ISRs of the tps25750 and tps6598x do not handle generated events properly under all circumstances. The tps6598x ISR does not read all bits of the INT_EVENTX registers, leaving events signaled with bits above 64 unattended. Moreover, these events are not cleared, leaving the interrupt enabled. The tps25750 reads all bits of the INT_EVENT1 register, but the event checking is not right because the same event is checked in two different regions of the same register by means of an OR operation. This series aims to fix both issues by reading all bits of the INT_EVENTX registers, and limiting the event checking to the region where the supported events are defined (currently they are limited to the first 64 bits of the registers, as the are defined as BIT_ULL()). If the need for events above the first 64 bits of the INT_EVENTX registers arises, a different mechanism might be required. But for the current needs, all definitions can be left as they are. Note: resend to add the Cc tag for 'stable' (fixes in the series). Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> --- Javier Carrasco (2): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x drivers/usb/typec/tipd/core.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240328-tps6598x_fix_event_handling-3398d3d82f85 Best regards, -- Javier Carrasco <javier.carrasco(a)wolfvision.net>

1 year, 5 months

2
9
0 0

[PATCH net] Bluetooth: hci_event: fix double hci_conn_drop() when conn->state == BT_CONNECTED

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> There is no need to drop the connection of some functions in which the conn->state in BT_CONNECTED is marked, since in the future the same check takes place (for example, in the hci_encrypt_change_evt() function) and the hci_conn_drop() is called. Otherwise, the conn->refcnt will become below zero, which will trigger a warning and may cause a crash on kernels with the panic_on_warn parameter enabled. Syzkaller hit 'WARNING in hci_conn_timeout' bug. [ 23.485892] Bluetooth: Core ver 2.22 [ 23.485916] NET: Registered PF_BLUETOOTH protocol family [ 23.485917] Bluetooth: HCI device and connection manager initialized [ 23.486407] Bluetooth: HCI socket layer initialized [ 23.486410] Bluetooth: L2CAP socket layer initialized [ 23.486413] Bluetooth: SCO socket layer initialized [ 24.507112] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 24.507142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 24.507165] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 24.508091] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 24.508109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 24.508117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 24.545962] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [ 24.545969] Bluetooth: BNEP filters: protocol multicast [ 24.545973] Bluetooth: BNEP socket layer initialized [ 24.547521] Bluetooth: MGMT ver 1.22 [ 26.553008] Bluetooth: hci0: command tx timeout [ 26.561518] Bluetooth: RFCOMM TTY layer initialized [ 26.561526] Bluetooth: RFCOMM socket layer initialized [ 26.561532] Bluetooth: RFCOMM ver 1.11 [ 28.602024] Bluetooth: hci0: Opcode 0x0c13 failed: -110 [ 28.602054] Bluetooth: hci0: command tx timeout [ 30.650011] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 30.650021] Bluetooth: hci0: command tx timeout [ 32.696973] Bluetooth: hci0: command tx timeout [ 32.696985] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 34.744973] Bluetooth: hci0: command 0x0406 tx timeout [ 34.745008] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 36.792966] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 36.792980] Bluetooth: hci0: command 0x0406 tx timeout [ 38.841027] Bluetooth: hci0: command 0x0406 tx timeout [ 38.841035] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.889026] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.889999] Bluetooth: hci0: command 0x0406 tx timeout [ 40.890012] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.893629] NET: Registered PF_ALG protocol family [ 42.937008] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 42.937023] Bluetooth: hci0: command 0x0406 tx timeout [ 44.984984] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 44.985008] Bluetooth: hci0: command 0x0406 tx timeout [ 47.033023] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 47.033044] Bluetooth: hci0: command 0x0406 tx timeout [ 49.080976] Bluetooth: hci0: command 0x0406 tx timeout [ 49.080985] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 51.129140] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 51.130051] Bluetooth: hci0: command 0x0406 tx timeout [ 53.177011] Bluetooth: hci0: command 0x0406 tx timeout [ 55.225969] Bluetooth: hci0: command 0x0406 tx timeout [ 57.272968] Bluetooth: hci0: command 0x0406 tx timeout [ 59.320982] Bluetooth: hci0: command 0x0406 tx timeout [ 61.368989] Bluetooth: hci0: command 0x0406 tx timeout [ 148.474066] ------------[ cut here ]------------ [ 148.474072] WARNING: CPU: 0 PID: 3835 at net/bluetooth/hci_conn.c:612 hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474115] Modules linked in: cmac algif_hash algif_skcipher af_alg rfcomm bnep hci_vhci bluetooth ecdh_generic uinput af_packet rfkill joydev hid_generic usbhid hid qrtr intel_rapl_msr intel_rapl_common intel_pmc_core kvm_intel nls_utf8 iTCO_wdt intel_pmc_bxt iTCO_vendor_support nls_cp866 vfat fat kvm irqbypass crct10dif_pclmul crc32_pclmul snd_hda_codec_generic crc32c_intel ghash_clmulni_intel ledtrig_audio sha512_ssse3 snd_hda_intel sha256_ssse3 sha1_ssse3 snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec aesni_intel crypto_simd cryptd i2c_i801 snd_hda_core psmouse snd_hwdep i2c_smbus xhci_pci pcspkr snd_pcm lpc_ich xhci_pci_renesas xhci_hcd tiny_power_button qemu_fw_cfg button sch_fq_codel vboxvideo drm_vram_helper drm_ttm_helper ttm vboxsf vboxguest snd_seq_midi snd_seq_midi_event snd_seq snd_rawmidi snd_seq_device snd_timer snd soundcore msr fuse efi_pstore dm_mod ip_tables x_tables autofs4 virtio_gpu virtio_net virtio_dma_buf drm_shmem_helper net_failover drm_kms_helper [ 148.474210] virtio_rng drm virtio_scsi rng_core virtio_console virtio_balloon virtio_blk failover ahci libahci libata evdev input_leds serio_raw scsi_mod scsi_common virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev virtio_ring virtio intel_agp intel_gtt [ 148.474234] CPU: 0 PID: 3835 Comm: kworker/u5:2 Not tainted 6.1.85-un-def-alt1 #1 [ 148.474238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 [ 148.474241] Workqueue: hci0 hci_conn_timeout [bluetooth] [ 148.474265] RIP: 0010:hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474288] Code: 00 00 66 89 44 24 06 e8 58 a7 ff ff eb a8 e8 41 7b ee c1 90 0f 1f 44 00 00 8b 87 20 fd ff ff 85 c0 78 07 74 07 c3 cc cc cc cc <0f> 0b 55 0f b6 87 49 fd ff ff 48 8d af 10 fd ff ff 3c 01 74 12 be [ 148.474291] RSP: 0018:ffffa7fd80b53e90 EFLAGS: 00010286 [ 148.474295] RAX: 00000000fffe728b RBX: ffff8959c46ab180 RCX: ffff8959c3b70028 [ 148.474297] RDX: 0000000000000001 RSI: ffff8959c86ce0b0 RDI: ffff895a105aeaf0 [ 148.474299] RBP: ffff895a105aeaf0 R08: ffff8959c86ce0b0 R09: ffff8959c46ab1f4 [ 148.474301] R10: 0000000000000005 R11: 0000000000000005 R12: ffff8959c3b70000 [ 148.474302] R13: ffff8959ec495400 R14: 0000000000000000 R15: ffff8959ec495405 [ 148.474305] FS: 0000000000000000(0000) GS:ffff895a3dc00000(0000) knlGS:0000000000000000 [ 148.474308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.474310] CR2: 00007f2a1b7baa48 CR3: 0000000034b98000 CR4: 0000000000750ef0 [ 148.474317] PKRU: 55555554 [ 148.474319] Call Trace: [ 148.474323] <TASK> [ 148.474327] ? __warn+0x79/0xc0 [ 148.474343] ? hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474364] ? report_bug+0xff/0x150 [ 148.474375] ? handle_bug+0x49/0xa0 [ 148.474398] ? exc_invalid_op+0x14/0x70 [ 148.474402] ? asm_exc_invalid_op+0x16/0x20 [ 148.474408] ? hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474441] process_one_work+0x217/0x3e0 [ 148.474467] worker_thread+0x4d/0x3c0 [ 148.474473] ? process_one_work+0x3e0/0x3e0 [ 148.474478] kthread+0xd6/0x100 [ 148.474482] ? kthread_complete_and_exit+0x20/0x20 [ 148.474486] ret_from_fork+0x1f/0x30 [ 148.474500] </TASK> [ 148.474502] ---[ end trace 0000000000000000 ]--- Fixes: 0fe29fd1cd77 ("Bluetooth: Read LE remote features during connection establishment") Fixes: 769be974d0c7 ("[Bluetooth] Use ACL config stage to retrieve remote features") Fixes: f8558555f31e ("[Bluetooth] Initiate authentication during connection establishment") Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/bluetooth/hci_event.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index a8b8cfebe0180c..64477e1bde7cec 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -3529,7 +3529,6 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, void *data, } else { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } } else { hci_auth_cfm(conn, ev->status); @@ -3776,7 +3775,6 @@ static void hci_remote_features_evt(struct hci_dev *hdev, void *data, if (!hci_outgoing_auth_needed(hdev, conn)) { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } unlock: @@ -5030,7 +5028,6 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, void *data, if (!hci_outgoing_auth_needed(hdev, conn)) { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } unlock: @@ -6561,7 +6558,6 @@ static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev, void *data, conn->state = BT_CONNECTED; hci_connect_cfm(conn, status); - hci_conn_drop(conn); } } -- 2.33.8

1 year, 5 months

2
2
0 0

[git:media_tree/master] media: rc: bpf attach/detach requires write permission

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: rc: bpf attach/detach requires write permission Author: Sean Young <sean(a)mess.org> Date: Thu Apr 13 10:50:32 2023 +0200 Note that bpf attach/detach also requires CAP_NET_ADMIN. Cc: stable(a)vger.kernel.org Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/rc/bpf-lirc.c | 6 +++--- drivers/media/rc/lirc_dev.c | 5 ++++- drivers/media/rc/rc-core-priv.h | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) --- diff --git a/drivers/media/rc/bpf-lirc.c b/drivers/media/rc/bpf-lirc.c index fe17c7f98e81..52d82cbe7685 100644 --- a/drivers/media/rc/bpf-lirc.c +++ b/drivers/media/rc/bpf-lirc.c @@ -253,7 +253,7 @@ int lirc_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog) if (attr->attach_flags) return -EINVAL; - rcdev = rc_dev_get_from_fd(attr->target_fd); + rcdev = rc_dev_get_from_fd(attr->target_fd, true); if (IS_ERR(rcdev)) return PTR_ERR(rcdev); @@ -278,7 +278,7 @@ int lirc_prog_detach(const union bpf_attr *attr) if (IS_ERR(prog)) return PTR_ERR(prog); - rcdev = rc_dev_get_from_fd(attr->target_fd); + rcdev = rc_dev_get_from_fd(attr->target_fd, true); if (IS_ERR(rcdev)) { bpf_prog_put(prog); return PTR_ERR(rcdev); @@ -303,7 +303,7 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr) if (attr->query.query_flags) return -EINVAL; - rcdev = rc_dev_get_from_fd(attr->query.target_fd); + rcdev = rc_dev_get_from_fd(attr->query.target_fd, false); if (IS_ERR(rcdev)) return PTR_ERR(rcdev); diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index a537734832c5..caad59f76793 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -814,7 +814,7 @@ void __exit lirc_dev_exit(void) unregister_chrdev_region(lirc_base_dev, RC_DEV_MAX); } -struct rc_dev *rc_dev_get_from_fd(int fd) +struct rc_dev *rc_dev_get_from_fd(int fd, bool write) { struct fd f = fdget(fd); struct lirc_fh *fh; @@ -828,6 +828,9 @@ struct rc_dev *rc_dev_get_from_fd(int fd) return ERR_PTR(-EINVAL); } + if (write && !(f.file->f_mode & FMODE_WRITE)) + return ERR_PTR(-EPERM); + fh = f.file->private_data; dev = fh->rc; diff --git a/drivers/media/rc/rc-core-priv.h b/drivers/media/rc/rc-core-priv.h index ef1e95e1af7f..7df949fc65e2 100644 --- a/drivers/media/rc/rc-core-priv.h +++ b/drivers/media/rc/rc-core-priv.h @@ -325,7 +325,7 @@ void lirc_raw_event(struct rc_dev *dev, struct ir_raw_event ev); void lirc_scancode_event(struct rc_dev *dev, struct lirc_scancode *lsc); int lirc_register(struct rc_dev *dev); void lirc_unregister(struct rc_dev *dev); -struct rc_dev *rc_dev_get_from_fd(int fd); +struct rc_dev *rc_dev_get_from_fd(int fd, bool write); #else static inline int lirc_dev_init(void) { return 0; } static inline void lirc_dev_exit(void) {}

1 year, 5 months

1
0
0 0

[PATCH 6.1 0/6] backport xfs fix patches reported by xfs/179/270/557/606

by Mahmoud Adam

Hi, These patches fix and reported by xfstests tests xfs/179 xfs/270 xfs/557 xfs/606, the patchset were tested to confirm they fix those tests. all are clean picks. thanks, MNAdam

1 year, 5 months

5
13
0 0

[PATCH net] Bluetooth: hci_event: fix possible multiple drops by marked conn->state after hci_disconnect()

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> When returning from the hci_disconnect() function, the conn->state continues to be set to BT_CONNECTED and hci_conn_drop() is executed, which decrements the conn->refcnt. Syzkaller has generated a reproducer that results in multiple calls to hci_encrypt_change_evt() of the same conn object. -- hci_encrypt_change_evt(){ // conn->state == BT_CONNECTED hci_disconnect(){ hci_abort_conn(); } hci_conn_drop(); // conn->state == BT_CONNECTED } -- This behavior can cause the conn->refcnt to go far into negative values and cause problems. To get around this, you need to change the conn->state, namely to BT_DISCONN, as it was before. Fixes: a13f316e90fd ("Bluetooth: hci_conn: Consolidate code for aborting connections") Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/bluetooth/hci_event.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 64477e1bde7cec..e0477021183f9b 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2989,6 +2989,7 @@ static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status) hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; unlock: hci_dev_unlock(hdev); @@ -3654,6 +3655,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, void *data, hci_encrypt_cfm(conn, ev->status); hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; goto unlock; } @@ -5248,6 +5250,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev, void *data, if (ev->status && conn->state == BT_CONNECTED) { hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; goto unlock; } -- 2.33.8

1 year, 5 months

1
1
0 0

[PATCH v1 0/4] docs: stable-kernel-rules: fine-tuning and 'no semi-automatic backport'

by Thorsten Leemhuis

After a recent discussion regarding "do we need a 'nobackport' tag" I set out to create one change for stable-kernel-rules.rst. This is now the second patch in the series, which links to that discussion; the other stuff is fine-tuning that happened along the way. Ciao, Thorsten Thorsten Leemhuis (4): docs: stable-kernel-rules: reduce redundancy docs: stable-kernel-rules: mention "no semi-automatic backport" docs: stable-kernel-rules: call mainline by its name and change example docs: stable-kernel-rules: remove code-labels tags Documentation/process/stable-kernel-rules.rst | 50 +++++++------------ 1 file changed, 18 insertions(+), 32 deletions(-) base-commit: 3f86ed6ec0b390c033eae7f9c487a3fea268e027 -- 2.44.0

1 year, 5 months

3
21
0 0

[RESEND. PATCH v2] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853

by WangYuli

Add the support ID(0x0bda, 0x4853) to usb_device_id table for Realtek RTL8852BE. Without this change the device utilizes an obsolete version of the firmware that is encoded in it rather than the updated Realtek firmware and config files from the firmware directory. The latter files implement many new features. The device table is as follows: T: Bus=03 Lev=01 Prnt=01 Port=09 Cnt=03 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bda ProdID=4853 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index c391e612b83b..3356af3a7f61 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -542,6 +542,8 @@ static const struct usb_device_id quirks_table[] = { /* Realtek 8852BE Bluetooth devices */ { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0bda, 0x4853), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | -- 2.43.0

1 year, 5 months

2
1
0 0

[PATCH] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index 35389b2af88e..0d5e54201eb2 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> /* diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 961f4d88f9ef..5a6c94d7a598 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -296,5 +296,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 2e5a95486a42..044d842c696c 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3481,13 +3483,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.39.2

1 year, 5 months

4
6
0 0

[RESEND PATCH net v4 1/2] soc: fsl: qbman: Always disable interrupts when taking cgr_lock

by Sean Anderson

smp_call_function_single disables IRQs when executing the callback. To prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere. This is already done by qman_update_cgr and qman_delete_cgr; fix the other lockers. Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()") CC: stable(a)vger.kernel.org Signed-off-by: Sean Anderson <sean.anderson(a)seco.com> Reviewed-by: Camelia Groza <camelia.groza(a)nxp.com> Tested-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> --- I got no response the first time I sent this, so I am resending to net. This issue was introduced in a series which went through net, so I hope it makes sense to take it via net. [1] https://lore.kernel.org/linux-arm-kernel/20240108161904.2865093-1-sean.ande… (no changes since v3) Changes in v3: - Change blamed commit to something more appropriate Changes in v2: - Fix one additional call to spin_unlock drivers/soc/fsl/qbman/qman.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c index 739e4eee6b75..1bf1f1ea67f0 100644 --- a/drivers/soc/fsl/qbman/qman.c +++ b/drivers/soc/fsl/qbman/qman.c @@ -1456,11 +1456,11 @@ static void qm_congestion_task(struct work_struct *work) union qm_mc_result *mcr; struct qman_cgr *cgr; - spin_lock(&p->cgr_lock); + spin_lock_irq(&p->cgr_lock); qm_mc_start(&p->p); qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION); if (!qm_mc_result_timeout(&p->p, &mcr)) { - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); dev_crit(p->config->dev, "QUERYCONGESTION timeout\n"); qman_p_irqsource_add(p, QM_PIRQ_CSCI); return; @@ -1476,7 +1476,7 @@ static void qm_congestion_task(struct work_struct *work) list_for_each_entry(cgr, &p->cgr_cbs, node) if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid)) cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid)); - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); qman_p_irqsource_add(p, QM_PIRQ_CSCI); } @@ -2440,7 +2440,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags, preempt_enable(); cgr->chan = p->config->channel; - spin_lock(&p->cgr_lock); + spin_lock_irq(&p->cgr_lock); if (opts) { struct qm_mcc_initcgr local_opts = *opts; @@ -2477,7 +2477,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags, qman_cgrs_get(&p->cgrs[1], cgr->cgrid)) cgr->cb(p, cgr, 1); out: - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); put_affine_portal(); return ret; } -- 2.35.1.1320.gc452695387.dirty [Embedded World 2024, SECO SpA]<https://www.messe-ticket.de/Nuernberg/embeddedworld2024/Register/ew24517689>

1 year, 5 months

4
5
0 0

Re: 6.8.5 does not boot (regression)

by Linux regression tracking (Thorsten Leemhuis)

On 11.04.24 09:20, Toralf Förster wrote: > It is a remote system, nothing in the logs, system is a hardened Gentoo > Linux, 6.8.4 was fine. > > Linux mr-fox 6.8.4 #4 SMP Thu Apr 4 22:10:47 UTC 2024 x86_64 AMD Ryzen > 9 5950X 16-Core Processor AuthenticAMD GNU/Linux > > Another Gentoo dev reported problems too. > > config is below. Thx for the report, but the harsh reality is: nearly no developer will see your initial report, as you just sent it to LKML, which nearly nobody ready. I CCed a few lists, which might help. But that is unlikely, as this could be cause by all sorts of changes. Which is why we likely need a bisection ( https://docs.kernel.org/admin-guide/verify-bugs-and-bisect-regressions.html ) from somebody affected to make some progress here. That being said: there are a few EFI changes in there that in a case like this are a suspect. I CCed the developer, maybe something rings a bell. Ciao, Thorsten

1 year, 5 months

3
2
0 0

[PATCH v2] slimbus: qcom-ngd-ctrl: Add timeout for wait operation

by Viken Dadhaniya

In current driver qcom_slim_ngd_up_worker() indefinitely waiting for ctrl->qmi_up completion object. This is resulting in workqueue lockup on Kthread. Added wait_for_completion_interruptible_timeout to allow the thread to wait for specific timeout period and bail out instead waiting infinitely. Fixes: a899d324863a ("slimbus: qcom-ngd-ctrl: add Sub System Restart support") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> --- v1 -> v2: - Remove macro and add value inline. - add fix, cc and review tag. --- --- drivers/slimbus/qcom-ngd-ctrl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c index efeba8275a66..a09a26bf4988 100644 --- a/drivers/slimbus/qcom-ngd-ctrl.c +++ b/drivers/slimbus/qcom-ngd-ctrl.c @@ -1451,7 +1451,11 @@ static void qcom_slim_ngd_up_worker(struct work_struct *work) ctrl = container_of(work, struct qcom_slim_ngd_ctrl, ngd_up_work); /* Make sure qmi service is up before continuing */ - wait_for_completion_interruptible(&ctrl->qmi_up); + if (!wait_for_completion_interruptible_timeout(&ctrl->qmi_up, + msecs_to_jiffies(MSEC_PER_SEC))) { + dev_err(ctrl->dev, "QMI wait timeout\n"); + return; + } mutex_lock(&ctrl->ssr_lock); qcom_slim_ngd_enable(ctrl, true); -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation

1 year, 5 months

2
1
0 0

Backported patch for linux-5.4

by Jürgen Groß

Hi, there has been a report of a failure in a 5.4 based kernel, which has been fixed in kernel 5.10 with commit abee7c494d8c41bb388839bccc47e06247f0d7de. Please apply the attached backported patch to the stable 5.4 kernel. Juergen

1 year, 5 months

2
1
0 0

[PATCH 4.19.y v3 0/2] Fix stable-4.19 use-after-free bug

by George Guo

1. About v3-0001-tracing-Remove-unnecessary-hist_data-destroy-in-d.patch: The reason I write the changelog by myself is that no one found the bug at that time, then later the code was removed on upstream, but 4.19-stable has the bug. 2. About v3-0002-tracing-Remove-unnecessary-var-destroy-in-onmax_d.patch I also write the changelog by myself is that the upstream api is changed. refs commits: 466f4528fbc6 ("tracing: Generalize hist trigger onmax and save action") ff9d31d0d466 ("tracing: Remove unnecessary var_ref destroy in track_data_destroy()") George Guo (2): tracing: Remove unnecessary hist_data destroy in destroy_synth_var_refs() tracing: Remove unnecessary var destroy in onmax_destroy() kernel/trace/trace_events_hist.c | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) -- 2.34.1

1 year, 5 months

2
3
0 0

FAILED: patch "[PATCH] drm/i915/gt: Reset queue_priority_hint on parking" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4a3859ea5240365d21f6053ee219bb240d520895 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033046-mobility-coherence-2055@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4a3859ea5240365d21f6053ee219bb240d520895 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Mon, 18 Mar 2024 14:58:47 +0100 Subject: [PATCH] drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. This preempt-to-busy race can be triggered by the heartbeat, which will also act as the power-management barrier and upon completion allow us to idle the HW. We may process the completion of the heartbeat, and begin parking the engine before the CS event that restores the queue_priority_hint, causing us to fail the assertion that it is MIN. <3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 166.210781] Dumping ftrace buffer: <0>[ 166.210795] --------------------------------- ... <0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 } <0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646 <0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0 <0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659 <0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40 <0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 } <0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2 <0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin <0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2 <0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin <0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660 <0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns } <0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked <0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040 <0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns } <0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns } <0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 167.303811] --------------------------------- <4>[ 167.304722] ------------[ cut here ]------------ <2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283! <4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1 <4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 <4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915] <4>[ 167.304839] RIP: 0010:__engine_park+0x3fd/0x680 [i915] <4>[ 167.304937] Code: 00 48 c7 c2 b0 e5 86 a0 48 8d 3d 00 00 00 00 e8 79 48 d4 e0 bf 01 00 00 00 e8 ef 0a d4 e0 31 f6 bf 09 00 00 00 e8 03 49 c0 e0 <0f> 0b 0f 0b be 01 00 00 00 e8 f5 61 fd ff 31 c0 e9 34 fd ff ff 48 <4>[ 167.304940] RSP: 0018:ffffc9000059fce0 EFLAGS: 00010246 <4>[ 167.304942] RAX: 0000000000000200 RBX: 0000000000000000 RCX: 0000000000000006 <4>[ 167.304944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 <4>[ 167.304946] RBP: ffff8881330ca1b0 R08: 0000000000000001 R09: 0000000000000001 <4>[ 167.304947] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881330ca000 <4>[ 167.304948] R13: ffff888110f02aa0 R14: ffff88812d1d0205 R15: ffff88811277d4f0 <4>[ 167.304950] FS: 0000000000000000(0000) GS:ffff88844f780000(0000) knlGS:0000000000000000 <4>[ 167.304952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 167.304953] CR2: 00007fc362200c40 CR3: 000000013306e003 CR4: 0000000000770ef0 <4>[ 167.304955] PKRU: 55555554 <4>[ 167.304957] Call Trace: <4>[ 167.304958] <TASK> <4>[ 167.305573] ____intel_wakeref_put_last+0x1d/0x80 [i915] <4>[ 167.305685] i915_request_retire.part.0+0x34f/0x600 [i915] <4>[ 167.305800] retire_requests+0x51/0x80 [i915] <4>[ 167.305892] intel_gt_retire_requests_timeout+0x27f/0x700 [i915] <4>[ 167.305985] process_scheduled_works+0x2db/0x530 <4>[ 167.305990] worker_thread+0x18c/0x350 <4>[ 167.305993] kthread+0xfe/0x130 <4>[ 167.305997] ret_from_fork+0x2c/0x50 <4>[ 167.306001] ret_from_fork_asm+0x1b/0x30 <4>[ 167.306004] </TASK> It is necessary for the queue_priority_hint to be lower than the next request submission upon waking up, as we rely on the hint to decide when to kick the tasklet to submit that first request. Fixes: 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy") Closes: https://gitlab.freedesktop.org/drm/intel/issues/10154 Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v5.4+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240318135906.716055-2-janus… (cherry picked from commit 98850e96cf811dc2d0a7d0af491caff9f5d49c1e) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/gt/intel_engine_pm.c b/drivers/gpu/drm/i915/gt/intel_engine_pm.c index 96bdb93a948d..fb7bff27b45a 100644 --- a/drivers/gpu/drm/i915/gt/intel_engine_pm.c +++ b/drivers/gpu/drm/i915/gt/intel_engine_pm.c @@ -279,9 +279,6 @@ static int __engine_park(struct intel_wakeref *wf) intel_engine_park_heartbeat(engine); intel_breadcrumbs_park(engine->breadcrumbs); - /* Must be reset upon idling, or we may miss the busy wakeup. */ - GEM_BUG_ON(engine->sched_engine->queue_priority_hint != INT_MIN); - if (engine->park) engine->park(engine); diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 42aade0faf2d..b061a0a0d6b0 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -3272,6 +3272,9 @@ static void execlists_park(struct intel_engine_cs *engine) { cancel_timer(&engine->execlists.timer); cancel_timer(&engine->execlists.preempt); + + /* Reset upon idling, or we may delay the busy wakeup. */ + WRITE_ONCE(engine->sched_engine->queue_priority_hint, INT_MIN); } static void add_to_engine(struct i915_request *rq)

1 year, 5 months

3
2
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040851-hamster-canary-7b07@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 5 months

3
3
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 6.1-stable tree

by Sasha Levin

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 5 months

3
2
0 0

[PATCH 4.19.y] drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()

by Guo Mengqi

commit 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") introduced drm_dev_get/put() to drm_atomic_helper_shutdown(). And this cause problem in vkms driver exit process. vkms_exit() drm_dev_put() vkms_release() drm_atomic_helper_shutdown() drm_dev_get() drm_dev_put() vkms_release() ------ null pointer access Using 4.19 stable x86 image on qemu, below stacktrace can be triggered by load and unload vkms.ko. root:~ # insmod vkms.ko [ 142.135449] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 142.138713] [drm] Driver supports precise vblank timestamp query. [ 142.142390] [drm] Initialized vkms 1.0.0 20180514 for virtual device on minor 0 root:~ # rmmod vkms.ko [ 144.093710] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0 [ 144.097491] PGD 800000023624e067 P4D 800000023624e067 PUD 22ab59067 PMD 0 [ 144.100802] Oops: 0000 [#1] SMP PTI [ 144.102502] CPU: 0 PID: 3615 Comm: rmmod Not tainted 4.19.310 #1 [ 144.104452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 144.107238] RIP: 0010:device_del+0x34/0x3a0 ... [ 144.131323] Call Trace: [ 144.131962] ? __die+0x7d/0xc0 [ 144.132711] ? no_context+0x152/0x3b0 [ 144.133605] ? wake_up_q+0x70/0x70 [ 144.134436] ? __do_page_fault+0x342/0x4b0 [ 144.135445] ? __switch_to_asm+0x41/0x70 [ 144.136416] ? __switch_to_asm+0x35/0x70 [ 144.137366] ? page_fault+0x1e/0x30 [ 144.138214] ? __drm_atomic_state_free+0x51/0x60 [ 144.139331] ? device_del+0x34/0x3a0 [ 144.140197] platform_device_del.part.14+0x19/0x70 [ 144.141348] platform_device_unregister+0xe/0x20 [ 144.142458] vkms_release+0x10/0x30 [vkms] [ 144.143449] __drm_atomic_helper_disable_all.constprop.31+0x13b/0x150 [ 144.144980] drm_atomic_helper_shutdown+0x4b/0x90 [ 144.146102] vkms_release+0x18/0x30 [vkms] [ 144.147107] vkms_exit+0x29/0x8ec [vkms] [ 144.148053] __x64_sys_delete_module+0x155/0x220 [ 144.149168] do_syscall_64+0x43/0x100 [ 144.150056] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 It seems that the proper unload sequence is: drm_atomic_helper_shutdown(); drm_dev_put(); Just put drm_atomic_helper_shutdown() before drm_dev_put() should solve the problem. Note that vkms exit code is refactored by 53d77aaa3f76 ("drm/vkms: Use devm_drm_dev_alloc") in tags/v5.10-rc1. So this bug only exists on 4.19 and 5.4. Fixes: 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") Signed-off-by: Guo Mengqi <guomengqi3(a)huawei.com> --- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c index b1201c18d3eb..d32e08f17427 100644 --- a/drivers/gpu/drm/vkms/vkms_drv.c +++ b/drivers/gpu/drm/vkms/vkms_drv.c @@ -39,7 +39,6 @@ static void vkms_release(struct drm_device *dev) struct vkms_device *vkms = container_of(dev, struct vkms_device, drm); platform_device_unregister(vkms->platform); - drm_atomic_helper_shutdown(&vkms->drm); drm_mode_config_cleanup(&vkms->drm); drm_dev_fini(&vkms->drm); } @@ -137,6 +136,7 @@ static void __exit vkms_exit(void) } drm_dev_unregister(&vkms_device->drm); + drm_atomic_helper_shutdown(&vkms_device->drm); drm_dev_put(&vkms_device->drm); kfree(vkms_device); -- 2.17.1

1 year, 5 months

3
3
0 0

Re: Broken Domain Validation in 6.1.84+

by Martin K. Petersen

Dave, >> Could you please try the patch below on top of v6.1.80? > Works okay on top of v6.1.80: > > [ 30.952668] scsi 6:0:0:0: Direct-Access HP 73.4G ST373207LW HPC1 PQ: 0 ANSI: 3 > [ 31.072592] scsi target6:0:0: Beginning Domain Validation > [ 31.139334] scsi 6:0:0:0: Power-on or device reset occurred > [ 31.186227] scsi target6:0:0: Ending Domain Validation > [ 31.240482] scsi target6:0:0: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS RTI WRFLOW PCOMP (6.25 ns, offset 63) > [ 31.462587] ata5: SATA link down (SStatus 0 SControl 0) > [ 31.618798] scsi 6:0:2:0: Direct-Access HP 73.4G ST373207LW HPC1 PQ: 0 ANSI: 3 > [ 31.732588] scsi target6:0:2: Beginning Domain Validation > [ 31.799201] scsi 6:0:2:0: Power-on or device reset occurred > [ 31.846724] scsi target6:0:2: Ending Domain Validation > [ 31.900822] scsi target6:0:2: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS RTI WRFLOW PCOMP (6.25 ns, offset 63) Great, thanks for testing! Greg, please revert the following commits from linux-6.1.y: b73dd5f99972 ("scsi: sd: usb_storage: uas: Access media prior to querying device properties") cf33e6ca12d8 ("scsi: core: Add struct for args to execution functions") and include the patch below instead. Thank you! -- Martin K. Petersen Oracle Linux Engineering From 87441914d491c01b73b949663c101056a9d9b8c7 Mon Sep 17 00:00:00 2001 From: "Martin K. Petersen" <martin.petersen(a)oracle.com> Date: Tue, 13 Feb 2024 09:33:06 -0500 Subject: [PATCH] scsi: sd: usb_storage: uas: Access media prior to querying device properties [ Upstream commit 321da3dc1f3c92a12e3c5da934090d2992a8814c ] It has been observed that some USB/UAS devices return generic properties hardcoded in firmware for mode pages for a period of time after a device has been discovered. The reported properties are either garbage or they do not accurately reflect the characteristics of the physical storage device attached in the case of a bridge. Prior to commit 1e029397d12f ("scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice") we would call revalidate several times during device discovery. As a result, incorrect values would eventually get replaced with ones accurately describing the attached storage. When we did away with the redundant revalidate pass, several cases were reported where devices reported nonsensical values or would end up in write-protected state. An initial attempt at addressing this issue involved introducing a delayed second revalidate invocation. However, this approach still left some devices reporting incorrect characteristics. Tasos Sahanidis debugged the problem further and identified that introducing a READ operation prior to MODE SENSE fixed the problem and that it wasn't a timing issue. Issuing a READ appears to cause the devices to update their state to reflect the actual properties of the storage media. Device properties like vendor, model, and storage capacity appear to be correctly reported from the get-go. It is unclear why these devices defer populating the remaining characteristics. Match the behavior of a well known commercial operating system and trigger a READ operation prior to querying device characteristics to force the device to populate the mode pages. The additional READ is triggered by a flag set in the USB storage and UAS drivers. We avoid issuing the READ for other transport classes since some storage devices identify Linux through our particular discovery command sequence. Link: https://lore.kernel.org/r/20240213143306.2194237-1-martin.petersen@oracle.c… Fixes: 1e029397d12f ("scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice") Cc: stable(a)vger.kernel.org Reported-by: Tasos Sahanidis <tasos(a)tasossah.com> Reviewed-by: Ewan D. Milne <emilne(a)redhat.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Tested-by: Tasos Sahanidis <tasos(a)tasossah.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 31b5273f43a7..349b1455a2c6 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -3284,6 +3284,24 @@ static bool sd_validate_opt_xfer_size(struct scsi_disk *sdkp, return true; } +static void sd_read_block_zero(struct scsi_disk *sdkp) +{ + unsigned int buf_len = sdkp->device->sector_size; + char *buffer, cmd[10] = { }; + + buffer = kmalloc(buf_len, GFP_KERNEL); + if (!buffer) + return; + + cmd[0] = READ_10; + put_unaligned_be32(0, &cmd[2]); /* Logical block address 0 */ + put_unaligned_be16(1, &cmd[7]); /* Transfer 1 logical block */ + + scsi_execute_req(sdkp->device, cmd, DMA_FROM_DEVICE, buffer, buf_len, + NULL, SD_TIMEOUT, sdkp->max_retries, NULL); + kfree(buffer); +} + /** * sd_revalidate_disk - called the first time a new disk is seen, * performs disk spin up, read_capacity, etc. @@ -3323,7 +3341,13 @@ static int sd_revalidate_disk(struct gendisk *disk) */ if (sdkp->media_present) { sd_read_capacity(sdkp, buffer); - + /* + * Some USB/UAS devices return generic values for mode pages + * until the media has been accessed. Trigger a READ operation + * to force the device to populate mode pages. + */ + if (sdp->read_before_ms) + sd_read_block_zero(sdkp); /* * set the default to rotational. All non-rotational devices * support the block characteristics VPD page, which will diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c index c54e9805da53..12cf9940e5b6 100644 --- a/drivers/usb/storage/scsiglue.c +++ b/drivers/usb/storage/scsiglue.c @@ -179,6 +179,13 @@ static int slave_configure(struct scsi_device *sdev) */ sdev->use_192_bytes_for_3f = 1; + /* + * Some devices report generic values until the media has been + * accessed. Force a READ(10) prior to querying device + * characteristics. + */ + sdev->read_before_ms = 1; + /* * Some devices don't like MODE SENSE with page=0x3f, * which is the command used for checking if a device diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index de3836412bf3..ed22053b3252 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -878,6 +878,13 @@ static int uas_slave_configure(struct scsi_device *sdev) if (devinfo->flags & US_FL_CAPACITY_HEURISTICS) sdev->guess_capacity = 1; + /* + * Some devices report generic values until the media has been + * accessed. Force a READ(10) prior to querying device + * characteristics. + */ + sdev->read_before_ms = 1; + /* * Some devices don't like MODE SENSE with page=0x3f, * which is the command used for checking if a device diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index d2751ed536df..1504d3137cc6 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -204,6 +204,7 @@ struct scsi_device { unsigned use_10_for_rw:1; /* first try 10-byte read / write */ unsigned use_10_for_ms:1; /* first try 10-byte mode sense/select */ unsigned set_dbd_for_ms:1; /* Set "DBD" field in mode sense */ + unsigned read_before_ms:1; /* perform a READ before MODE SENSE */ unsigned no_report_opcodes:1; /* no REPORT SUPPORTED OPERATION CODES */ unsigned no_write_same:1; /* no WRITE SAME command */ unsigned use_16_for_rw:1; /* Use read/write(16) over read/write(10) */

1 year, 5 months

3
2
0 0

v5.15+ backport request

by Ard Biesheuvel

please backport e7d24c0aa8e678f41 gcc-plugins/stackleak: Avoid .head.text section to stable kernels v5.15 and newer. This addresses the regression reported here: https://lkml.kernel.org/r/dc118105-b97c-4e51-9a42-a918fa875967%40hardfalcon… On v5.15, there is a dependency that needs to be backported first: ae978009fc013e3166c9f523f8b17e41a3c0286e gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text The particular issue that this patch fixes does not exist [yet] in v6.1 and v5.15, but I am working on backports that would introduce it. But even without those backports, this change is important as it prevents input sections from being instrumented by stackleak that may not tolerate this for other reasons too. Thanks, Ard.

1 year, 5 months

2
1
0 0

Hibernate stuck after recent kernel/workqueue.c changes in Stable 6.6.23

by Linux regression tracking (Thorsten Leemhuis)

Hi stable team, there is a report that the recent backport of 5797b1c18919cd ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") [from Tejun] to 6.6.y (as 5a70baec2294) broke hibernate for a user. 6.6.24-rc1 did not fix this problem; reverting the culprit does. > With kernel 6.6.23 hibernating usually hangs here: the display stays > on but the mouse pointer does not move and the keyboard does not work. > But SysRq REISUB does reboot. Sometimes it seems to hibernate: the > computer powers down and can be waked up and the previous display comes > visible, but it is stuck there. See https://bugzilla.kernel.org/show_bug.cgi?id=218658 for details. Note, you have to use bugzilla to reach the reporter, as I sadly[1] can not CCed them in mails like this. Side note: there is a mainline report about problems due to 5797b1c18919cd ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") as well, but it's about "nohz_full=0 prevents kernel from booting": https://bugzilla.kernel.org/show_bug.cgi?id=218665; will forward that separately to Tejun. Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat) -- Everything you wanna know about Linux kernel regression tracking: https://linux-regtracking.leemhuis.info/about/#tldr If I did something stupid, please tell me, as explained on that page. [1] because bugzilla.kernel.org tells users upon registration their "email address will never be displayed to logged out users" #regzbot introduced: 5a70baec2294e8a7d0fcc4558741c23e752dad #regzbot from: Petri Kaukasoina #regzbot duplicate: https://bugzilla.kernel.org/show_bug.cgi?id=218658 #regzbot title: workqueue: hubernate usually hangs when going to sleep #regzbot ignore-activity

1 year, 5 months

5
11
0 0

[REGRESSION] Loss of some SMART information in v6.1.81

by Cyril Brulebois

Hi, Munin uses the following command to get sensor-type information out of SMART-aware disks (e.g. temperature): /usr/sbin/smartctl -A --nocheck=standby -d ata /dev/sda This broke following an upgrade from v6.1.76 (as found in Debian 12) to v6.1.82 (as currently found in the proposed-updates repository for the next point release of Debian 12), with smartctl's now reporting: smartctl 7.3 2022-02-28 r5338 [x86_64-linux-6.1.0-19-amd64] (local build) Copyright (C) 2002-22, Bruce Allen, Christian Franke, www.smartmontools.org Device is in SLEEP mode, exit(2) This happens on baremetal with 2 pairs of disks: - 2×ST4000VN008-2DR1 (sda, sdb) - 2×ST8000VN004-2M21 (sdc, sdd) and that's an obvious lie with one pair doing system stuff and the other one doing media stuff. This also happens within a Debian 12 QEMU VM running on a Debian 12 libvirt host, when using a SATA disk, which is what I've used to test various builds from the stable/linux-6.1.y branch and associated tags. Building stable releases, I pinpointed it as a regression between v6.1.80 and v6.1.81, then pinpointed it to commit cf33e6ca12d8. #regzbot introduced: v6.1.80..v6.1.81 #regzbot introduced: cf33e6ca12d8 This is also affecting v6.1.84 and v6.1.85 (released during my git bisect session). Reported in Debian via: https://bugs.debian.org/1068675 (which included a trace with the distribution-provided v6.1.82 package). Most recent trace, with v6.1.85 (mainline, using the distribution's config but without any patches): [ 30.547027] ------------[ cut here ]------------ [ 30.547034] WARNING: CPU: 0 PID: 697 at drivers/scsi/scsi_lib.c:214 scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547082] Modules linked in: tls tun intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi aesni_intel snd_hda_codec crypto_simd cryptd rapl snd_hda_core snd_hwdep bochs drm_vram_helper pcspkr drm_ttm_helper snd_pcm iTCO_wdt snd_timer intel_pmc_bxt ttm iTCO_vendor_support snd watchdog soundcore virtio_console virtio_balloon drm_kms_helper button joydev evdev serio_raw sg binfmt_misc fuse loop drm efi_pstore dm_mod configfs qemu_fw_cfg virtio_rng ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci virtio_scsi virtio_blk virtio_net net_failover failover xhci_pci crct10dif_pclmul crct10dif_common crc32_pclmul libata crc32c_intel xhci_hcd psmouse i2c_i801 i2c_smbus scsi_mod scsi_common lpc_ich virtio_pci [ 30.547194] virtio_pci_legacy_dev virtio_pci_modern_dev usbcore usb_common virtio virtio_ring [ 30.547205] CPU: 0 PID: 697 Comm: smartctl Not tainted 6.1.85 #1 [ 30.547210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 30.547217] RIP: 0010:scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547247] Code: 55 48 89 fd 53 48 83 ec 10 4c 8b 64 24 50 48 89 0c 24 4d 85 e4 0f 84 02 02 00 00 49 83 3c 24 00 74 24 41 83 7c 24 08 60 74 1c <0f> 0b bd ea ff ff ff 48 83 c4 10 89 e8 5b 5d 41 5c 41 5d 41 5e 41 [ 30.547251] RSP: 0018:ffffa70f80defbd0 EFLAGS: 00010287 [ 30.547256] RAX: ffffa70f80defc30 RBX: ffff9ab18b085000 RCX: 0000000000000000 [ 30.547259] RDX: 0000000000000022 RSI: 0000000000000022 RDI: ffff9ab18b085000 [ 30.547262] RBP: ffff9ab18b085000 R08: 0000000000000000 R09: 00000000000009c4 [ 30.547265] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa70f80defc30 [ 30.547268] R13: 0000000000000000 R14: 00000000000009c4 R15: ffffa70f80defc60 [ 30.547271] FS: 00007f8ee64ad840(0000) GS:ffff9ab1bec00000(0000) knlGS:0000000000000000 [ 30.547275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.547278] CR2: 00007fff08df0bc0 CR3: 000000000439a003 CR4: 0000000000170ef0 [ 30.547291] Call Trace: [ 30.547296] <TASK> [ 30.547301] ? __warn+0x7d/0xc0 [ 30.547308] ? scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547338] ? report_bug+0xe2/0x150 [ 30.547348] ? handle_bug+0x41/0x70 [ 30.547354] ? exc_invalid_op+0x13/0x60 [ 30.547358] ? asm_exc_invalid_op+0x16/0x20 [ 30.547368] ? scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547397] ata_cmd_ioctl+0x144/0x2f0 [libata] [ 30.547448] scsi_ioctl+0x3f5/0x930 [scsi_mod] [ 30.547477] ? scsi_block_when_processing_errors+0x22/0x100 [scsi_mod] [ 30.547503] ? __mod_lruvec_page_state+0x93/0x140 [ 30.547508] ? scsi_ioctl_block_when_processing_errors+0x45/0x50 [scsi_mod] [ 30.547535] blkdev_ioctl+0x133/0x270 [ 30.547553] __x64_sys_ioctl+0x90/0xd0 [ 30.547564] do_syscall_64+0x55/0xb0 [ 30.547574] ? handle_mm_fault+0xdb/0x2d0 [ 30.547582] ? do_user_addr_fault+0x1b0/0x580 [ 30.547589] ? exit_to_user_mode_prepare+0x40/0x1e0 [ 30.547596] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 30.547608] RIP: 0033:0x7f8ee611cc5b [ 30.547617] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 30.547621] RSP: 002b:00007fff08df0960 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.547626] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f8ee611cc5b [ 30.547629] RDX: 00007fff08df0bc0 RSI: 000000000000031f RDI: 0000000000000003 [ 30.547632] RBP: 00007fff08df1040 R08: 0000000000000000 R09: 0000000000000000 [ 30.547634] R10: e7e85eefeeee1b19 R11: 0000000000000246 R12: 000056348ba28600 [ 30.547637] R13: 00007fff08df0bc0 R14: 00007fff08df12e0 R15: 0000000000000000 [ 30.547642] </TASK> [ 30.547644] ---[ end trace 0000000000000000 ]--- Cheers, -- Cyril Brulebois (kibi(a)debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant

1 year, 5 months

2
2
0 0

RE: [RFC] rtw88: Fix startup problems for SDIO wifi plus UART Bluetooth

by Ping-Ke Shih

Larry Finger <Larry.Finger(a)gmail.com> wrote: > As discussed in the links below, the SDIO part of RTW8821CS fails to > start correctly if such startup happens while the UART portion of > the chip is initializing. I checked with SDIO team internally, but they didn't meet this case, so we may take this workaround. SDIO team wonder if something other than BT cause this failure, and after system boots everything will be well. Could you boot the system without WiFi/BT drivers, but insmod drivers manually after booting? > --- > drivers/net/wireless/realtek/rtw88/sdio.c | 28 +++++++++++++++++++++++ > 1 file changed, 28 insertions(+) > > diff --git a/drivers/net/wireless/realtek/rtw88/sdio.c b/drivers/net/wireless/realtek/rtw88/sdio.c > index 0cae5746f540..eec0ad85be72 100644 > --- a/drivers/net/wireless/realtek/rtw88/sdio.c > +++ b/drivers/net/wireless/realtek/rtw88/sdio.c > @@ -1325,6 +1325,34 @@ int rtw_sdio_probe(struct sdio_func *sdio_func, [...] > + mdelay(500); Will it better to use sleep function?

1 year, 5 months

2
2
0 0

[RFC] rtw88: Fix startup problems for SDIO wifi plus UART Bluetooth

by Larry Finger

As discussed in the links below, the SDIO part of RTW8821CS fails to start correctly if such startup happens while the UART portion of the chip is initializing. The logged results with such failure is [ 10.230516] rtw_8821cs mmc3:0001:1: Start of rtw_sdio_probe [ 10.306569] Bluetooth: HCI UART driver ver 2.3 [ 10.306717] Bluetooth: HCI UART protocol Three-wire (H5) registered [ 10.307167] of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' missing or empty [ 10.307199] dw-apb-uart fe650000.serial: failed to request DMA [ 10.543474] rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 [ 10.730744] rtw_8821cs mmc3:0001:1: sdio read32 failed (0x11080): -110 [ 10.730923] rtw_8821cs mmc3:0001:1: sdio write32 failed (0x11080): -110 Due to the above errors, wifi fails to work. For those instances when wifi works, the following is logged: [ 10.452861] Bluetooth: HCI UART protocol Three-wire (H5) registered [ 10.453580] of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' missing or empty [ 10.453621] dw-apb-uart fe650000.serial: failed to request DMA [ 10.455741] rtw_8821cs mmc3:0001:1: Start of rtw_sdio_probe [ 10.639186] rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 In this case, SDIO wifi works correctly. The correct case is ensured by adding an mdelay(500) statement before the call to rtw_core_init(). No adverse effects are observed. Link: https://1EHFQ.trk.elasticemail.com/tracking/click?d=1UfsVowwwMAM6kBoyumkHP3… Link: https://1EHFQ.trk.elasticemail.com/tracking/click?d=XUEf4t8W9xt0czASPOeeDt8… Fixes: 65371a3f14e7 ("wifi: rtw88: sdio: Add HCI implementation for SDIO based chipsets") Signed-off-by: Larry Finger <Larry.Finger(a)gmail.com> Cc: stable(a)vger.kernel.org # v6.4+ --- drivers/net/wireless/realtek/rtw88/sdio.c | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/drivers/net/wireless/realtek/rtw88/sdio.c b/drivers/net/wireless/realtek/rtw88/sdio.c index 0cae5746f540..eec0ad85be72 100644 --- a/drivers/net/wireless/realtek/rtw88/sdio.c +++ b/drivers/net/wireless/realtek/rtw88/sdio.c @@ -1325,6 +1325,34 @@ int rtw_sdio_probe(struct sdio_func *sdio_func, rtwdev->hci.ops = &rtw_sdio_ops; rtwdev->hci.type = RTW_HCI_TYPE_SDIO; + /* Insert a delay of 500 ms. Without the delay, the wifi part + * and the UART that controls Bluetooth interfere with one + * another resulting in the following being logged: + * + * Start of SDIO probe function. + * Bluetooth: HCI UART driver ver 2.3 + * Bluetooth: HCI UART protocol Three-wire (H5) registered + * of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' + * missing or empty + * dw-apb-uart fe650000.serial: failed to request DMA +` * rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 + * rtw_8821cs mmc3:0001:1: sdio read32 failed (0x11080): -110 + * + * If the UART is finished initializing before the SDIO probe + * function startw, the following is logged: + * + * Bluetooth: HCI UART protocol Three-wire (H5) registered + * of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' + * missing or empty + * dw-apb-uart fe650000.serial: failed to request DMA + * Start of SDIO probe function. + * rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 + * Bluetooth: hci0: RTL: examining hci_ver=08 hci_rev=000c lmp_ver=08 lmp_subver=8821 + * SDIO wifi works correctly. + * + * No adverse effects are observed from the delay. + */ + mdelay(500); ret = rtw_core_init(rtwdev); if (ret) goto err_release_hw; -- 2.44.0 https://1EHFQ.trk.elasticemail.com/tracking/unsubscribe?d=XjvOA0R6jwFES_UmJ…

1 year, 5 months

1
0
0 0

Re: KASAN: slab-out-of-bounds Write in ops_init

by Eric Dumazet

On Wed, Apr 10, 2024 at 10:31 PM Cem Topcuoglu <topcuoglu.c(a)northeastern.edu> wrote: > > Hi, > > > > We encountered a bug labelled “KASAN: slab-out-of-bounds Write in ops_init” while fuzzing kernel version 5.15.124 with Syzkaller (lines exist in 5.15.154 as well). > > > > In the net_namespace.c file, we have an if condition at line 89. Subsequently, Syzkaller encounters the bug at line 90. > > > > 89 if (old_ng->s.len > id) { > > 90 old_ng->ptr[id] = data; > > 91 return 0; > > 92 } > > > > Upon inspecting the net_generic struct, we noticed that this struct uses union which puts the array and the header (including the array length information) together. > > We suspect that with this union, modifying the ng->ptr[0] is essentially modifying ng->s.len, which might fail the check in 89. This might be the cause for Syzkaller detecting this slab-out-of-bound. > Look for MIN_PERNET_OPS_ID (this should be 3) ng->ptr[0] , [1], [2] can not be overwritten. Do you have a repro ? Also please use the latest stable (5.15.154). > Since we are CS PhD students and Linux hobbyists, we do not have a full understanding of what could lead to this. We would really appreciate if you guys can share some insights into this matter : ) > > > > We attached the syzkaller’s bug report below. > > > > ================================================================== > > BUG: KASAN: slab-out-of-bounds in net_assign_generic > > usr/src/kernel/net/core/net_namespace.c:90 [inline] > > BUG: KASAN: slab-out-of-bounds in ops_init+0x44b/0x4d0 > > usr/src/kernel/net/core/net_namespace.c:129 > > Write of size 8 at addr ffff888043c62ae8 by task (coredump)/5424 > > CPU: 1 PID: 5424 Comm: (coredump) Not tainted 5.15.124-yocto-standard #1 > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 > > Call Trace: > > <TASK> > > __dump_stack usr/src/kernel/lib/dump_stack.c:88 [inline] > > dump_stack_lvl+0x51/0x70 usr/src/kernel/lib/dump_stack.c:106 > > print_address_description.constprop.0+0x24/0x140 usr/src/kernel/mm/kasan/report.c:248 > > __kasan_report usr/src/kernel/mm/kasan/report.c:434 [inline] > > kasan_report.cold+0x7d/0x117 usr/src/kernel/mm/kasan/report.c:451 > > __asan_report_store8_noabort+0x17/0x20 usr/src/kernel/mm/kasan/report_generic.c:314 > > net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] > > ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 > > setup_net+0x40a/0x970 usr/src/kernel/net/core/net_namespace.c:329 > > copy_net_ns+0x2ac/0x680 usr/src/kernel/net/core/net_namespace.c:473 > > create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 > > unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 > > ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 > > __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] > > __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] > > __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 > > do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] > > do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 > > entry_SYSCALL_64_after_hwframe+0x61/0xcb > > RIP: 0033:0x7fbafce1b39b > > Code: 73 01 c3 48 8b 0d 85 2a 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 > > 00 90 f3 0f 1e fa b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 55 2a 0e 00 f7 > > d8 64 89 01 48 > > RSP: 002b:00007ffddc8dfda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 > > RAX: ffffffffffffffda RBX: 0000557e645dd018 RCX: 00007fbafce1b39b > > RDX: 0000000000000000 RSI: 00007ffddc8dfd10 RDI: 0000000040000000 > > RBP: 00007ffddc8dfde0 R08: 0000000000000000 R09: 00007ffd00000067 > > R10: 0000000000000000 R11: 0000000000000246 R12: 00000000fffffff5 > > R13: 00007fbafd26ba60 R14: 0000000040000000 R15: 0000000000000000 > > </TASK> > > Allocated by task 5424: > > kasan_save_stack+0x26/0x60 usr/src/kernel/mm/kasan/common.c:38 > > kasan_set_track usr/src/kernel/mm/kasan/common.c:46 [inline] > > set_alloc_info usr/src/kernel/mm/kasan/common.c:434 [inline] > > ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:513 [inline] > > ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:472 [inline] > > __kasan_kmalloc+0xae/0xe0 usr/src/kernel/mm/kasan/common.c:522 > > kasan_kmalloc usr/src/kernel/include/linux/kasan.h:264 [inline] > > __kmalloc+0x308/0x560 usr/src/kernel/mm/slub.c:4407 > > kmalloc usr/src/kernel/include/linux/slab.h:596 [inline] > > kzalloc usr/src/kernel/include/linux/slab.h:721 [inline] > > net_alloc_generic+0x28/0x80 usr/src/kernel/net/core/net_namespace.c:74 > > net_alloc usr/src/kernel/net/core/net_namespace.c:401 [inline] > > copy_net_ns+0xc3/0x680 usr/src/kernel/net/core/net_namespace.c:460 > > create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 > > unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 > > ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 > > __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] > > __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] > > __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 > > do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] > > do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 > > entry_SYSCALL_64_after_hwframe+0x61/0xcb > > The buggy address belongs to the object at ffff888043c62a00 > > which belongs to the cache kmalloc-256 of size 256 > > The buggy address is located 232 bytes inside of > > 256-byte region [ffff888043c62a00, ffff888043c62b00) > > The buggy address belongs to the page: > > page:000000008dd0a6b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43c62 > > head:000000008dd0a6b6 order:1 compound_mapcount:0 > > flags: 0x4000000000010200(slab|head|zone=1) > > raw: 4000000000010200 ffffea0001108f00 0000000700000007 ffff888001041b40 > > raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 > > page dumped because: kasan: bad access detected > > Memory state around the buggy address: > > ffff888043c62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ffff888043c62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > >ffff888043c62a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc > > ^ > > ffff888043c62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ffff888043c62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ================================================================== > > kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) > > > > Best > >

1 year, 5 months

1
0
0 0

KASAN: slab-out-of-bounds Write in ops_init

by Cem Topcuoglu

Hi, We encountered a bug labelled “KASAN: slab-out-of-bounds Write in ops_init” while fuzzing kernel version 5.15.124 with Syzkaller (lines exist in 5.15.154 as well). In the net_namespace.c file, we have an if condition at line 89. Subsequently, Syzkaller encounters the bug at line 90. 89 if (old_ng->s.len > id) { 90 old_ng->ptr[id] = data; 91 return 0; 92 } Upon inspecting the net_generic struct, we noticed that this struct uses union which puts the array and the header (including the array length information) together. We suspect that with this union, modifying the ng->ptr[0] is essentially modifying ng->s.len, which might fail the check in 89. This might be the cause for Syzkaller detecting this slab-out-of-bound. Since we are CS PhD students and Linux hobbyists, we do not have a full understanding of what could lead to this. We would really appreciate if you guys can share some insights into this matter : ) We attached the syzkaller’s bug report below. ================================================================== BUG: KASAN: slab-out-of-bounds in net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] BUG: KASAN: slab-out-of-bounds in ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 Write of size 8 at addr ffff888043c62ae8 by task (coredump)/5424 CPU: 1 PID: 5424 Comm: (coredump) Not tainted 5.15.124-yocto-standard #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: <TASK> __dump_stack usr/src/kernel/lib/dump_stack.c:88 [inline] dump_stack_lvl+0x51/0x70 usr/src/kernel/lib/dump_stack.c:106 print_address_description.constprop.0+0x24/0x140 usr/src/kernel/mm/kasan/report.c:248 __kasan_report usr/src/kernel/mm/kasan/report.c:434 [inline] kasan_report.cold+0x7d/0x117 usr/src/kernel/mm/kasan/report.c:451 __asan_report_store8_noabort+0x17/0x20 usr/src/kernel/mm/kasan/report_generic.c:314 net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 setup_net+0x40a/0x970 usr/src/kernel/net/core/net_namespace.c:329 copy_net_ns+0x2ac/0x680 usr/src/kernel/net/core/net_namespace.c:473 create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7fbafce1b39b Code: 73 01 c3 48 8b 0d 85 2a 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 55 2a 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007ffddc8dfda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000557e645dd018 RCX: 00007fbafce1b39b RDX: 0000000000000000 RSI: 00007ffddc8dfd10 RDI: 0000000040000000 RBP: 00007ffddc8dfde0 R08: 0000000000000000 R09: 00007ffd00000067 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000fffffff5 R13: 00007fbafd26ba60 R14: 0000000040000000 R15: 0000000000000000 </TASK> Allocated by task 5424: kasan_save_stack+0x26/0x60 usr/src/kernel/mm/kasan/common.c:38 kasan_set_track usr/src/kernel/mm/kasan/common.c:46 [inline] set_alloc_info usr/src/kernel/mm/kasan/common.c:434 [inline] ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:513 [inline] ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:472 [inline] __kasan_kmalloc+0xae/0xe0 usr/src/kernel/mm/kasan/common.c:522 kasan_kmalloc usr/src/kernel/include/linux/kasan.h:264 [inline] __kmalloc+0x308/0x560 usr/src/kernel/mm/slub.c:4407 kmalloc usr/src/kernel/include/linux/slab.h:596 [inline] kzalloc usr/src/kernel/include/linux/slab.h:721 [inline] net_alloc_generic+0x28/0x80 usr/src/kernel/net/core/net_namespace.c:74 net_alloc usr/src/kernel/net/core/net_namespace.c:401 [inline] copy_net_ns+0xc3/0x680 usr/src/kernel/net/core/net_namespace.c:460 create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb The buggy address belongs to the object at ffff888043c62a00 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 232 bytes inside of 256-byte region [ffff888043c62a00, ffff888043c62b00) The buggy address belongs to the page: page:000000008dd0a6b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43c62 head:000000008dd0a6b6 order:1 compound_mapcount:0 flags: 0x4000000000010200(slab|head|zone=1) raw: 4000000000010200 ffffea0001108f00 0000000700000007 ffff888001041b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888043c62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888043c62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888043c62a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc ^ ffff888043c62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888043c62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) Best

1 year, 5 months

1
0
0 0

+ fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fork: defer linking file vma until vma is fully initialized has been added to the -mm mm-hotfixes-unstable branch. Its filename is fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: fork: defer linking file vma until vma is fully initialized Date: Wed, 10 Apr 2024 17:14:41 +0800 Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/fork.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) --- a/kernel/fork.c~fork-defer-linking-file-vma-until-vma-is-fully-initialized +++ a/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(str } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(str i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out; _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch

1 year, 5 months

1
0
0 0

[PATCH 6.1 000/138] 6.1.85-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.85 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.85-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.85-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> KVM: SVM: enhance info printk's in SEV init Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect access to registers Config2 and Config5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect mac ocp register access Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 +++++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/x86/Kconfig | 25 ++++ arch/x86/coco/core.c | 41 +++++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++++++ arch/x86/entry/entry_64_compat.S | 16 +++ arch/x86/entry/syscall_32.c | 21 +++- arch/x86/entry/syscall_64.c | 19 ++- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 4 +- arch/x86/events/amd/lbr.c | 16 ++- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 15 ++- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 37 +++++- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/kernel/cpu/bugs.c | 121 +++++++++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++-- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/setup.c | 2 + arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 60 ++++++---- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/ident_map.c | 23 +--- arch/x86/mm/pat/memtype.c | 49 +++++--- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 +++++----- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +++- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 ++- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +++++++++---- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +-- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++-- drivers/net/ethernet/microchip/lan743x_main.c | 18 +++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/realtek/r8169_main.c | 131 +++++++++++++++++---- drivers/net/ethernet/renesas/ravb_main.c | 33 +++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++++-- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++++-- drivers/net/phy/micrel.c | 31 +++-- drivers/net/usb/asix_devices.c | 4 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 +- drivers/of/dynamic.c | 12 ++ drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +++++- drivers/scsi/myrb.c | 20 ++-- drivers/scsi/myrs.c | 24 ++-- drivers/scsi/sd.c | 2 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 ++- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 17 ++- fs/smb/client/connect.c | 2 + fs/smb/client/dir.c | 15 +++ fs/smb/client/file.c | 111 ++++++++++++++--- fs/smb/client/fscache.c | 16 ++- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/device.h | 1 + include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 +++++ include/net/bluetooth/hci.h | 9 ++ include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 ++ kernel/bpf/verifier.c | 5 + mm/memory.c | 4 + net/9p/client.c | 10 +- net/bluetooth/hci_debugfs.c | 64 ++++++---- net/bluetooth/hci_event.c | 25 ++++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 33 ++++-- net/ipv4/inet_fragment.c | 70 +++++++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 ++ net/ipv4/udp_offload.c | 23 ++-- net/ipv6/ip6_fib.c | 14 +-- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 13 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 167 files changed, 1799 insertions(+), 555 deletions(-)

1 year, 5 months

7
6
0 0

Backport of 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") to older stable series? (at least 6.1.y)

by Salvatore Bonaccorso

Hi Greg, Sasha, Thadeu, Today there was mentioning of https://www.jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html a LPE from the n_gsm module. I do realize, Thadeu mentioned the possible attack surface already back in https://lore.kernel.org/all/ZMuRoDbMcQrsCs3m@quatroqueijos.cascardo.eti.br/… Published exploits are referenced as well through the potential initial finder in https://github.com/YuriiCrimson/ExploitGSM . While 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") is not the fix itself, it helps mitigating against this issue. Thus can you consider applying this still to the stable series as needed? I think it should go at least back to 5.15.y but if Iunderstood Thadeu correctly then even further back to the still supported stable branches. What do you think? Regards, Salvatore

1 year, 5 months

2
1
0 0

[PATCH 6.8 000/280] 6.8.5-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.5 release. There are 280 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.5-rc3.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.5-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Rework rebinding Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use ring ops TLB invalidation for rebinds Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Björn Töpel <bjorn(a)rivosinc.com> riscv: Fix vector state restore in rt_sigreturn() Kent Overstreet <kent.overstreet(a)linux.dev> aio: Fix null ptr deref in aio_complete() wakeup Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Correct the delay calculation Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Remove the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/rw: don't allow multishot reads without NOWAIT support Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Christian Bendiksen <christian(a)bendiksen.me> ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: Add pplcllpl/u members to hdac_ext_stream Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Gabe Teeger <gabe.teeger(a)amd.com> Revert "drm/amd/display: Send DTBCLK disable message on first commit" Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Peter Collingbourne <pcc(a)google.com> stackdepot: rename pool_index to pool_index_plus_1 Oscar Salvador <osalvador(a)suse.de> lib/stackdepot: move stack_record struct definition into the header Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix warning by declaring arch_cpu_idle() as noinstr Andreas Schwab <schwab(a)suse.de> riscv: use KERN_INFO in do_trap Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Limit the reserved VM space to only the platforms that need it Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without trip points Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without cooling devices Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix DSC state HW readout for SST connectors Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp pdm configuration check Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Christian Brauner <brauner(a)kernel.org> block: count BLK_OPEN_RESTRICT_WRITES openers Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Vladimir Isaev <vladimir.isaev(a)syntacore.com> riscv: hwprobe: do not produce frtace relocation Samuel Holland <samuel.holland(a)sifive.com> riscv: mm: Fix prototype to avoid discarding const Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: use += operator to append strings Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Guenter Roeck <linux(a)roeck-us.net> mean_and_variance: Drop always failing tests Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Joshua Hay <joshua.a.hay(a)intel.com> idpf: fix kernel panic on unknown packet types Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Will Deacon <will(a)kernel.org> KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent BPF accessing lowat from a subflow socket. Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Wujie Duan <wjduan(a)linx-info.com> KVM: arm64: Fix out-of-IPA space translation fault handling Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> kbuild: make -Woverride-init warnings more consistent Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning José Roberto de Souza <jose.souza(a)intel.com> drm/i915: Do not print 'pxp init failed with 0' when it succeed Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Disable AuxCCS framebuffers if built for Xe Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Validate the PASID in iommu_attach_device_pasid() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size Taimur Hassan <syed.hassan(a)amd.com> drm/amd/display: Send DTBCLK disable message on first commit Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: Update P010 scaling cap David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix debug messaging in gpiod_find_and_request() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Remove AR30 and AB30 format support Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Prasad Pandit <pjp(a)fedoraproject.org> dpll: indent DPLL option type by a tab Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_GT_PER_TILE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/queue: fix engine_class bounds check Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: use jiffies for job timeout Brian Welty <brian.welty(a)intel.com> drm/xe: Add exec_queue.sched_props.job_timeout_ms Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Remove unused xe_bo->props struct Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Jan Kara <jack(a)suse.cz> nfsd: Fix error cleanup path in nfsd_rename() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Stanislav Fomichev <sdf(a)google.com> xsk: Don't assume metadata is always requested in TX completion Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/nvhe/tlb.c | 3 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/kvm/hyp/vhe/tlb.c | 3 +- arch/arm64/kvm/mmu.c | 2 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 5 +- arch/riscv/kernel/signal.c | 15 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/kernel/vdso/Makefile | 1 + arch/riscv/kvm/aia_aplic.c | 37 +++- arch/riscv/mm/tlbflush.c | 4 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 10 +- arch/s390/kernel/perf_pai_ext.c | 10 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 ++--- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 +++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 ++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 +++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++ arch/x86/entry/entry_64_compat.S | 16 ++ arch/x86/entry/syscall_32.c | 21 ++- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 14 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 17 ++ arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/bugs.c | 121 ++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +-- arch/x86/kernel/sev.c | 14 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 +++-- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 -- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +-- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +++----- arch/x86/mm/pat/memtype.c | 49 +++-- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- block/bdev.c | 6 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++++--- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 ++- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/dpll/Kconfig | 2 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 +++++- drivers/gpio/gpiolib.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 ++- drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 +- drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 7 +- drivers/gpu/drm/i915/display/g4x_dp.c | 2 - .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 9 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 4 - drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 + drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 +- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 ++ drivers/gpu/drm/i915/gt/intel_gt.c | 6 + drivers/gpu/drm/i915/gt/intel_gt.h | 9 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 ++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++++-- drivers/gpu/drm/i915/i915_driver.c | 2 +- drivers/gpu/drm/i915/i915_perf.c | 2 +- drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 - drivers/gpu/drm/xe/Makefile | 4 +- drivers/gpu/drm/xe/xe_bo.c | 59 +----- drivers/gpu/drm/xe/xe_bo_types.h | 19 -- drivers/gpu/drm/xe/xe_device.h | 4 +- drivers/gpu/drm/xe/xe_exec.c | 31 +--- drivers/gpu/drm/xe/xe_exec_queue.c | 4 +- drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 + drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_pt.c | 8 +- drivers/gpu/drm/xe/xe_ring_ops.c | 11 +- drivers/gpu/drm/xe/xe_sched_job.c | 10 + drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/gpu/drm/xe/xe_vm.c | 27 +-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/iommu/iommu.c | 11 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 ++- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 ++-- drivers/net/ethernet/intel/e1000e/netdev.c | 24 ++- drivers/net/ethernet/intel/e1000e/phy.c | 184 +++++++++++------- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 13 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++++--- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +++-- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 18 +- drivers/net/ethernet/intel/ice/ice_switch.c | 24 ++- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 +- drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++- drivers/net/ethernet/microchip/lan743x_main.c | 18 ++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +++- drivers/net/ethernet/renesas/ravb_main.c | 33 ++-- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +++- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +++- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 ++ drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/pinctrl/aspeed/Makefile | 2 +- drivers/s390/net/qeth_core_main.c | 38 +++- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +-- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 +++++--- drivers/thermal/gov_power_allocator.c | 14 +- fs/aio.c | 2 +- fs/bcachefs/mean_and_variance_test.c | 28 +-- fs/nfsd/nfs4state.c | 7 +- fs/nfsd/vfs.c | 3 +- fs/proc/Makefile | 2 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 19 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 157 ++++++++++------ fs/smb/client/dfs.c | 51 +++-- fs/smb/client/dfs.h | 33 ++-- fs/smb/client/dfs_cache.c | 53 +++--- fs/smb/client/dir.c | 15 ++ fs/smb/client/file.c | 111 +++++++++-- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 ++ fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 8 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/stackdepot.h | 46 +++++ include/linux/udp.h | 28 +++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + include/net/xdp_sock.h | 2 + include/sound/hdaudio_ext.h | 3 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++++-------- io_uring/kbuf.h | 8 +- io_uring/rw.c | 9 +- kernel/bpf/Makefile | 2 +- kernel/bpf/syscall.c | 35 +++- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- lib/stackdepot.c | 47 +---- mm/Makefile | 3 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++++--- net/bluetooth/hci_event.c | 25 +++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 44 ++++- net/ipv4/inet_fragment.c | 70 +++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 ++- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 2 - net/mptcp/sockopt.c | 4 + net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 +++++++-- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/Makefile.extrawarn | 10 +- scripts/bpf_doc.py | 4 +- scripts/mod/modpost.c | 7 +- security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l41_hda_property.c | 6 + sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/amd/acp/acp-pci.c | 13 +- sound/soc/codecs/cs42l43.c | 12 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- sound/soc/sof/intel/hda-common-ops.c | 3 + sound/soc/sof/intel/hda-dai-ops.c | 11 ++ sound/soc/sof/intel/hda-pcm.c | 29 +++ sound/soc/sof/intel/hda-stream.c | 70 +++++++ sound/soc/sof/intel/hda.h | 6 + sound/soc/sof/intel/lnl.c | 2 - sound/soc/sof/intel/mtl.c | 14 -- sound/soc/sof/intel/mtl.h | 10 - sound/soc/sof/ipc4-pcm.c | 193 +++++++++++++++---- sound/soc/sof/ipc4-priv.h | 14 -- sound/soc/sof/ipc4-topology.c | 22 ++- sound/soc/sof/ops.h | 24 ++- sound/soc/sof/pcm.c | 8 + sound/soc/sof/sof-audio.h | 9 +- sound/soc/sof/sof-priv.h | 24 ++- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 ++-- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++++++++++++-------- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 342 files changed, 3587 insertions(+), 1739 deletions(-)

1 year, 5 months

8
7
0 0

RE: [EXTERNAL] Patch "smb: client: reuse file lease key in compound operations" has been added to the 6.8-stable tree

by Meetakshi Setiya

Hi This patch is a part of a patch series and I do not think it should be applied without the other patches since this patch when applied individually introduces some regressions. It would be good if we could hold off adding it for a few days as there is one more fix for this series that needs to go to mainline. Thanks Meetakshi -----Original Message----- From: Sasha Levin <sashal(a)kernel.org> Sent: Wednesday, April 10, 2024 9:31 PM To: stable-commits(a)vger.kernel.org; Meetakshi Setiya <msetiya(a)microsoft.com> Cc: Steve French <sfrench(a)samba.org>; Paulo Alcantara (SUSE) <pc(a)manguebit.com>; Ronnie Sahlberg <ronniesahlberg(a)gmail.com>; Shyam Prasad <Shyam.Prasad(a)microsoft.com>; tom <tom(a)talpey.com>; Bharath S M <bharathsm(a)microsoft.com> Subject: [EXTERNAL] Patch "smb: client: reuse file lease key in compound operations" has been added to the 6.8-stable tree This is a note to let you know that I've just added the patch titled smb: client: reuse file lease key in compound operations to the 6.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: smb-client-reuse-file-lease-key-in-compound-operatio.patch and it can be found in the queue-6.8 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. commit 023302dc27b26e743a30097b0bbbe7b139ac1b50 Author: Meetakshi Setiya <msetiya(a)microsoft.com> Date: Tue Mar 5 22:43:51 2024 -0500 smb: client: reuse file lease key in compound operations [ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ] Currently, when a rename, unlink or set path size compound operation is requested on a file that has a lot of dirty pages to be written to the server, we do not send the lease key for these requests. As a result, the server can assume that this request is from a new client, and send a lease break notification to the same client, on the same connection. As a response to the lease break, the client can consume several credits to write the dirty pages to the server. Depending on the server's credit grant implementation, the server can stop granting more credits to this connection, and this can cause a deadlock (which can only be resolved when the lease timer on the server expires). One of the problems here is that the client is sending no lease key, even if it has a lease for the file. This patch fixes the problem by reusing the existing lease key on the file for rename, unlink and set path size compound operations so that the client does not break its own lease. A very trivial example could be a set of commands by a client that maintains open handle (for write) to a file and then tries to copy the contents of that file to another one, eg., tail -f /dev/null > myfile & mv myfile myfile2 Presently, the network capture on the client shows that the move (or rename) would trigger a lease break on the same client, for the same file. With the lease key reused, the lease break request-response overhead is eliminated, thereby reducing the roundtrips performed for this set of operations. The patch fixes the bug described above and also provides perf benefit. Signed-off-by: Meetakshi Setiya <msetiya(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h index 844afda090d05..0870a74a53bf1 100644 --- a/fs/smb/client/cifsglob.h +++ b/fs/smb/client/cifsglob.h @@ -374,7 +374,8 @@ struct smb_version_operations { struct cifs_open_info_data *data); /* set size by path */ int (*set_path_size)(const unsigned int, struct cifs_tcon *, - const char *, __u64, struct cifs_sb_info *, bool); + const char *, __u64, struct cifs_sb_info *, bool, + struct dentry *); /* set size by file handle */ int (*set_file_size)(const unsigned int, struct cifs_tcon *, struct cifsFileInfo *, __u64, bool); @@ -404,7 +405,7 @@ struct smb_version_operations { struct cifs_sb_info *); /* unlink file */ int (*unlink)(const unsigned int, struct cifs_tcon *, const char *, - struct cifs_sb_info *); + struct cifs_sb_info *, struct dentry *); /* open, rename and delete file */ int (*rename_pending_delete)(const char *, struct dentry *, const unsigned int); diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index 996ca413dd8bd..e9b38b279a6c5 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -404,7 +404,8 @@ extern int CIFSSMBSetFileDisposition(const unsigned int xid, __u32 pid_of_opener); extern int CIFSSMBSetEOF(const unsigned int xid, struct cifs_tcon *tcon, const char *file_name, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_allocation); + struct cifs_sb_info *cifs_sb, bool set_allocation, + struct dentry *dentry); extern int CIFSSMBSetFileSize(const unsigned int xid, struct cifs_tcon *tcon, struct cifsFileInfo *cfile, __u64 size, bool set_allocation); @@ -440,7 +441,8 @@ extern int CIFSPOSIXDelFile(const unsigned int xid, struct cifs_tcon *tcon, const struct nls_table *nls_codepage, int remap_special_chars); extern int CIFSSMBDelFile(const unsigned int xid, struct cifs_tcon *tcon, - const char *name, struct cifs_sb_info *cifs_sb); + const char *name, struct cifs_sb_info *cifs_sb, + struct dentry *dentry); int CIFSSMBRename(const unsigned int xid, struct cifs_tcon *tcon, struct dentry *source_dentry, const char *from_name, const char *to_name, diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c index 01e89070df5ab..301189ee1335b 100644 --- a/fs/smb/client/cifssmb.c +++ b/fs/smb/client/cifssmb.c @@ -738,7 +738,7 @@ CIFSPOSIXDelFile(const unsigned int xid, struct cifs_tcon *tcon, int CIFSSMBDelFile(const unsigned int xid, struct cifs_tcon *tcon, const char *name, - struct cifs_sb_info *cifs_sb) + struct cifs_sb_info *cifs_sb, struct dentry *dentry) { DELETE_FILE_REQ *pSMB = NULL; DELETE_FILE_RSP *pSMBr = NULL; @@ -4993,7 +4993,7 @@ CIFSSMBQFSPosixInfo(const unsigned int xid, struct cifs_tcon *tcon, int CIFSSMBSetEOF(const unsigned int xid, struct cifs_tcon *tcon, const char *file_name, __u64 size, struct cifs_sb_info *cifs_sb, - bool set_allocation) + bool set_allocation, struct dentry *dentry) { struct smb_com_transaction2_spi_req *pSMB = NULL; struct smb_com_transaction2_spi_rsp *pSMBr = NULL; diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c index 4c3dec384f922..0aba29d2c5a2e 100644 --- a/fs/smb/client/inode.c +++ b/fs/smb/client/inode.c @@ -1849,7 +1849,7 @@ int cifs_unlink(struct inode *dir, struct dentry *dentry) goto psx_del_no_retry; } - rc = server->ops->unlink(xid, tcon, full_path, cifs_sb); + rc = server->ops->unlink(xid, tcon, full_path, cifs_sb, dentry); psx_del_no_retry: if (!rc) { @@ -2800,7 +2800,7 @@ void cifs_setsize(struct inode *inode, loff_t offset) static int cifs_set_file_size(struct inode *inode, struct iattr *attrs, - unsigned int xid, const char *full_path) + unsigned int xid, const char *full_path, struct dentry *dentry) { int rc; struct cifsFileInfo *open_file; @@ -2851,7 +2851,7 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs, */ if (server->ops->set_path_size) rc = server->ops->set_path_size(xid, tcon, full_path, - attrs->ia_size, cifs_sb, false); + attrs->ia_size, cifs_sb, false, dentry); else rc = -ENOSYS; cifs_dbg(FYI, "SetEOF by path (setattrs) rc = %d\n", rc); @@ -2941,7 +2941,7 @@ cifs_setattr_unix(struct dentry *direntry, struct iattr *attrs) rc = 0; if (attrs->ia_valid & ATTR_SIZE) { - rc = cifs_set_file_size(inode, attrs, xid, full_path); + rc = cifs_set_file_size(inode, attrs, xid, full_path, direntry); if (rc != 0) goto out; } @@ -3108,7 +3108,7 @@ cifs_setattr_nounix(struct dentry *direntry, struct iattr *attrs) } if (attrs->ia_valid & ATTR_SIZE) { - rc = cifs_set_file_size(inode, attrs, xid, full_path); + rc = cifs_set_file_size(inode, attrs, xid, full_path, direntry); if (rc != 0) goto cifs_setattr_exit; } diff --git a/fs/smb/client/smb2inode.c b/fs/smb/client/smb2inode.c index 05818cd6d932e..69f3442c5b963 100644 --- a/fs/smb/client/smb2inode.c +++ b/fs/smb/client/smb2inode.c @@ -98,7 +98,7 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, __u32 desired_access, __u32 create_disposition, __u32 create_options, umode_t mode, struct kvec *in_iov, int *cmds, int num_cmds, struct cifsFileInfo *cfile, - struct kvec *out_iov, int *out_buftype) + struct kvec *out_iov, int *out_buftype, struct dentry *dentry) { struct reparse_data_buffer *rbuf; @@ -115,6 +115,7 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, int resp_buftype[MAX_COMPOUND]; struct smb2_query_info_rsp *qi_rsp = NULL; struct cifs_open_info_data *idata; + struct inode *inode = NULL; int flags = 0; __u8 delete_pending[8] = {1, 0, 0, 0, 0, 0, 0, 0}; unsigned int size[2]; @@ -152,6 +153,15 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, goto finished; } + /* if there is an existing lease, reuse it */ + if (dentry) { + inode = d_inode(dentry); + if (CIFS_I(inode)->lease_granted && server->ops->get_lease_key) { + oplock = SMB2_OPLOCK_LEVEL_LEASE; + server->ops->get_lease_key(inode, &fid); + } + } + vars->oparms = (struct cifs_open_parms) { .tcon = tcon, .path = full_path, @@ -747,7 +757,7 @@ int smb2_query_path_info(const unsigned int xid, rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, FILE_READ_ATTRIBUTES, FILE_OPEN, create_options, ACL_NO_MODE, in_iov, - cmds, 1, cfile, out_iov, out_buftype); + cmds, 1, cfile, out_iov, out_buftype, NULL); hdr = out_iov[0].iov_base; /* * If first iov is unset, then SMB session was dropped or we've got a @@ -779,7 +789,7 @@ int smb2_query_path_info(const unsigned int xid, rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, FILE_READ_ATTRIBUTES, FILE_OPEN, create_options, ACL_NO_MODE, in_iov, - cmds, num_cmds, cfile, NULL, NULL); + cmds, num_cmds, cfile, NULL, NULL, NULL); break; case -EREMOTE: break; @@ -811,7 +821,7 @@ smb2_mkdir(const unsigned int xid, struct inode *parent_inode, umode_t mode, FILE_WRITE_ATTRIBUTES, FILE_CREATE, CREATE_NOT_FILE, mode, NULL, &(int){SMB2_OP_MKDIR}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, NULL); } void @@ -836,7 +846,7 @@ smb2_mkdir_setinfo(struct inode *inode, const char *name, FILE_WRITE_ATTRIBUTES, FILE_CREATE, CREATE_NOT_FILE, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_INFO}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); if (tmprc == 0) cifs_i->cifsAttrs = dosattrs; } @@ -850,25 +860,26 @@ smb2_rmdir(const unsigned int xid, struct cifs_tcon *tcon, const char *name, DELETE, FILE_OPEN, CREATE_NOT_FILE, ACL_NO_MODE, NULL, &(int){SMB2_OP_RMDIR}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, NULL); } int smb2_unlink(const unsigned int xid, struct cifs_tcon *tcon, const char *name, - struct cifs_sb_info *cifs_sb) + struct cifs_sb_info *cifs_sb, struct dentry *dentry) { return smb2_compound_op(xid, tcon, cifs_sb, name, DELETE, FILE_OPEN, CREATE_DELETE_ON_CLOSE | OPEN_REPARSE_POINT, ACL_NO_MODE, NULL, &(int){SMB2_OP_DELETE}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, dentry); } static int smb2_set_path_attr(const unsigned int xid, struct cifs_tcon *tcon, const char *from_name, const char *to_name, struct cifs_sb_info *cifs_sb, __u32 create_options, __u32 access, - int command, struct cifsFileInfo *cfile) + int command, struct cifsFileInfo *cfile, + struct dentry *dentry) { struct kvec in_iov; __le16 *smb2_to_name = NULL; @@ -883,7 +894,7 @@ static int smb2_set_path_attr(const unsigned int xid, struct cifs_tcon *tcon, in_iov.iov_len = 2 * UniStrnlen((wchar_t *)smb2_to_name, PATH_MAX); rc = smb2_compound_op(xid, tcon, cifs_sb, from_name, access, FILE_OPEN, create_options, ACL_NO_MODE, - &in_iov, &command, 1, cfile, NULL, NULL); + &in_iov, &command, 1, cfile, NULL, NULL, dentry); smb2_rename_path: kfree(smb2_to_name); return rc; @@ -902,7 +913,7 @@ int smb2_rename_path(const unsigned int xid, cifs_get_writable_path(tcon, from_name, FIND_WR_WITH_DELETE, &cfile); return smb2_set_path_attr(xid, tcon, from_name, to_name, cifs_sb, - co, DELETE, SMB2_OP_RENAME, cfile); + co, DELETE, SMB2_OP_RENAME, cfile, source_dentry); } int smb2_create_hardlink(const unsigned int xid, @@ -915,13 +926,14 @@ int smb2_create_hardlink(const unsigned int xid, return smb2_set_path_attr(xid, tcon, from_name, to_name, cifs_sb, co, FILE_READ_ATTRIBUTES, - SMB2_OP_HARDLINK, NULL); + SMB2_OP_HARDLINK, NULL, NULL); } int smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, const char *full_path, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_alloc) + struct cifs_sb_info *cifs_sb, bool set_alloc, + struct dentry *dentry) { struct cifsFileInfo *cfile; struct kvec in_iov; @@ -934,7 +946,7 @@ smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, FILE_WRITE_DATA, FILE_OPEN, 0, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_EOF}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, dentry); } int @@ -963,7 +975,7 @@ smb2_set_file_info(struct inode *inode, const char *full_path, FILE_WRITE_ATTRIBUTES, FILE_OPEN, 0, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_INFO}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); cifs_put_tlink(tlink); return rc; } @@ -998,7 +1010,7 @@ struct inode *smb2_get_reparse_inode(struct cifs_open_info_data *data, cifs_get_writable_path(tcon, full_path, FIND_WR_ANY, &cfile); rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, da, cd, co, ACL_NO_MODE, in_iov, - cmds, 2, cfile, NULL, NULL); + cmds, 2, cfile, NULL, NULL, NULL); if (!rc) { rc = smb311_posix_get_inode_info(&new, full_path, data, sb, xid); @@ -1008,7 +1020,7 @@ struct inode *smb2_get_reparse_inode(struct cifs_open_info_data *data, cifs_get_writable_path(tcon, full_path, FIND_WR_ANY, &cfile); rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, da, cd, co, ACL_NO_MODE, in_iov, - cmds, 2, cfile, NULL, NULL); + cmds, 2, cfile, NULL, NULL, NULL); if (!rc) { rc = cifs_get_inode_info(&new, full_path, data, sb, xid, NULL); @@ -1036,7 +1048,7 @@ int smb2_query_reparse_point(const unsigned int xid, FILE_READ_ATTRIBUTES, FILE_OPEN, OPEN_REPARSE_POINT, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_GET_REPARSE}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); if (rc) goto out; diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h index b3069911e9dd8..221143788a1c0 100644 --- a/fs/smb/client/smb2proto.h +++ b/fs/smb/client/smb2proto.h @@ -75,7 +75,8 @@ int smb2_query_path_info(const unsigned int xid, struct cifs_open_info_data *data); extern int smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, const char *full_path, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_alloc); + struct cifs_sb_info *cifs_sb, bool set_alloc, + struct dentry *dentry); extern int smb2_set_file_info(struct inode *inode, const char *full_path, FILE_BASIC_INFO *buf, const unsigned int xid); extern int smb311_posix_mkdir(const unsigned int xid, struct inode *inode, @@ -91,7 +92,8 @@ extern void smb2_mkdir_setinfo(struct inode *inode, const char *full_path, extern int smb2_rmdir(const unsigned int xid, struct cifs_tcon *tcon, const char *name, struct cifs_sb_info *cifs_sb); extern int smb2_unlink(const unsigned int xid, struct cifs_tcon *tcon, - const char *name, struct cifs_sb_info *cifs_sb); + const char *name, struct cifs_sb_info *cifs_sb, + struct dentry *dentry); int smb2_rename_path(const unsigned int xid, struct cifs_tcon *tcon, struct dentry *source_dentry,

1 year, 5 months

1
0
0 0

[PATCH 6.6 000/255] 6.6.26-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.26 release. There are 255 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.26-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.26-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Davide Caratti <dcaratti(a)redhat.com> mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix typo in assignment Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: legacy: field get conversion Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: add bit macro includes where needed Ivan Vecera <ivecera(a)redhat.com> i40e: Remove circular header dependencies and fix headers Ivan Vecera <ivecera(a)redhat.com> i40e: Split i40e_osdep.h Ivan Vecera <ivecera(a)redhat.com> i40e: Move memory allocation structures to i40e_alloc.h Ivan Vecera <ivecera(a)redhat.com> i40e: Simplify memory allocation functions Ivan Vecera <ivecera(a)redhat.com> virtchnl: Add header dependencies Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor I40E_MDIO_CLAUSE* macros Ivan Vecera <ivecera(a)redhat.com> i40e: Remove back pointer from i40e_hw structure Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Josh Poimboeuf <jpoimboe(a)kernel.org> x86/nospec: Refactor UNTRAIN_RET[_*] Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Disentangle rethunk-dependent options Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Improve i-cache locality for alias mitigation Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Jack Brennen <jbrennen(a)google.com> modpost: Optimize symbol search from linear to binary search Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add X86_FEATURE_ZEN1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Get rid of amd_erratum_1054[] Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move Zenbleed check to the Zen2 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Carve out the erratum 1386 fix Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add ZenX generations flags Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when detecting delalloc ranges during fiemap Filipe Manana <fdmanana(a)suse.com> btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14016712196 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Replace several IS_METEORLAKE with proper IP version checks Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Eliminate IS_MTL_GRAPHICS_STEP Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Consolidate condition for Wa_22011802037 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Tidy workaround definitions Matt Roper <matthew.d.roper(a)intel.com> drm/i915/dg2: Drop pre-production GT workarounds Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: realloc VSI stats arrays Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: disable multi rx queue for 9000 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/i915/display: Use i915_gem_object_get_dma_address to get dma address ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++- Documentation/admin-guide/kernel-parameters.txt | 12 + Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 3 - arch/riscv/kvm/aia_aplic.c | 37 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 +-- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 ++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 ++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 +++ arch/x86/entry/entry_64_compat.S | 16 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 24 +- arch/x86/events/amd/lbr.c | 16 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 21 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 88 +++-- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/amd.c | 129 +++++-- arch/x86/kernel/cpu/bugs.c | 126 +++++- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 14 +- arch/x86/kernel/vmlinux.lds.S | 7 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 ++- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 - arch/x86/lib/retpoline.S | 165 ++++---- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +--- arch/x86/mm/pat/memtype.c | 49 ++- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 ++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 1 + drivers/gpu/drm/i915/display/intel_cursor.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 +- drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 4 +- drivers/gpu/drm/i915/gt/intel_gt.h | 31 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 + drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 +- drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_lrc.c | 38 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 23 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 6 +- drivers/gpu/drm/i915/gt/intel_reset.c | 20 +- drivers/gpu/drm/i915/gt/intel_reset.h | 2 + drivers/gpu/drm/i915/gt/intel_rps.c | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++++++-------------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/i915_drv.h | 4 - drivers/gpu/drm/i915/i915_perf.c | 11 +- drivers/gpu/drm/i915/intel_clock_gating.c | 8 - drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 +-- drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 +- drivers/net/ethernet/intel/e1000e/82571.c | 3 +- drivers/net/ethernet/intel/e1000e/ethtool.c | 7 +- drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 +-- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 35 +- drivers/net/ethernet/intel/e1000e/phy.c | 191 ++++++---- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 63 ++- drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 + drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 1 - drivers/net/ethernet/intel/i40e/i40e_common.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 +++ drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 +- drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 + drivers/net/ethernet/intel/i40e/i40e_io.h | 16 + drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 70 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 + drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 --- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 5 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 + drivers/net/ethernet/intel/i40e/i40e_type.h | 54 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 - drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 + drivers/net/ethernet/intel/iavf/iavf_common.c | 3 +- drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 +- drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 + drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 74 ++-- drivers/net/ethernet/intel/ice/ice_switch.c | 24 +- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/igb/e1000_82575.c | 29 +- drivers/net/ethernet/intel/igb/e1000_i210.c | 19 +- drivers/net/ethernet/intel/igb/e1000_mac.c | 2 +- drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 13 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 +- drivers/net/ethernet/intel/igbvf/mbx.c | 1 + drivers/net/ethernet/intel/igbvf/netdev.c | 33 +- drivers/net/ethernet/intel/igc/igc_i225.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/igc/igc_phy.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 + drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 ++-- drivers/usb/typec/ucsi/ucsi_glink.c | 14 + fs/btrfs/extent_io.c | 208 +++++++--- fs/btrfs/inode.c | 22 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 + fs/smb/client/cifsglob.h | 17 +- fs/smb/client/connect.c | 45 ++- fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 + fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/avf/virtchnl.h | 5 + include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++---- io_uring/kbuf.h | 8 +- kernel/bpf/syscall.c | 35 +- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 +++- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 106 ++---- net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 ++++- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- scripts/mod/Makefile | 4 +- scripts/mod/modpost.c | 73 +--- scripts/mod/modpost.h | 25 ++ scripts/mod/symsearch.c | 199 ++++++++++ security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/amd/acp/acp-pci.c | 5 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- tools/arch/x86/include/asm/cpufeatures.h | 2 +- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 355 files changed, 4162 insertions(+), 2344 deletions(-)

1 year, 5 months

6
5
0 0

[PATCH 5.15 000/697] 5.15.154-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.154 release. There are 697 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.154-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.154-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jann Horn <jannh(a)google.com> openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached Jann Horn <jannh(a)google.com> HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Oleksij Rempel <linux(a)rempel-privat.de> net: usb: asix: suspend embedded PHY if external is used Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer details Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Sean Christopherson <seanjc(a)google.com> KVM: x86: Bail to userspace if emulation of atomic user access faults Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jens Axboe <axboe(a)kernel.dk> io_uring: ensure '0' is returned on file registration success Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> locking/rwsem: Disable preemption while trying for rwsem lock Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Bixuan Cui <cuibixuan(a)linux.alibaba.com> iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Stop using the SCSI pointer Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Call scsi_done() directly Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/amdgpu: Use drm_mode_copy() Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() Alexander Aring <aahringo(a)redhat.com> lockd: introduce safe async lock op NeilBrown <neilb(a)suse.de> NFSD: fix possible oops when nfsd/pool_stats is closed. Chuck Lever <chuck.lever(a)oracle.com> Documentation: Add missing documentation for EXPORT_OP flags NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() Tavian Barnes <tavianator(a)tavianator.com> nfsd: Fix creation time serialization order Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_encode_nfstime4() helper NeilBrown <neilb(a)suse.de> lockd: drop inappropriate svc_get() from locked_get() Dan Carpenter <dan.carpenter(a)linaro.org> nfsd: fix double fget() bug in __write_ports_addfd() Jeff Layton <jlayton(a)kernel.org> nfsd: make a copy of struct iattr before calling notify_change Dai Ngo <dai.ngo(a)oracle.com> NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Jeff Layton <jlayton(a)kernel.org> nfsd: simplify the delayed disposal list code Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert filecache to rhltable Jeff Layton <jlayton(a)kernel.org> nfsd: allow reaping files still under writeback Jeff Layton <jlayton(a)kernel.org> nfsd: update comment over __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: don't take/put an extra reference when putting a file Jeff Layton <jlayton(a)kernel.org> nfsd: add some comments to nfsd_file_do_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: don't kill nfsd_files because of lease break error Jeff Layton <jlayton(a)kernel.org> nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator Jeff Layton <jlayton(a)kernel.org> nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries Jeff Layton <jlayton(a)kernel.org> nfsd: don't open-code clear_and_wake_up_bit Jeff Layton <jlayton(a)kernel.org> nfsd: call op_release, even when op_func returns an error Jeff Layton <jlayton(a)kernel.org> nfsd: don't replace page in rq_pages if it's a continuation of last page Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against filesystem freezing Chuck Lever <chuck.lever(a)oracle.com> NFSD: copy the whole verifier in nfsd_copy_write_verifier Jeff Layton <jlayton(a)kernel.org> nfsd: don't fsync nfsd_files on last close Jeff Layton <jlayton(a)kernel.org> nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix problems with cleanup on errors in nfsd4_copy Jeff Layton <jlayton(a)kernel.org> nfsd: don't hand out delegation on setuid files being opened for write Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix leaked reference count of nfsd4_ssc_umount_item Jeff Layton <jlayton(a)kernel.org> nfsd: clean up potential nfsd_file refcount leaks in COPY codepath Jeff Layton <jlayton(a)kernel.org> nfsd: allow nfsd_file_get to sanely handle a NULL pointer Dai Ngo <dai.ngo(a)oracle.com> NFSD: enhance inter-server copy cleanup Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Jeff Layton <jlayton(a)kernel.org> nfsd: don't free files unconditionally in __nfsd_file_cache_purge Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" Jeff Layton <jlayton(a)kernel.org> nfsd: fix handling of cached open files in nfsd4_open codepath Jeff Layton <jlayton(a)kernel.org> nfsd: rework refcounting in filecache Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add CB_RECALL_ANY tracepoints Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Chuck Lever <chuck.lever(a)oracle.com> trace: Relocate event helper files Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: return error if nfs4_setacl fails Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_file_fsync tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Jeff Layton <jlayton(a)kernel.org> nfsd: reorganize filecache.c Jeff Layton <jlayton(a)kernel.org> nfsd: remove the pages_flushed statistic from filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection Chuck Lever <chuck.lever(a)oracle.com> NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pass the target nfsd_file to nfsd_commit() David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Finish converting the NFSv3 GETACL result encoder Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix reads with a non-zero offset that don't end on a page boundary Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix trace_nfsd_fh_verify_err() crasher Jeff Layton <jlayton(a)kernel.org> nfsd: put the export reference in nfsd4_verify_deleg_dentry Jeff Layton <jlayton(a)kernel.org> nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix net-namespace logic in __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: ensure we always call fh_verify_error tracepoint Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> NFSD: unregister shrinker when nfsd_init_net() fails Jeff Layton <jlayton(a)kernel.org> nfsd: rework hashtable handling in nfsd_do_file_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: fix nfsd_file_unhash_and_dispose Gaosheng Cui <cuigaosheng1(a)huawei.com> fanotify: Remove obsoleted fanotify_event_has_path() Gaosheng Cui <cuigaosheng1(a)huawei.com> fsnotify: remove unused declaration Al Viro <viro(a)zeniv.linux.org.uk> fs/notify: constify path Jeff Layton <jlayton(a)kernel.org> nfsd: extra checks when freeing delegation stateids Jeff Layton <jlayton(a)kernel.org> nfsd: make nfsd4_run_cb a bool return function Jeff Layton <jlayton(a)kernel.org> nfsd: fix comments about spinlock handling with delegations Jeff Layton <jlayton(a)kernel.org> nfsd: only fill out return pointer on success in nfsd4_lookup_stateid Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap rsize_bop result based on send buffer size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename the fields in copy_stateid_t ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pack struct nfsd4_compoundres Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused nfsd4_compoundargs::cachetype field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove "inline" directives on op_rsize_bop helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4svc_encode_compoundres() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up WRITE arg decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor common code out of dirlist helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Parametrize how much of argsize should be zeroed Dai Ngo <dai.ngo(a)oracle.com> NFSD: add shrinker to reap courtesy clients on low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of courtesy clients in the system Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a mechanism to wait for a DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints to report NFSv4 callback completions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace NFSv4 COMPOUND tags Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace dprintk() call site in fh_verify() Gaosheng Cui <cuigaosheng1(a)huawei.com> nfsd: remove nfsd4_prepare_cb_recall() declaration Jeff Layton <jlayton(a)kernel.org> nfsd: clean up mounted_on_fileid handling NeilBrown <neilb(a)suse.de> NFSD: drop fname and flen args from nfsd_create_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Propagate some error code returned by memdup_user() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Avoid some useless tests Jinpeng Cui <cui.jinpeng2(a)zte.com.cn> NFSD: remove redundant variable status Olga Kornievskaia <kolga(a)netapp.com> NFSD enforce filehandle check for source file in COPY Wolfram Sang <wsa+renesas(a)sang-engineering.com> lockd: move from strlcpy with unused retval to strscpy Wolfram Sang <wsa+renesas(a)sang-engineering.com> NFSD: move from strlcpy with unused retval to strscpy Al Viro <viro(a)zeniv.linux.org.uk> nfsd_splice_actor(): handle compound pages NeilBrown <neilb(a)suse.de> NFSD: fix regression with setting ACLs. NeilBrown <neilb(a)suse.de> NFSD: discard fh_locked flag and fh_lock/fh_unlock NeilBrown <neilb(a)suse.de> NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NeilBrown <neilb(a)suse.de> NFSD: use explicit lock/unlock for directory ops NeilBrown <neilb(a)suse.de> NFSD: reduce locking in nfsd_lookup() NeilBrown <neilb(a)suse.de> NFSD: only call fh_unlock() once in nfsd_link() NeilBrown <neilb(a)suse.de> NFSD: always drop directory lock in nfsd_unlink() NeilBrown <neilb(a)suse.de> NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NeilBrown <neilb(a)suse.de> NFSD: add posix ACLs to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: add security label to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: set attributes when creating symlinks NeilBrown <neilb(a)suse.de> NFSD: introduce struct nfsd_attrs Jeff Layton <jlayton(a)kernel.org> NFSD: verify the opened dentry after setting a delegation Jeff Layton <jlayton(a)kernel.org> NFSD: drop fh argument from alloc_init_deleg Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move copy offload callback arguments into a separate structure Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd4_send_cb_offload() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove kmalloc from nfsd4_do_async_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_do_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace boolean fields in struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfs4_put_copy() static Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reorder the fields in struct nfsd4_op Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy_notify Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfserrno(-ENOMEM) is nfserr_jukebox Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix strncpy() fortify warning Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_encode_readlink() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_pad_size() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Simplify starting_len Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_readv() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_read::rd_eof field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up SPLICE_OK in nfsd4_encode_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_fattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_operation() Jeff Layton <jlayton(a)kernel.org> nfsd: silence extraneous printk on nfsd.ko insertion Dai Ngo <dai.ngo(a)oracle.com> NFSD: limit the number of v4 clients to 1024 per 1GB of system memory Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of v4 clients in the system Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring v4 specific code to a helper in nfs4state.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Ensure nf_inode is never dereferenced Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 CLOSE should release an nfsd_file immediately Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move nfsd_file_trace_alloc() tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Separate tracepoints for acquire and create Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up unused code after rhashtable conversion Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert the filecache to use rhashtable Chuck Lever <chuck.lever(a)oracle.com> NFSD: Set up an rhashtable for the filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the "init once" mechanism Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove nfsd_file::nf_hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_hash_remove can compute hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor __nfsd_file_close_inode() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove lockdep assertion from unhash_and_release_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: No longer record nf_hashval in the trace log Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never call nfsd_file_gc() in foreground paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix the filecache LRU shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Leave open files out of the filecache LRU Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache LRU activity Chuck Lever <chuck.lever(a)oracle.com> NFSD: WARN when freeing an item still linked via nf_lru Chuck Lever <chuck.lever(a)oracle.com> NFSD: Hook up the filecache stat file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Zero counters when the filecache is re-initialized Chuck Lever <chuck.lever(a)oracle.com> NFSD: Record number of flush calls Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report the number of items evicted by the LRU walk Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_lru_scan() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_gc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_file_lru_dispose_list() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report average age of filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of freed filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of calls to nfsd_file_acquire() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report filecache LRU size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Demote a WARN to a pr_warn() Colin Ian King <colin.i.king(a)gmail.com> nfsd: remove redundant assignment to variable len Zhang Jiaming <jiaming(a)nfschina.com> NFSD: Fix space and spelling mistake Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instrument fh_verify() Benjamin Coddington <bcodding(a)redhat.com> NLM: Defend against file_lock changes after vfs_test_lock() Xin Gao <gaoxin(a)cdjrlc.com> fsnotify: Fix comment typo Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce FAN_MARK_IGNORE Amir Goldstein <amir73il(a)gmail.com> fanotify: cleanups for fanotify_mark() input validations Amir Goldstein <amir73il(a)gmail.com> fanotify: prepare for setting event flags in ignore mask Oliver Ford <ojford(a)gmail.com> fs: inotify: Fix typo in inotify comment Chuck Lever <chuck.lever(a)oracle.com> NFSD: Decode NFSv4 birth time attribute Amir Goldstein <amir73il(a)gmail.com> fanotify: refine the validation checks on non-dir inode mask NeilBrown <neilb(a)suse.de> NFS: restore module put when manager exits. Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix potential use-after-free in nfsd_file_put() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_put() can sleep Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Unregister the cld notifier when laundry_wq create failed Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Use RMW bitops in single-threaded hot paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache opens Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move documenting comment for nfsd4_process_open2() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix whitespace Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove dprintk call sites from tail of nfsd4_open() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instantiate a struct file when creating a regular NFSv4 file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_open_verified() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv4 OPEN(CREATE) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv3 CREATE Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_create_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd3_proc_create() Dai Ngo <dai.ngo(a)oracle.com> NFSD: Show state of courtesy client in client info Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for lock conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add helper locks_owner_has_blockers to check for blockers Dai Ngo <dai.ngo(a)oracle.com> NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for share reservation conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> NFSD: add courteous server support for thread with only delegation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_splice_actor() Vasily Averin <vvs(a)openvz.org> fanotify: fix incorrect fmode_t casts Amir Goldstein <amir73il(a)gmail.com> fsnotify: consistent behavior for parent not watching children Amir Goldstein <amir73il(a)gmail.com> fsnotify: introduce mark type iterator Amir Goldstein <amir73il(a)gmail.com> fanotify: enable "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fanotify: implement "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: factor out helper fanotify_mark_update_flags() Amir Goldstein <amir73il(a)gmail.com> fanotify: create helper fanotify_mark_user_flags() Amir Goldstein <amir73il(a)gmail.com> fsnotify: allow adding an inode mark without pinning inode Amir Goldstein <amir73il(a)gmail.com> dnotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> nfsd: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> inotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fsnotify: create helpers for group mark_mutex lock Amir Goldstein <amir73il(a)gmail.com> fsnotify: make allow_dups a property of the group Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass flags argument to fsnotify_alloc_group() Amir Goldstein <amir73il(a)gmail.com> inotify: move control flags from mask to mark flags Dai Ngo <dai.ngo(a)oracle.com> fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. Amir Goldstein <amir73il(a)gmail.com> fanotify: do not allow setting dirent events in mask of non-dir Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Clean up nfsd_file_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a write performance regression Bang Li <libang.linuxer(a)gmail.com> fsnotify: remove redundant parameter judgment Amir Goldstein <amir73il(a)gmail.com> fsnotify: optimize FS_MODIFY events with no ignored masks Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix merge with parent's ignored mask Jakob Koschel <jakobkoschel(a)gmail.com> nfsd: fix using the correct variable for sizeof() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up _lm_ operation names Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove CONFIG_NFSD_V3 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move svc_serv_ops::svo_function into struct svc_serv Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove svc_serv_ops::svo_module Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svc_shutdown_net() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_close_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_create_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svo_shutdown method Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove the .svo_enqueue_xprt method Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove NFSD_PROC_ARGS_* macros Chuck Lever <chuck.lever(a)oracle.com> NFSD: Streamline the rare "found" case Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip extra computation for RC_NOCACHE case Chuck Lever <chuck.lever(a)oracle.com> orDate: Thu Sep 30 19:19:57 2021 -0400 Ondrej Valousek <ondrej.valousek.xm(a)renesas.com> nfsd: Add support for the birth time attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Deprecate NFS_OFFSET_MAX Amir Goldstein <amir73il(a)gmail.com> fsnotify: invalidate dcache before IN_DELETE event Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move fill_pre_wcc() and fill_post_wcc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace boot verifier resets Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename boot verifier functions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the nfsd_net::nfssvc_boot field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Write verifier might go backwards Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_vfs_write() Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Retry once in nfsd_open on an -EOPENSTALE return Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Add errno mapping for EREMOTEIO Peng Tao <tao.peng(a)primarydata.com> nfsd: map EBADF Vasily Averin <vvs(a)virtuozzo.com> nfsd4: add refcount for nfsd4_blocked_lock J. Bruce Fields <bfields(a)redhat.com> nfs: block notification on fs with its own ->lock Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate nfsd4_decode_bitmap4() J. Bruce Fields <bfields(a)redhat.com> nfsd: improve stateid access bitmask documentation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Combine XDR error tracepoints NeilBrown <neilb(a)suse.de> NFSD: simplify per-net file cache management Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> NFSD: Fix inconsistent indenting Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove be32_to_cpu() from DRC hash function NeilBrown <neilb(a)suse.de> NFS: switch the callback service back to non-pooled. NeilBrown <neilb(a)suse.de> lockd: use svc_set_num_threads() for thread start and stop NeilBrown <neilb(a)suse.de> SUNRPC: always treat sv_nrpools==1 as "not pooled" NeilBrown <neilb(a)suse.de> SUNRPC: move the pool_map definitions (back) into svc.c NeilBrown <neilb(a)suse.de> lockd: rename lockd_create_svc() to lockd_get() NeilBrown <neilb(a)suse.de> lockd: introduce lockd_put() NeilBrown <neilb(a)suse.de> lockd: move svc_exit_thread() into the thread NeilBrown <neilb(a)suse.de> lockd: move lockd_start_svc() call into lockd_create_svc() NeilBrown <neilb(a)suse.de> lockd: simplify management of network status notifiers NeilBrown <neilb(a)suse.de> lockd: introduce nlmsvc_serv NeilBrown <neilb(a)suse.de> NFSD: simplify locking for network notifier. NeilBrown <neilb(a)suse.de> SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NeilBrown <neilb(a)suse.de> NFSD: Make it possible to use svc_set_num_threads_sync NeilBrown <neilb(a)suse.de> NFSD: narrow nfsd_mutex protection in nfsd thread NeilBrown <neilb(a)suse.de> SUNRPC: use sv_lock to protect updates to sv_nrthreads. NeilBrown <neilb(a)suse.de> nfsd: make nfsd_stats.th_cnt atomic_t NeilBrown <neilb(a)suse.de> SUNRPC: stop using ->sv_nrthreads as a refcount NeilBrown <neilb(a)suse.de> SUNRPC/NFSD: clean up get/put functions. NeilBrown <neilb(a)suse.de> SUNRPC: change svc_get() to return the svc. NeilBrown <neilb(a)suse.de> NFSD: handle errors better in write_ports_addfd() Eric W. Biederman <ebiederm(a)xmission.com> exit: Rename module_put_and_exit to module_put_and_kthread_exit Eric W. Biederman <ebiederm(a)xmission.com> exit: Implement kthread_exit Amir Goldstein <amir73il(a)gmail.com> fanotify: wire up FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: report old and/or new parent+name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: record either old name new name or both for FAN_RENAME Amir Goldstein <amir73il(a)gmail.com> fanotify: record old and new parent and name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: support secondary dir fh and name in fanotify_info Amir Goldstein <amir73il(a)gmail.com> fanotify: use helpers to parcel fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fanotify: use macros to get the offset to fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fsnotify: generate FS_RENAME event with rich information Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce group flag FAN_REPORT_TARGET_FID Amir Goldstein <amir73il(a)gmail.com> fsnotify: separate mark iterator type from object type enum Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify object type argument Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: fix error code saved on super block during file system abort J. Bruce Fields <bfields(a)redhat.com> nfsd4: remove obselete comment Changcheng Deng <deng.changcheng(a)zte.com.cn> NFSD:fix boolreturn.cocci warning J. Bruce Fields <bfields(a)redhat.com> nfsd: update create verifier comment Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_encode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_encode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Save location of NFSv4 COMPOUND status Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_decode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_decode Colin Ian King <colin.king(a)canonical.com> NFSD: Initialize pointer ni with NULL and not plain integer 0 NeilBrown <neilb(a)suse.de> NFSD: simplify struct nfsfh NeilBrown <neilb(a)suse.de> NFSD: drop support for ancient filehandles NeilBrown <neilb(a)suse.de> NFSD: move filehandle format declarations out of "uapi". Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize DRC bucket pruning Chuck Lever <chuck.lever(a)oracle.com> NFS: Move NFS protocol display macros to global header Chuck Lever <chuck.lever(a)oracle.com> NFS: Move generic FS show macros to global header Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field Chuck Lever <chuck.lever(a)oracle.com> NFS: Remove unnecessary TRACE_DEFINE_ENUM()s Gabriel Krisman Bertazi <krisman(a)collabora.com> docs: Document the FAN_FS_ERROR event Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: Send notifications on error Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow users to request FAN_FS_ERROR events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Emit generic error info for error event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Report fid info for file related file system errors Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: WARN_ON against too large file handles Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Add helpers to decide whether to report FID/DFID Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Wrap object_fh inline space in a creator macro Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support merging of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support enqueueing of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Pre-allocate pool of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Reserve UAPI bits for FAN_FS_ERROR Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Support FS_ERROR event type Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Require fid_mode for any non-fd event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Encode empty file handle when no inode is provided Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow file handle encoding for unhashed events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support null inode event in fanotify_dfid_inode Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Pass group argument to free_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Protect fsnotify_handle_inode_event from no-inode events Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Retrieve super block from the data field Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add wrapper around fsnotify_add_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add helper to detect overflow_event Gabriel Krisman Bertazi <krisman(a)collabora.com> inotify: Don't force FS_IN_IGNORED Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Split fsid check from other fid mode checks Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Fold event size calculation to its own function Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Don't insert unmergeable events in hashtable Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify contract for create event hooks Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass dentry instead of inode data Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass data_type to fsnotify_name() Peter Zijlstra <peterz(a)infradead.org> x86/static_call: Add support for Jcc tail-calls Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Introduce int3_emulate_jcc() Thomas Gleixner <tglx(a)linutronix.de> x86/asm: Differentiate between code and function alignment Peter Zijlstra <peterz(a)infradead.org> arch: Introduce CONFIG_FUNCTION_ALIGNMENT Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/rfds: Mitigate Register File Data Sampling (RFDS) Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation/hw-vuln: Add documentation for RFDS Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson <seanjc(a)google.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW H. Peter Anvin (Intel) <hpa(a)zytor.com> x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Limit stage2_apply_range() batch size to largest block Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Work out supported block level at compile time Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device John Garry <john.garry(a)huawei.com> dma-iommu: add iommu_dma_opt_mapping_size() John Garry <john.garry(a)huawei.com> dma-mapping: add dma_opt_mapping_size() Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Geert Uytterhoeven <geert+renesas(a)glider.be> net: ravb: Add R-Car Gen4 support Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for certain Intel Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited Bjorn Helgaas <bhelgaas(a)google.com> PCI: Work around Intel I210 ROM BAR overlap defect Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Petr Mladek <pmladek(a)suse.com> printk/console: Split out code that enables default console Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Peter Collingbourne <pcc(a)google.com> kasan: test: add memcpy test that avoids out-of-bounds write Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + .../admin-guide/filesystem-monitoring.rst | 74 ++ Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++ Documentation/admin-guide/hw-vuln/spectre.rst | 66 +- Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt | 39 +- Documentation/core-api/dma-api.rst | 14 + Documentation/filesystems/locking.rst | 10 +- Documentation/filesystems/nfs/exporting.rst | 33 + Documentation/x86/mds.rst | 34 +- MAINTAINERS | 7 + Makefile | 8 +- arch/Kconfig | 24 + arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/include/asm/kvm_pgtable.h | 18 +- arch/arm64/include/asm/stage2_pgtable.h | 20 - arch/arm64/kvm/mmu.c | 9 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/ia64/Kconfig | 1 + arch/ia64/Makefile | 2 +- arch/openrisc/kernel/dma.c | 16 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 38 + arch/x86/boot/compressed/head_64.S | 8 + arch/x86/entry/common.c | 6 +- arch/x86/entry/entry.S | 23 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 72 ++ arch/x86/entry/entry_64_compat.S | 4 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 5 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 18 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/linkage.h | 12 +- arch/x86/include/asm/msr-index.h | 19 +- arch/x86/include/asm/nospec-branch.h | 64 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/syscall.h | 10 +- arch/x86/include/asm/text-patching.h | 31 + arch/x86/kernel/alternative.c | 56 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 360 ++++-- arch/x86/kernel/cpu/common.c | 77 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/kprobes/core.c | 38 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kernel/static_call.c | 50 +- arch/x86/kvm/cpuid.c | 29 +- arch/x86/kvm/reverse_cpuid.h | 45 +- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 11 +- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/kvm/x86.c | 17 +- arch/x86/lib/retpoline.S | 5 +- arch/x86/mm/ident_map.c | 23 +- block/blk-settings.c | 4 + crypto/algboss.c | 4 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/acpi/cppc_acpi.c | 27 +- drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/cpu.c | 8 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hid/uhid.c | 20 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/infiniband/core/cm_trace.h | 2 +- drivers/infiniband/core/cma_trace.h | 2 +- drivers/iommu/dma-iommu.c | 15 + drivers/iommu/iova.c | 5 + drivers/md/dm-integrity.c | 2 +- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/realtek/r8169_main.c | 11 +- drivers/net/ethernet/renesas/ravb_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/usb/asix.h | 3 + drivers/net/usb/asix_devices.c | 20 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 12 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 6 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/of/dynamic.c | 12 + drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/pci-driver.c | 23 +- drivers/pci/pcie/dpc.c | 15 +- drivers/pci/pcie/err.c | 20 + drivers/pci/quirks.c | 100 ++ drivers/pci/setup-res.c | 8 +- drivers/phy/tegra/xusb.c | 13 + drivers/s390/crypto/zcrypt_api.c | 2 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/hosts.c | 7 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/sc16is7xx.c | 15 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 + drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 +- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/scsiglue.c | 1 - drivers/usb/storage/uas.c | 81 +- drivers/usb/storage/usb.c | 4 +- drivers/usb/typec/ucsi/ucsi.c | 42 +- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_intrs.c | 188 +-- drivers/vfio/platform/vfio_platform_irq.c | 106 +- drivers/vfio/virqfd.c | 21 + drivers/xen/events/events_base.c | 5 +- fs/Kconfig | 2 +- fs/aio.c | 8 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/cifs/connect.c | 2 +- fs/exec.c | 1 + fs/exportfs/expfs.c | 8 +- fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/ext4/super.c | 10 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/ksmbd/smb2pdu.c | 10 +- fs/lockd/host.c | 2 +- fs/lockd/svc.c | 223 ++-- fs/lockd/svc4proc.c | 29 +- fs/lockd/svclock.c | 31 +- fs/lockd/svcproc.c | 30 +- fs/lockd/svcsubs.c | 4 +- fs/lockd/xdr.c | 152 ++- fs/lockd/xdr4.c | 153 ++- fs/locks.c | 85 +- fs/nfs/callback.c | 96 +- fs/nfs/callback_xdr.c | 5 +- fs/nfs/direct.c | 11 +- fs/nfs/export.c | 9 +- fs/nfs/nfs4state.c | 2 +- fs/nfs/nfs4trace.h | 477 +------- fs/nfs/nfstrace.h | 269 +---- fs/nfs/pnfs.h | 4 - fs/nfs/write.c | 2 +- fs/nfsd/Kconfig | 27 +- fs/nfsd/Makefile | 8 +- fs/nfsd/acl.h | 6 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/cache.h | 2 +- fs/nfsd/export.h | 1 - fs/nfsd/filecache.c | 1192 +++++++++++--------- fs/nfsd/filecache.h | 19 +- fs/nfsd/flexfilelayout.c | 3 +- fs/nfsd/lockd.c | 2 +- fs/nfsd/netns.h | 34 +- fs/nfsd/nfs2acl.c | 55 +- fs/nfsd/nfs3acl.c | 83 +- fs/nfsd/nfs3proc.c | 212 +++- fs/nfsd/nfs3xdr.c | 444 +++----- fs/nfsd/nfs4acl.c | 46 +- fs/nfsd/nfs4callback.c | 125 +- fs/nfsd/nfs4idmap.c | 9 +- fs/nfsd/nfs4layouts.c | 4 +- fs/nfsd/nfs4proc.c | 986 +++++++++------- fs/nfsd/nfs4recover.c | 12 +- fs/nfsd/nfs4state.c | 1049 +++++++++++++---- fs/nfsd/nfs4xdr.c | 1115 +++++++++--------- fs/nfsd/nfscache.c | 63 +- fs/nfsd/nfsctl.c | 146 ++- fs/nfsd/nfsd.h | 35 +- fs/nfsd/nfsfh.c | 264 ++--- fs/nfsd/nfsfh.h | 145 ++- fs/nfsd/nfsproc.c | 121 +- fs/nfsd/nfssvc.c | 263 ++--- fs/nfsd/nfsxdr.c | 178 ++- fs/nfsd/state.h | 59 +- fs/nfsd/stats.c | 16 +- fs/nfsd/stats.h | 4 +- fs/nfsd/trace.h | 692 ++++++++++-- fs/nfsd/vfs.c | 822 +++++++------- fs/nfsd/vfs.h | 56 +- fs/nfsd/xdr.h | 35 +- fs/nfsd/xdr3.h | 61 +- fs/nfsd/xdr4.h | 81 +- fs/nfsd/xdr4cb.h | 6 + fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/notify/dnotify/dnotify.c | 15 +- fs/notify/fanotify/fanotify.c | 363 ++++-- fs/notify/fanotify/fanotify.h | 212 +++- fs/notify/fanotify/fanotify_user.c | 441 ++++++-- fs/notify/fdinfo.c | 16 +- fs/notify/fsnotify.c | 177 +-- fs/notify/fsnotify.h | 4 - fs/notify/group.c | 36 +- fs/notify/inotify/inotify.h | 11 +- fs/notify/inotify/inotify_fsnotify.c | 7 +- fs/notify/inotify/inotify_user.c | 53 +- fs/notify/mark.c | 137 ++- fs/notify/notification.c | 14 +- fs/open.c | 42 + fs/pipe.c | 17 +- fs/ubifs/file.c | 13 +- fs/vboxsf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 4 +- include/linux/cpu.h | 2 + include/linux/device.h | 1 + include/linux/dma-map-ops.h | 1 + include/linux/dma-mapping.h | 5 + include/linux/dnotify.h | 2 +- include/linux/exportfs.h | 17 +- include/linux/fanotify.h | 31 +- include/linux/fs.h | 26 + include/linux/fsnotify.h | 70 +- include/linux/fsnotify_backend.h | 356 +++++- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/iova.h | 2 + include/linux/kthread.h | 1 + include/linux/linkage.h | 4 +- include/linux/lockd/lockd.h | 10 +- include/linux/lockd/xdr.h | 27 +- include/linux/lockd/xdr4.h | 29 +- include/linux/minmax.h | 17 + include/linux/module.h | 6 +- include/linux/nfs.h | 8 - include/linux/nfs4.h | 17 + include/linux/nfs_fs.h | 1 + include/linux/nfs_ssc.h | 4 +- include/linux/pci.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/secretmem.h | 4 +- include/linux/sunrpc/svc.h | 93 +- include/linux/sunrpc/svc_xprt.h | 11 +- include/linux/sunrpc/svcsock.h | 7 +- include/linux/sunrpc/xdr.h | 2 + include/linux/timer.h | 18 +- include/linux/udp.h | 28 + include/linux/vfio.h | 2 + include/net/cfg802154.h | 1 + include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 + include/soc/fsl/qman.h | 9 + include/trace/events/rpcgss.h | 18 +- include/trace/events/rpcrdma.h | 44 +- include/trace/events/sunrpc.h | 74 +- include/trace/misc/fs.h | 122 ++ include/trace/misc/nfs.h | 387 +++++++ include/trace/{events => misc}/rdma.h | 0 include/trace/misc/sunrpc.h | 18 + include/uapi/linux/fanotify.h | 29 + include/uapi/linux/nfsd/nfsfh.h | 115 -- init/initramfs.c | 2 +- io_uring/io_uring.c | 2 +- kernel/audit_fsnotify.c | 8 +- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 5 +- kernel/bounds.c | 2 +- kernel/bpf/verifier.c | 5 + kernel/dma/mapping.c | 12 + kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/events/core.c | 9 + kernel/kthread.c | 23 +- kernel/locking/rwsem.c | 14 +- kernel/module.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 63 +- kernel/time/timer.c | 160 +-- kernel/trace/ring_buffer.c | 233 ++-- kernel/trace/trace.c | 21 +- lib/Kconfig.debug | 1 + lib/pci_iomap.c | 2 +- lib/test_kasan.c | 21 +- mm/compaction.c | 7 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/bnep/core.c | 2 +- net/bluetooth/cmtp/core.c | 2 +- net/bluetooth/hci_debugfs.c | 64 +- net/bluetooth/hci_event.c | 25 + net/bluetooth/hidp/core.c | 2 +- net/bridge/netfilter/ebtables.c | 6 + net/core/skbuff.c | 6 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 14 + net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 20 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 3 + net/netfilter/nf_tables_api.c | 20 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sunrpc/svc.c | 227 ++-- net/sunrpc/svc_xprt.c | 68 +- net/sunrpc/svcsock.c | 24 +- net/sunrpc/xdr.c | 22 + net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/objtool/check.c | 3 +- tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- virt/kvm/async_pf.c | 31 +- 445 files changed, 11948 insertions(+), 6886 deletions(-)

1 year, 5 months

7
6
0 0

Re: Some questions Re: [PATCH net] net: dsa: fix panic when DSA master device unbinds on shutdown

by Vladimir Oltean

On Wed, Apr 10, 2024 at 11:14:09AM +0200, Paolo Abeni wrote: > On Wed, 2024-04-10 at 09:06 +0000, xu wrote: > > Hi! Excuse me, I'm wondering why this patch was not merged into the 5.15 stable branch. > > Because it lacked the CC: stable tag? > > You can still ask (or do) an explicit backport, please have a look at: > > Documentation/process/stable-kernel-rules.rst > > Cheers, > > Paolo > My email records say that it was backported to 5.16: https://lore.kernel.org/lkml/20220214092515.419944498@linuxfoundation.org/ On 5.15 I have no idea why not (no email). Anyway, on linux-5.15.y, "git cherry-pick -xs ee534378f00561207656663d93907583958339ae" does apply (it says "auto-merging"), so maybe Greg can just pick up the fix with one command?

1 year, 5 months

3
2
0 0

[PATCH -stable 6.1.x 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 6.1.x, to add them on top of enqueued patches: a45e6889575c ("netfilter: nf_tables: release batch on table validation from abort path") 0d459e2ffb54 ("netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path") 1bc83a019bbe ("netfilter: nf_tables: discard table flag update with pending basechain deletion") Please, apply, thanks. Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion net/netfilter/nf_tables_api.c | 47 +++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 11 deletions(-) -- 2.30.2

1 year, 5 months

2
4
0 0

Linux 6.8.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.5 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++ Documentation/admin-guide/kernel-parameters.txt | 12 Makefile | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 arch/arm64/kernel/ptrace.c | 5 arch/arm64/kvm/hyp/nvhe/tlb.c | 3 arch/arm64/kvm/hyp/pgtable.c | 11 arch/arm64/kvm/hyp/vhe/tlb.c | 3 arch/arm64/kvm/mmu.c | 2 arch/arm64/net/bpf_jit_comp.c | 4 arch/powerpc/mm/book3s64/pgtable.c | 2 arch/riscv/include/asm/uaccess.h | 4 arch/riscv/include/uapi/asm/auxvec.h | 2 arch/riscv/kernel/patch.c | 8 arch/riscv/kernel/process.c | 5 arch/riscv/kernel/signal.c | 15 arch/riscv/kernel/traps.c | 2 arch/riscv/kernel/vdso/Makefile | 1 arch/riscv/kvm/aia_aplic.c | 37 + arch/riscv/mm/tlbflush.c | 4 arch/s390/boot/vmem.c | 2 arch/s390/include/asm/pgtable.h | 4 arch/s390/kernel/entry.S | 1 arch/s390/kernel/perf_pai_crypto.c | 10 arch/s390/kernel/perf_pai_ext.c | 10 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 4 arch/s390/mm/pageattr.c | 2 arch/s390/mm/pgtable.c | 2 arch/s390/mm/vmem.c | 6 arch/s390/net/bpf_jit_comp.c | 46 -- arch/sparc/mm/init_64.c | 2 arch/x86/Kconfig | 25 + arch/x86/boot/compressed/Makefile | 2 arch/x86/boot/compressed/misc.c | 16 arch/x86/boot/compressed/sev.c | 3 arch/x86/coco/core.c | 41 ++ arch/x86/entry/common.c | 10 arch/x86/entry/entry_64.S | 61 ++ arch/x86/entry/entry_64_compat.S | 16 arch/x86/entry/syscall_32.c | 21 - arch/x86/entry/syscall_64.c | 19 arch/x86/entry/syscall_x32.c | 10 arch/x86/events/intel/ds.c | 8 arch/x86/include/asm/boot.h | 1 arch/x86/include/asm/coco.h | 2 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 14 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/mem_encrypt.h | 8 arch/x86/include/asm/msr-index.h | 9 arch/x86/include/asm/nospec-branch.h | 17 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/sev.h | 10 arch/x86/include/asm/syscall.h | 11 arch/x86/include/uapi/asm/bootparam.h | 1 arch/x86/kernel/cpu/bugs.c | 121 +++++ arch/x86/kernel/cpu/common.c | 24 - arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/cpu/scattered.c | 1 arch/x86/kernel/mpparse.c | 10 arch/x86/kernel/setup.c | 2 arch/x86/kernel/sev-shared.c | 23 - arch/x86/kernel/sev.c | 14 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/reverse_cpuid.h | 5 arch/x86/kvm/svm/sev.c | 45 +- arch/x86/kvm/trace.h | 10 arch/x86/kvm/vmx/vmenter.S | 2 arch/x86/kvm/x86.c | 2 arch/x86/lib/Makefile | 13 arch/x86/lib/retpoline.S | 6 arch/x86/mm/fault.c | 4 arch/x86/mm/ident_map.c | 23 - arch/x86/mm/init_64.c | 4 arch/x86/mm/kasan_init_64.c | 2 arch/x86/mm/mem_encrypt_identity.c | 76 +-- arch/x86/mm/pat/memtype.c | 49 +- arch/x86/mm/pat/set_memory.c | 6 arch/x86/mm/pgtable.c | 2 arch/x86/mm/pti.c | 2 arch/x86/net/bpf_jit_comp.c | 2 arch/x86/power/hibernate.c | 2 arch/x86/xen/mmu_pv.c | 4 block/bdev.c | 6 drivers/acpi/acpica/dbnames.c | 8 drivers/ata/sata_mv.c | 63 +-- drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 + drivers/base/regmap/regcache-maple.c | 6 drivers/bluetooth/btqca.c | 8 drivers/bluetooth/hci_qca.c | 19 drivers/dma-buf/st-dma-fence-chain.c | 6 drivers/dpll/Kconfig | 2 drivers/firmware/efi/libstub/efi-stub-helper.c | 8 drivers/firmware/efi/libstub/efistub.h | 2 drivers/firmware/efi/libstub/x86-stub.c | 14 drivers/gpio/gpiolib-cdev.c | 58 ++ drivers/gpio/gpiolib.c | 31 - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 - drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 2 drivers/gpu/drm/drm_prime.c | 7 drivers/gpu/drm/i915/Makefile | 7 drivers/gpu/drm/i915/display/g4x_dp.c | 2 drivers/gpu/drm/i915/display/intel_display_device.h | 1 drivers/gpu/drm/i915/display/intel_dp.c | 9 drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 drivers/gpu/drm/i915/display/intel_sdvo.c | 4 drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 drivers/gpu/drm/i915/gt/intel_gt.c | 6 drivers/gpu/drm/i915/gt/intel_gt.h | 9 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 + drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++ drivers/gpu/drm/i915/i915_driver.c | 2 drivers/gpu/drm/i915/i915_perf.c | 2 drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 drivers/gpu/drm/xe/Makefile | 4 drivers/gpu/drm/xe/xe_bo.c | 59 -- drivers/gpu/drm/xe/xe_bo_types.h | 19 drivers/gpu/drm/xe/xe_device.h | 4 drivers/gpu/drm/xe/xe_exec.c | 31 - drivers/gpu/drm/xe/xe_exec_queue.c | 4 drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 drivers/gpu/drm/xe/xe_guc_submit.c | 2 drivers/gpu/drm/xe/xe_pt.c | 8 drivers/gpu/drm/xe/xe_ring_ops.c | 11 drivers/gpu/drm/xe/xe_sched_job.c | 10 drivers/gpu/drm/xe/xe_sched_job_types.h | 2 drivers/gpu/drm/xe/xe_vm.c | 27 - drivers/gpu/drm/xe/xe_vm.h | 2 drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/iommu/iommu.c | 11 drivers/md/dm-integrity.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 6 drivers/net/dsa/sja1105/sja1105_mdio.c | 2 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 - drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_tqp_stats.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/intel/e1000e/hw.h | 2 drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 + drivers/net/ethernet/intel/e1000e/netdev.c | 24 + drivers/net/ethernet/intel/e1000e/phy.c | 182 +++++--- drivers/net/ethernet/intel/e1000e/phy.h | 2 drivers/net/ethernet/intel/i40e/i40e.h | 1 drivers/net/ethernet/intel/i40e/i40e_main.c | 13 drivers/net/ethernet/intel/i40e/i40e_register.h | 3 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 drivers/net/ethernet/intel/ice/ice_lag.c | 4 drivers/net/ethernet/intel/ice/ice_lib.c | 18 drivers/net/ethernet/intel/ice/ice_switch.c | 24 - drivers/net/ethernet/intel/ice/ice_switch.h | 4 drivers/net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 drivers/net/ethernet/intel/igc/igc_main.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 + drivers/net/ethernet/microchip/lan743x_main.c | 18 drivers/net/ethernet/microchip/lan743x_main.h | 4 drivers/net/ethernet/microsoft/mana/mana_en.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 40 + drivers/net/ethernet/renesas/ravb_main.c | 33 - drivers/net/ethernet/renesas/sh_eth.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 + drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 drivers/net/phy/micrel.c | 31 + drivers/net/usb/ax88179_178a.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 5 drivers/net/wwan/t7xx/t7xx_cldma.c | 4 drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 drivers/net/xen-netfront.c | 1 drivers/of/dynamic.c | 12 drivers/of/module.c | 8 drivers/perf/riscv_pmu.c | 4 drivers/pinctrl/aspeed/Makefile | 2 drivers/s390/net/qeth_core_main.c | 38 + drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 - drivers/scsi/sd.c | 2 drivers/spi/spi-pci1xxxx.c | 2 drivers/spi/spi-s3c64xx.c | 80 ++- drivers/thermal/gov_power_allocator.c | 14 fs/aio.c | 2 fs/bcachefs/mean_and_variance_test.c | 28 - fs/nfsd/nfs4state.c | 7 fs/nfsd/vfs.c | 3 fs/proc/Makefile | 2 fs/smb/client/cached_dir.c | 6 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsfs.c | 11 fs/smb/client/cifsglob.h | 19 fs/smb/client/cifsproto.h | 20 fs/smb/client/connect.c | 153 ++++--- fs/smb/client/dfs.c | 51 +- fs/smb/client/dfs.h | 33 + fs/smb/client/dfs_cache.c | 53 +- fs/smb/client/dir.c | 15 fs/smb/client/file.c | 111 ++++- fs/smb/client/fs_context.c | 6 fs/smb/client/fs_context.h | 12 fs/smb/client/fscache.c | 16 fs/smb/client/fscache.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/ioctl.c | 6 fs/smb/client/misc.c | 8 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2misc.c | 4 fs/smb/client/smb2ops.c | 11 fs/smb/client/smb2pdu.c | 2 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/mgmt/share_config.c | 7 fs/smb/server/smb2ops.c | 10 fs/smb/server/smb2pdu.c | 3 fs/smb/server/transport_ipc.c | 37 + fs/vboxsf/super.c | 3 include/kvm/arm_pmu.h | 2 include/linux/bpf.h | 16 include/linux/device.h | 1 include/linux/io_uring_types.h | 1 include/linux/secretmem.h | 4 include/linux/skbuff.h | 7 include/linux/stackdepot.h | 46 ++ include/linux/udp.h | 28 + include/net/bluetooth/hci.h | 9 include/net/inet_connection_sock.h | 1 include/net/mana/mana.h | 1 include/net/sock.h | 7 include/net/xdp_sock.h | 2 include/sound/hdaudio_ext.h | 3 io_uring/io_uring.c | 18 io_uring/kbuf.c | 118 ++--- io_uring/kbuf.h | 8 io_uring/rw.c | 9 kernel/bpf/Makefile | 2 kernel/bpf/syscall.c | 35 + kernel/bpf/verifier.c | 5 kernel/trace/bpf_trace.c | 10 lib/stackdepot.c | 47 -- mm/Makefile | 3 mm/memory.c | 4 net/9p/client.c | 10 net/ax25/ax25_dev.c | 2 net/bluetooth/hci_debugfs.c | 48 +- net/bluetooth/hci_event.c | 25 + net/bluetooth/hci_sync.c | 5 net/bridge/netfilter/ebtables.c | 6 net/core/gro.c | 3 net/core/sock_map.c | 6 net/hsr/hsr_slave.c | 3 net/ipv4/inet_connection_sock.c | 44 +- net/ipv4/inet_fragment.c | 70 ++- net/ipv4/ip_fragment.c | 2 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 23 - net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mptcp/protocol.c | 2 net/mptcp/sockopt.c | 4 net/mptcp/subflow.c | 2 net/netfilter/nf_tables_api.c | 92 +++- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/sched/sch_api.c | 2 net/sunrpc/svcsock.c | 10 net/tls/tls_sw.c | 7 net/vmw_vsock/virtio_transport.c | 3 scripts/Makefile.extrawarn | 10 scripts/bpf_doc.py | 4 scripts/mod/modpost.c | 7 security/selinux/selinuxfs.c | 12 sound/pci/emu10k1/emu10k1_callback.c | 7 sound/pci/hda/cs35l41_hda_property.c | 6 sound/pci/hda/cs35l56_hda.c | 4 sound/pci/hda/cs35l56_hda_i2c.c | 13 sound/pci/hda/cs35l56_hda_spi.c | 13 sound/pci/hda/patch_realtek.c | 7 sound/soc/amd/acp/acp-pci.c | 13 sound/soc/codecs/cs42l43.c | 12 sound/soc/codecs/rt5682-sdw.c | 4 sound/soc/codecs/rt711-sdca-sdw.c | 4 sound/soc/codecs/rt711-sdw.c | 4 sound/soc/codecs/rt712-sdca-sdw.c | 5 sound/soc/codecs/rt722-sdca-sdw.c | 4 sound/soc/codecs/wm_adsp.c | 3 sound/soc/soc-ops.c | 2 sound/soc/sof/amd/acp.c | 8 sound/soc/sof/intel/hda-common-ops.c | 3 sound/soc/sof/intel/hda-dai-ops.c | 11 sound/soc/sof/intel/hda-pcm.c | 29 + sound/soc/sof/intel/hda-stream.c | 70 +++ sound/soc/sof/intel/hda.h | 6 sound/soc/sof/intel/lnl.c | 2 sound/soc/sof/intel/mtl.c | 14 sound/soc/sof/intel/mtl.h | 10 sound/soc/sof/ipc4-pcm.c | 191 +++++++-- sound/soc/sof/ipc4-priv.h | 14 sound/soc/sof/ipc4-topology.c | 22 + sound/soc/sof/ops.h | 24 - sound/soc/sof/pcm.c | 8 sound/soc/sof/sof-audio.h | 9 sound/soc/sof/sof-priv.h | 24 - tools/net/ynl/ynl-gen-c.py | 7 tools/testing/selftests/mm/vm_util.h | 2 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 - tools/testing/selftests/net/reuseaddr_conflict.c | 2 tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 342 files changed, 3575 insertions(+), 1727 deletions(-) Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Aleksandr Mishin (2): net: phy: micrel: Fix potential null pointer dereference octeontx2-af: Add array index check Alexandra Winter (1): s390/qeth: handle deferred cc1 Alexandre Ghiti (2): riscv: Fix warning by declaring arch_cpu_idle() as noinstr riscv: Disable preemption when using patch_map() Andi Shyti (4): drm/i915/gt: Limit the reserved VM space to only the platforms that need it drm/i915/gt: Disable HW load balancing for CCS drm/i915/gt: Do not generate the command streamer for all the CCS drm/i915/gt: Enable only one CCS for compute workload Andreas Schwab (1): riscv: use KERN_INFO in do_trap Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrii Nakryiko (2): bpf: put uprobe link's path and task in release callback bpf: support deferring bpf_link dealloc to after RCU grace period Andy Shevchenko (1): gpiolib: Fix debug messaging in gpiod_find_and_request() Andy Yan (1): drm/rockchip: vop2: Remove AR30 and AB30 format support Ankit Nautiyal (1): drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Antoine Tenart (5): selftests: net: gro fwd: update vxlan GRO test expectations gro: fix ownership transfer udp: do not accept non-tunnel GSO skbs landing in a tunnel udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: prevent local UDP tunnel packets from being GROed Anup Patel (2): RISC-V: KVM: Fix APLIC setipnum_le/be write emulation RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Ard Biesheuvel (5): efi/libstub: Add generic support for parsing mem_encrypt= x86/boot: Move mem_encrypt= parsing to the decompressor x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute Arnd Bergmann (5): dm integrity: fix out-of-range warning kbuild: make -Woverride-init warnings more consistent ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning Artem Savkov (1): arm64: bpf: fix 32bit unconditional bswap Ashish Kalra (1): KVM: SVM: Add support for allowing zero SEV ASIDs Atlas Yu (1): r8169: skip DASH fw status checks when DASH is disabled Bartosz Golaszewski (2): gpio: cdev: sanitize the label before requesting the interrupt gpio: cdev: check for NULL labels when sanitizing them for irqs Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Benjamin Berg (1): wifi: iwlwifi: mvm: include link ID when releasing frames Björn Töpel (1): riscv: Fix vector state restore in rt_sigreturn() Bjørn Mork (1): net: wwan: t7xx: Split 64bit accesses to fix alignment issues Borislav Petkov (AMD) (3): x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Brian Welty (1): drm/xe: Add exec_queue.sched_props.job_timeout_ms Charlene Liu (1): drm/amd/display: Update P010 scaling cap Charles Keepax (1): ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Christian Bendiksen (1): ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christian Brauner (1): block: count BLK_OPEN_RESTRICT_WRITES openers Christian Göttsche (1): selinux: avoid dereference of garbage after mount failure Christian Hewitt (1): drm/panfrost: fix power transition timeout warnings Christoffer Sandberg (1): ALSA: hda/realtek - Fix inactive headset mic jack Christophe JAILLET (2): vboxsf: Avoid an spurious warning if load_nls_xxx() fails net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Chuck Lever (1): SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Claudiu Beznea (1): net: ravb: Let IP-specific receive function to interrogate descriptors Daniel Sneddon (2): x86/bhi: Define SPEC_CTRL_BHI_DIS_S KVM: x86: Add BHI_NO Dave Airlie (1): nouveau/uvmm: fix addr/range calcs for remap operations David Hildenbrand (2): x86/mm/pat: fix VM_PAT handling in COW mappings mm/secretmem: fix GUP-fast succeeding on secretmem folios David Howells (2): cifs: Fix duplicate fscache cookie warnings cifs: Fix caching to try to do open O_WRONLY as rdwr on server David Thompson (3): mlxbf_gige: stop PHY during open() error paths mlxbf_gige: call request_irq() after NAPI initialized mlxbf_gige: stop interface during shutdown Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Dominique Martinet (1): 9p: Fix read/write debug statements to report server reply Duanqiang Wen (1): net: txgbe: fix i2c dev name cannot match clkdev Duoming Zhou (1): ax25: fix use-after-free bugs caused by ax25_ds_del_timer Edward Liaw (1): selftests/mm: include strings.h for ffsl Emmanuel Grumbach (1): wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() erspan: make sure erspan_base_hdr is present in skb->head Florian Westphal (1): inet: inet_defrag: prevent sk release while still in use Gabe Teeger (1): Revert "drm/amd/display: Send DTBCLK disable message on first commit" Geliang Tang (2): selftests: mptcp: join: fix dev in check_endpoint selftests: mptcp: use += operator to append strings Greg Kroah-Hartman (3): Revert "x86/mpparse: Register APIC address only once" x86: set SPECTRE_BHI_ON as default Linux 6.8.5 Guenter Roeck (1): mean_and_variance: Drop always failing tests Haiyang Zhang (1): net: mana: Fix Rx DMA datasize and skb_over_panic Hangbin Liu (1): scripts/bpf_doc: Use silent mode when exec make cmd Hariprasad Kelam (2): Octeontx2-af: fix pause frame configuration in GMP mode octeontx2-af: Fix issue with loading coalesced KPU profiles Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Horatiu Vultur (1): net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Huai-Yuan Liu (1): spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ido Schimmel (1): selftests: vxlan_mdb: Fix failures with old libnet Ilya Leoshkevich (1): s390/bpf: Fix bpf_plt pointer arithmetic Imre Deak (1): drm/i915/dp: Fix DSC state HW readout for SST connectors Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Ivan Vecera (2): i40e: Fix VF MAC filter removal i40e: Enforce software interrupt during busy-poll exit Jaewon Kim (1): spi: s3c64xx: Use DMA mode from fifo size Jakub Kicinski (2): tools: ynl: fix setting presence bits in simple nests selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jan Kara (1): nfsd: Fix error cleanup path in nfsd_rename() Jason A. Donenfeld (1): x86/coco: Require seeding RNG with RDRAND on CoCo systems Jason Gunthorpe (1): iommu: Validate the PASID in iommu_attach_device_pasid() Jeff Layton (1): nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jens Axboe (6): io_uring/kbuf: get rid of lower BGID lists io_uring/kbuf: get rid of bl->is_ready io_uring/kbuf: protect io_buffer_list teardown with a reference io_uring/rw: don't allow multishot reads without NOWAIT support io_uring: use private workqueue for exit work io_uring/kbuf: hold io_buffer_list reference over mmap Jesper Dangaard Brouer (1): xen-netfront: Add missing skb_mark_for_recycle Jesse Brandeburg (1): ice: fix memory corruption bug with suspend and rebuild Jian Shen (1): net: hns3: mark unexcuted loopback test result as UNEXECUTED Jie Wang (1): net: hns3: fix index limit to support all queue stats Johan Hovold (4): Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Bluetooth: qca: fix device-address endianness Bluetooth: add quirk for broken address properties Johannes Berg (1): wifi: iwlwifi: mvm: rfi: fix potential response leaks Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid the interface always configured as random address Josh Poimboeuf (1): x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Joshua Hay (1): idpf: fix kernel panic on unknown packet types José Roberto de Souza (1): drm/i915: Do not print 'pxp init failed with 0' when it succeed Juha-Pekka Heikkila (1): drm/i915/display: Disable AuxCCS framebuffers if built for Xe Justin Chen (1): net: bcmasp: Bring up unimac after PHY link up Kan Liang (1): perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Kent Gibson (1): gpio: cdev: fix missed label sanitizing in debounce_setup() Kent Overstreet (1): aio: Fix null ptr deref in aio_complete() wakeup Kuniyuki Iwashima (3): tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. ipv6: Fix infinite recursion in fib6_dump_done(). Kurt Kanzenbach (1): igc: Remove stale comment about Tx timestamping Li Nan (1): scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Linus Torvalds (1): x86/syscall: Don't force use of indirect calls for system calls Luke D. Jones (1): ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Pinna (1): vsock/virtio: fix packet delivery to tap device Mario Limonciello (1): drm/amd: Flush GFXOFF requests in prepare stage Mark Brown (1): arm64/ptrace: Use saved floating point state type to determine SVE layout Masahiro Yamada (1): modpost: do not make find_tosym() return NULL Matt Roper (1): drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Matthew Auld (4): drm/xe/guc_submit: use jiffies for job timeout drm/xe/queue: fix engine_class bounds check drm/xe/device: fix XE_MAX_GT_PER_TILE check drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthieu Baerts (NGI0) (1): selftests: mptcp: connect: fix shellcheck warnings Michael Krummsdorf (1): net: dsa: mv88e6xxx: fix usable ports on 88e6020 Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Nikita Travkin (2): thermal: gov_power_allocator: Allow binding without cooling devices thermal: gov_power_allocator: Allow binding without trip points Nirmoy Das (1): drm/xe: Remove unused xe_bo->props struct Oliver Upton (1): KVM: arm64: Fix host-programmed guest events in nVHE Oscar Salvador (1): lib/stackdepot: move stack_record struct definition into the header Oswald Buddenhagen (1): Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Pablo Neira Ayuso (8): netfilter: nf_tables: reject destroy command to remove basechain hooks netfilter: nf_tables: reject table flag and netdev basechain updates netfilter: nf_tables: skip netdev hook unregistration if table is dormant netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: discard table flag update with pending basechain deletion Paolo Abeni (1): mptcp: prevent BPF accessing lowat from a subflow socket. Paul Barker (2): net: ravb: Always process TX descriptor ring net: ravb: Always update error counters Paulo Alcantara (14): smb: client: fix UAF in smb2_reconnect_server() smb: client: guarantee refcounted children from parent session smb: client: refresh referral without acquiring refpath_lock smb: client: handle DFS tcons in cifs_construct_tcon() smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex smb: client: fix potential UAF in cifs_debug_files_proc_show() smb: client: fix potential UAF in cifs_stats_proc_write() smb: client: fix potential UAF in cifs_stats_proc_show() smb: client: fix potential UAF in cifs_dump_full_key() smb: client: fix potential UAF in smb2_is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_valid_lease_break() smb: client: fix potential UAF in is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_network_name_deleted() smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Pavel Sakharov (1): dma-buf: Fix NULL pointer dereference in sanitycheck() Pawan Gupta (4): x86/bhi: Add support for clearing branch history at syscall entry x86/bhi: Enumerate Branch History Injection (BHI) bug x86/bhi: Add BHI mitigation knob x86/bhi: Mitigate KVM by default Peter Collingbourne (1): stackdepot: rename pool_index to pool_index_plus_1 Peter Ujfalusi (17): ALSA: hda: Add pplcllpl/u members to hdac_ext_stream ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay ASoC: SOF: Remove the get_stream_position callback ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops ASoC: SOF: ipc4-pcm: Correct the delay calculation ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Xu (1): mm/treewide: replace pud_large() with pud_leaf() Petr Oros (1): ice: fix enabling RX VLAN filtering Pierre-Louis Bossart (5): ASoC: rt5682-sdw: fix locking sequence ASoC: rt711-sdca: fix locking sequence ASoC: rt711-sdw: fix locking sequence ASoC: rt712-sdca-sdw: fix locking sequence ASoC: rt722-sdca-sdw: fix locking sequence Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Prasad Pandit (1): dpll: indent DPLL option type by a tab Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Lehui (1): drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Puranjay Mohan (1): bpf, arm64: fix bug in BPF_LDX_MEMSX Raju Lakkaraju (1): net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Ravi Gunasekaran (1): net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Richard Fitzgerald (3): ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() regmap: maple: Fix cache corruption in regcache_maple_drop() regmap: maple: Fix uninitialized symbol 'ret' warnings Ritvik Budhiraja (1): smb3: retrying on failed server close Rob Clark (1): drm/prime: Unbreak virtgpu dma-buf export Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Sabrina Dubroca (3): tls: recv: process_rx_list shouldn't use an offset with kvec tls: adjust recv return with async crypto and failed copy to userspace tls: get psock ref after taking rxlock to avoid leak Sam Protsenko (1): spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Samuel Holland (2): riscv: mm: Fix prototype to avoid discarding const riscv: Fix spurious errors from __get/put_kernel_nofault Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Sean Christopherson (2): x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word KVM: SVM: Use unsigned integers when dealing with ASIDs Sergey Shtylyov (1): of: module: prevent NULL pointer dereference in vsnprintf() Simon Trimmer (2): ALSA: hda: cs35l56: Set the init_done flag before component_add() ALSA: hda: cs35l56: Add ACPI device match tables Stanislav Fomichev (1): xsk: Don't assume metadata is always requested in TX completion Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Zou (1): ice: Refactor FW data type and fix bitmap casting issue Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Taimur Hassan (1): drm/amd/display: Send DTBCLK disable message on first commit Tejas Upadhyay (1): drm/i915/mtl: Update workaround 14018575942 Thomas Hellström (2): drm/xe: Use ring ops TLB invalidation for rebinds drm/xe: Rework rebinding Thomas Richter (1): s390/pai: fix sampling event removal for PMU device driver Tudor Ambarus (6): spi: s3c64xx: sort headers alphabetically spi: s3c64xx: explicitly include <linux/bits.h> spi: s3c64xx: remove else after return spi: s3c64xx: define a magic value spi: s3c64xx: allow full FIFO masks spi: s3c64xx: determine the fifo depth only once Uros Bizjak (1): x86/bpf: Fix IP after emitting call depth accounting Victor Isaev (1): RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Vijendar Mukunda (3): ASoC: amd: acp: fix for acp pdm configuration check ASoC: amd: acp: fix for acp_init function error handling ASoC: SOF: amd: fix for false dsp interrupts Ville Syrjälä (3): drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP drm/i915/mst: Limit MST+DSC to TGL+ drm/i915/mst: Reject FEC+MST on ICL Vitaly Lifshits (3): e1000e: Workaround for sporadic MDI error on Meteor Lake systems e1000e: Minor flow correction in e1000_shutdown function e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vladimir Isaev (1): riscv: hwprobe: do not produce frtace relocation Wei Fang (1): net: fec: Set mac_managed_pm during probe Will Deacon (2): KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() KVM: arm64: Ensure target address is granule-aligned for range TLBI Wujie Duan (1): KVM: arm64: Fix out-of-IPA space translation fault handling Yonglong Liu (1): net: hns3: fix kernel crash when devlink reload during pf initialization Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

1 year, 5 months

1
1
0 0

Linux 6.6.26

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.26 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 48 - Documentation/admin-guide/kernel-parameters.txt | 12 Makefile | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 arch/arm64/kernel/ptrace.c | 5 arch/arm64/kvm/hyp/pgtable.c | 11 arch/arm64/net/bpf_jit_comp.c | 4 arch/powerpc/mm/book3s64/pgtable.c | 2 arch/riscv/include/asm/uaccess.h | 4 arch/riscv/include/uapi/asm/auxvec.h | 2 arch/riscv/kernel/patch.c | 8 arch/riscv/kernel/process.c | 3 arch/riscv/kvm/aia_aplic.c | 37 arch/s390/boot/vmem.c | 2 arch/s390/include/asm/pgtable.h | 4 arch/s390/kernel/entry.S | 1 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 4 arch/s390/mm/pageattr.c | 2 arch/s390/mm/pgtable.c | 2 arch/s390/mm/vmem.c | 6 arch/s390/net/bpf_jit_comp.c | 46 - arch/sparc/mm/init_64.c | 2 arch/x86/Kconfig | 25 arch/x86/boot/compressed/Makefile | 2 arch/x86/boot/compressed/misc.c | 16 arch/x86/boot/compressed/sev.c | 3 arch/x86/coco/core.c | 41 arch/x86/entry/common.c | 10 arch/x86/entry/entry_64.S | 61 + arch/x86/entry/entry_64_compat.S | 16 arch/x86/entry/syscall_32.c | 21 arch/x86/entry/syscall_64.c | 19 arch/x86/entry/syscall_x32.c | 10 arch/x86/events/amd/core.c | 24 arch/x86/events/amd/lbr.c | 16 arch/x86/events/intel/ds.c | 8 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/boot.h | 1 arch/x86/include/asm/coco.h | 2 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 21 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/init.h | 2 arch/x86/include/asm/mem_encrypt.h | 8 arch/x86/include/asm/msr-index.h | 9 arch/x86/include/asm/nospec-branch.h | 88 +- arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/sev.h | 10 arch/x86/include/asm/syscall.h | 11 arch/x86/include/uapi/asm/bootparam.h | 1 arch/x86/kernel/cpu/amd.c | 129 ++- arch/x86/kernel/cpu/bugs.c | 126 ++ arch/x86/kernel/cpu/common.c | 24 arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/head64.c | 3 arch/x86/kernel/mpparse.c | 10 arch/x86/kernel/setup.c | 2 arch/x86/kernel/sev-shared.c | 23 arch/x86/kernel/sev.c | 14 arch/x86/kernel/vmlinux.lds.S | 7 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/reverse_cpuid.h | 5 arch/x86/kvm/svm/sev.c | 45 - arch/x86/kvm/trace.h | 10 arch/x86/kvm/vmx/vmenter.S | 2 arch/x86/kvm/x86.c | 2 arch/x86/lib/Makefile | 13 arch/x86/lib/retpoline.S | 165 ++- arch/x86/mm/fault.c | 4 arch/x86/mm/ident_map.c | 23 arch/x86/mm/init_64.c | 4 arch/x86/mm/kasan_init_64.c | 2 arch/x86/mm/mem_encrypt_identity.c | 76 - arch/x86/mm/pat/memtype.c | 49 - arch/x86/mm/pat/set_memory.c | 6 arch/x86/mm/pgtable.c | 2 arch/x86/mm/pti.c | 2 arch/x86/net/bpf_jit_comp.c | 2 arch/x86/power/hibernate.c | 2 arch/x86/xen/mmu_pv.c | 4 drivers/acpi/acpica/dbnames.c | 8 drivers/ata/sata_mv.c | 63 - drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 drivers/base/regmap/regcache-maple.c | 6 drivers/bluetooth/btqca.c | 8 drivers/bluetooth/hci_qca.c | 19 drivers/dma-buf/st-dma-fence-chain.c | 6 drivers/firmware/efi/libstub/efi-stub-helper.c | 8 drivers/firmware/efi/libstub/efistub.h | 2 drivers/firmware/efi/libstub/x86-stub.c | 14 drivers/gpio/gpiolib-cdev.c | 58 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 - drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/include/amd_shared.h | 1 drivers/gpu/drm/drm_prime.c | 7 drivers/gpu/drm/i915/Makefile | 1 drivers/gpu/drm/i915/display/intel_cursor.c | 6 drivers/gpu/drm/i915/display/intel_display_types.h | 1 drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 4 drivers/gpu/drm/i915/gt/intel_gt.h | 31 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 drivers/gpu/drm/i915/gt/intel_lrc.c | 38 drivers/gpu/drm/i915/gt/intel_mocs.c | 23 drivers/gpu/drm/i915/gt/intel_rc6.c | 6 drivers/gpu/drm/i915/gt/intel_reset.c | 20 drivers/gpu/drm/i915/gt/intel_reset.h | 2 drivers/gpu/drm/i915/gt/intel_rps.c | 2 drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 drivers/gpu/drm/i915/i915_debugfs.c | 2 drivers/gpu/drm/i915/i915_drv.h | 4 drivers/gpu/drm/i915/i915_perf.c | 11 drivers/gpu/drm/i915/intel_clock_gating.c | 8 drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 drivers/md/dm-integrity.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 6 drivers/net/dsa/sja1105/sja1105_mdio.c | 2 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_tqp_stats.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 - drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 drivers/net/ethernet/intel/e1000e/82571.c | 3 drivers/net/ethernet/intel/e1000e/ethtool.c | 7 drivers/net/ethernet/intel/e1000e/hw.h | 2 drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 - drivers/net/ethernet/intel/e1000e/mac.c | 2 drivers/net/ethernet/intel/e1000e/netdev.c | 35 drivers/net/ethernet/intel/e1000e/phy.c | 191 ++-- drivers/net/ethernet/intel/e1000e/phy.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 drivers/net/ethernet/intel/i40e/i40e.h | 59 - drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 drivers/net/ethernet/intel/i40e/i40e_client.c | 1 drivers/net/ethernet/intel/i40e/i40e_common.c | 12 drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 + drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 drivers/net/ethernet/intel/i40e/i40e_io.h | 16 drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 drivers/net/ethernet/intel/i40e/i40e_main.c | 70 + drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 - drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 drivers/net/ethernet/intel/i40e/i40e_register.h | 5 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 drivers/net/ethernet/intel/i40e/i40e_type.h | 56 - drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 - drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 drivers/net/ethernet/intel/iavf/iavf_common.c | 3 drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 drivers/net/ethernet/intel/ice/ice_lag.c | 4 drivers/net/ethernet/intel/ice/ice_lib.c | 74 + drivers/net/ethernet/intel/ice/ice_switch.c | 24 drivers/net/ethernet/intel/ice/ice_switch.h | 4 drivers/net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 drivers/net/ethernet/intel/igb/e1000_82575.c | 29 drivers/net/ethernet/intel/igb/e1000_i210.c | 19 drivers/net/ethernet/intel/igb/e1000_mac.c | 2 drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 drivers/net/ethernet/intel/igb/e1000_phy.c | 13 drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 drivers/net/ethernet/intel/igb/igb_main.c | 4 drivers/net/ethernet/intel/igbvf/mbx.c | 1 drivers/net/ethernet/intel/igbvf/netdev.c | 33 drivers/net/ethernet/intel/igc/igc_i225.c | 1 drivers/net/ethernet/intel/igc/igc_main.c | 4 drivers/net/ethernet/intel/igc/igc_phy.c | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 drivers/net/ethernet/microchip/lan743x_main.c | 18 drivers/net/ethernet/microchip/lan743x_main.h | 4 drivers/net/ethernet/microsoft/mana/mana_en.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 40 drivers/net/ethernet/renesas/ravb_main.c | 33 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 drivers/net/phy/micrel.c | 31 drivers/net/usb/ax88179_178a.c | 2 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 drivers/net/wwan/t7xx/t7xx_cldma.c | 4 drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 drivers/net/xen-netfront.c | 1 drivers/of/dynamic.c | 12 drivers/of/module.c | 8 drivers/perf/riscv_pmu.c | 4 drivers/s390/net/qeth_core_main.c | 38 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/sd.c | 2 drivers/spi/spi-pci1xxxx.c | 2 drivers/spi/spi-s3c64xx.c | 80 + drivers/usb/typec/ucsi/ucsi_glink.c | 14 fs/btrfs/extent_io.c | 208 +++- fs/btrfs/inode.c | 22 fs/nfsd/nfs4state.c | 7 fs/pipe.c | 17 fs/smb/client/cached_dir.c | 6 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsfs.c | 11 fs/smb/client/cifsglob.h | 17 fs/smb/client/connect.c | 45 + fs/smb/client/dir.c | 15 fs/smb/client/file.c | 111 ++ fs/smb/client/fs_context.c | 6 fs/smb/client/fs_context.h | 12 fs/smb/client/fscache.c | 16 fs/smb/client/fscache.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/ioctl.c | 6 fs/smb/client/misc.c | 2 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2misc.c | 4 fs/smb/client/smb2ops.c | 11 fs/smb/client/smb2pdu.c | 2 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/mgmt/share_config.c | 7 fs/smb/server/smb2ops.c | 10 fs/smb/server/smb2pdu.c | 3 fs/smb/server/transport_ipc.c | 37 fs/vboxsf/super.c | 3 include/kvm/arm_pmu.h | 2 include/linux/avf/virtchnl.h | 5 include/linux/bpf.h | 16 include/linux/device.h | 1 include/linux/io_uring_types.h | 1 include/linux/secretmem.h | 4 include/linux/skbuff.h | 7 include/linux/udp.h | 28 include/net/bluetooth/hci.h | 9 include/net/inet_connection_sock.h | 1 include/net/mana/mana.h | 1 include/net/sock.h | 7 io_uring/io_uring.c | 18 io_uring/kbuf.c | 118 -- io_uring/kbuf.h | 8 kernel/bpf/syscall.c | 35 kernel/bpf/verifier.c | 5 kernel/trace/bpf_trace.c | 10 mm/memory.c | 4 net/9p/client.c | 10 net/ax25/ax25_dev.c | 2 net/bluetooth/hci_debugfs.c | 48 - net/bluetooth/hci_event.c | 25 net/bluetooth/hci_sync.c | 5 net/bridge/netfilter/ebtables.c | 6 net/core/gro.c | 3 net/core/sock_map.c | 6 net/hsr/hsr_slave.c | 3 net/ipv4/inet_connection_sock.c | 33 net/ipv4/inet_fragment.c | 70 + net/ipv4/ip_fragment.c | 2 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 23 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mptcp/protocol.c | 106 -- net/mptcp/subflow.c | 2 net/netfilter/nf_tables_api.c | 92 +- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/sched/sch_api.c | 2 net/sunrpc/svcsock.c | 10 net/tls/tls_sw.c | 7 net/vmw_vsock/virtio_transport.c | 3 scripts/bpf_doc.py | 4 scripts/mod/Makefile | 4 scripts/mod/modpost.c | 73 - scripts/mod/modpost.h | 25 scripts/mod/symsearch.c | 199 ++++ security/selinux/selinuxfs.c | 12 sound/pci/emu10k1/emu10k1_callback.c | 7 sound/pci/hda/cs35l56_hda.c | 4 sound/pci/hda/cs35l56_hda_i2c.c | 13 sound/pci/hda/cs35l56_hda_spi.c | 13 sound/pci/hda/patch_realtek.c | 3 sound/soc/amd/acp/acp-pci.c | 5 sound/soc/codecs/rt5682-sdw.c | 4 sound/soc/codecs/rt711-sdca-sdw.c | 4 sound/soc/codecs/rt711-sdw.c | 4 sound/soc/codecs/rt712-sdca-sdw.c | 5 sound/soc/codecs/rt722-sdca-sdw.c | 4 sound/soc/codecs/wm_adsp.c | 3 sound/soc/soc-ops.c | 2 sound/soc/sof/amd/acp.c | 8 tools/arch/x86/include/asm/cpufeatures.h | 2 tools/net/ynl/ynl-gen-c.py | 7 tools/testing/selftests/mm/vm_util.h | 2 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 tools/testing/selftests/net/reuseaddr_conflict.c | 2 tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++- tools/testing/selftests/net/udpgro_fwd.sh | 10 355 files changed, 4153 insertions(+), 2335 deletions(-) Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Aleksandr Mishin (2): net: phy: micrel: Fix potential null pointer dereference octeontx2-af: Add array index check Alexandra Winter (1): s390/qeth: handle deferred cc1 Alexandre Ghiti (1): riscv: Disable preemption when using patch_map() Andi Shyti (3): drm/i915/gt: Disable HW load balancing for CCS drm/i915/gt: Do not generate the command streamer for all the CCS drm/i915/gt: Enable only one CCS for compute workload Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrii Nakryiko (2): bpf: put uprobe link's path and task in release callback bpf: support deferring bpf_link dealloc to after RCU grace period Antoine Tenart (5): selftests: net: gro fwd: update vxlan GRO test expectations gro: fix ownership transfer udp: do not accept non-tunnel GSO skbs landing in a tunnel udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: prevent local UDP tunnel packets from being GROed Anup Patel (2): RISC-V: KVM: Fix APLIC setipnum_le/be write emulation RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Ard Biesheuvel (5): efi/libstub: Add generic support for parsing mem_encrypt= x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute x86/boot: Move mem_encrypt= parsing to the decompressor Arnd Bergmann (4): dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning Artem Savkov (1): arm64: bpf: fix 32bit unconditional bswap Ashish Kalra (1): KVM: SVM: Add support for allowing zero SEV ASIDs Atlas Yu (1): r8169: skip DASH fw status checks when DASH is disabled Bartosz Golaszewski (2): gpio: cdev: sanitize the label before requesting the interrupt gpio: cdev: check for NULL labels when sanitizing them for irqs Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Benjamin Berg (1): wifi: iwlwifi: mvm: include link ID when releasing frames Bjørn Mork (1): net: wwan: t7xx: Split 64bit accesses to fix alignment issues Borislav Petkov (AMD) (11): x86/CPU/AMD: Add ZenX generations flags x86/CPU/AMD: Carve out the erratum 1386 fix x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function x86/CPU/AMD: Move Zenbleed check to the Zen2 init function x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function x86/CPU/AMD: Get rid of amd_erratum_1054[] x86/CPU/AMD: Add X86_FEATURE_ZEN1 x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Chris Park (1): drm/amd/display: Prevent crash when disable stream Christian Göttsche (1): selinux: avoid dereference of garbage after mount failure Christian Hewitt (1): drm/panfrost: fix power transition timeout warnings Christoffer Sandberg (1): ALSA: hda/realtek - Fix inactive headset mic jack Christophe JAILLET (2): vboxsf: Avoid an spurious warning if load_nls_xxx() fails net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Chuck Lever (1): SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Claudiu Beznea (1): net: ravb: Let IP-specific receive function to interrogate descriptors Daniel Sneddon (2): x86/bhi: Define SPEC_CTRL_BHI_DIS_S KVM: x86: Add BHI_NO Dave Airlie (1): nouveau/uvmm: fix addr/range calcs for remap operations David Hildenbrand (2): x86/mm/pat: fix VM_PAT handling in COW mappings mm/secretmem: fix GUP-fast succeeding on secretmem folios David Howells (2): cifs: Fix duplicate fscache cookie warnings cifs: Fix caching to try to do open O_WRONLY as rdwr on server David Thompson (3): mlxbf_gige: stop PHY during open() error paths mlxbf_gige: call request_irq() after NAPI initialized mlxbf_gige: stop interface during shutdown Davide Caratti (2): mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() mptcp: don't account accept() of non-MPC client as fallback to TCP Dmytro Laktyushkin (1): drm/amd/display: Fix DPSTREAM CLK on and off sequence Dominique Martinet (1): 9p: Fix read/write debug statements to report server reply Duanqiang Wen (1): net: txgbe: fix i2c dev name cannot match clkdev Duoming Zhou (1): ax25: fix use-after-free bugs caused by ax25_ds_del_timer Edward Liaw (1): selftests/mm: include strings.h for ffsl Emmanuel Grumbach (1): wifi: iwlwifi: disable multi rx queue for 9000 Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() erspan: make sure erspan_base_hdr is present in skb->head Filipe Manana (2): btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given btrfs: fix race when detecting delalloc ranges during fiemap Florian Westphal (1): inet: inet_defrag: prevent sk release while still in use Geliang Tang (1): selftests: mptcp: join: fix dev in check_endpoint Greg Kroah-Hartman (3): Revert "x86/mpparse: Register APIC address only once" x86: set SPECTRE_BHI_ON as default Linux 6.6.26 Haiyang Zhang (1): net: mana: Fix Rx DMA datasize and skb_over_panic Hangbin Liu (1): scripts/bpf_doc: Use silent mode when exec make cmd Hariprasad Kelam (2): Octeontx2-af: fix pause frame configuration in GMP mode octeontx2-af: Fix issue with loading coalesced KPU profiles Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Horatiu Vultur (1): net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Hou Wenlong (1): x86/head/64: Move the __head definition to <asm/init.h> Huai-Yuan Liu (1): spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ido Schimmel (1): selftests: vxlan_mdb: Fix failures with old libnet Ilya Leoshkevich (1): s390/bpf: Fix bpf_plt pointer arithmetic Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Ivan Vecera (10): i40e: Fix VF MAC filter removal i40e: Remove _t suffix from enum type names i40e: Enforce software interrupt during busy-poll exit i40e: Remove back pointer from i40e_hw structure i40e: Refactor I40E_MDIO_CLAUSE* macros virtchnl: Add header dependencies i40e: Simplify memory allocation functions i40e: Move memory allocation structures to i40e_alloc.h i40e: Split i40e_osdep.h i40e: Remove circular header dependencies and fix headers Jack Brennen (1): modpost: Optimize symbol search from linear to binary search Jaewon Kim (1): spi: s3c64xx: Use DMA mode from fifo size Jakub Kicinski (2): tools: ynl: fix setting presence bits in simple nests selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jann Horn (1): fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jason A. Donenfeld (1): x86/coco: Require seeding RNG with RDRAND on CoCo systems Jeff Layton (1): nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jens Axboe (5): io_uring/kbuf: get rid of lower BGID lists io_uring/kbuf: get rid of bl->is_ready io_uring/kbuf: protect io_buffer_list teardown with a reference io_uring: use private workqueue for exit work io_uring/kbuf: hold io_buffer_list reference over mmap Jesper Dangaard Brouer (1): xen-netfront: Add missing skb_mark_for_recycle Jesse Brandeburg (4): ice: fix memory corruption bug with suspend and rebuild intel: add bit macro includes where needed intel: legacy: field get conversion ice: fix typo in assignment Jian Shen (1): net: hns3: mark unexcuted loopback test result as UNEXECUTED Jie Wang (1): net: hns3: fix index limit to support all queue stats Johan Hovold (4): Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Bluetooth: qca: fix device-address endianness Bluetooth: add quirk for broken address properties Johannes Berg (1): wifi: iwlwifi: mvm: rfi: fix potential response leaks Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid the interface always configured as random address Josh Poimboeuf (4): x86/srso: Improve i-cache locality for alias mitigation x86/srso: Disentangle rethunk-dependent options x86/nospec: Refactor UNTRAIN_RET[_*] x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Justin Chen (1): net: bcmasp: Bring up unimac after PHY link up Kan Liang (1): perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Kent Gibson (1): gpio: cdev: fix missed label sanitizing in debounce_setup() Krishna Kurapati (1): usb: typec: ucsi: Fix race between typec_switch and role_switch Kuniyuki Iwashima (2): tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. ipv6: Fix infinite recursion in fib6_dump_done(). Kurt Kanzenbach (1): igc: Remove stale comment about Tx timestamping Li Nan (1): scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Linus Torvalds (1): x86/syscall: Don't force use of indirect calls for system calls Maarten Lankhorst (1): drm/i915/display: Use i915_gem_object_get_dma_address to get dma address Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Pinna (1): vsock/virtio: fix packet delivery to tap device Mario Limonciello (3): drm/amd: Evict resources during PM ops prepare() callback drm/amd: Add concept of running prepare_suspend() sequence for IP blocks drm/amd: Flush GFXOFF requests in prepare stage Mark Brown (1): arm64/ptrace: Use saved floating point state type to determine SVE layout Masahiro Yamada (1): modpost: do not make find_tosym() return NULL Matt Roper (7): drm/i915/dg2: Drop pre-production GT workarounds drm/i915: Tidy workaround definitions drm/i915: Consolidate condition for Wa_22011802037 drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version drm/i915: Eliminate IS_MTL_GRAPHICS_STEP drm/i915: Replace several IS_METEORLAKE with proper IP version checks drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Matthieu Baerts (NGI0) (1): selftests: mptcp: connect: fix shellcheck warnings Michael Krummsdorf (1): net: dsa: mv88e6xxx: fix usable ports on 88e6020 Michal Swiatkowski (1): ice: realloc VSI stats arrays Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Oliver Upton (1): KVM: arm64: Fix host-programmed guest events in nVHE Oswald Buddenhagen (1): Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Pablo Neira Ayuso (8): netfilter: nf_tables: reject destroy command to remove basechain hooks netfilter: nf_tables: reject table flag and netdev basechain updates netfilter: nf_tables: skip netdev hook unregistration if table is dormant netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: discard table flag update with pending basechain deletion Paul Barker (2): net: ravb: Always process TX descriptor ring net: ravb: Always update error counters Paulo Alcantara (11): smb: client: handle DFS tcons in cifs_construct_tcon() smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex smb: client: fix potential UAF in cifs_debug_files_proc_show() smb: client: fix potential UAF in cifs_stats_proc_write() smb: client: fix potential UAF in cifs_stats_proc_show() smb: client: fix potential UAF in cifs_dump_full_key() smb: client: fix potential UAF in smb2_is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_valid_lease_break() smb: client: fix potential UAF in is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_network_name_deleted() smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Pavel Sakharov (1): dma-buf: Fix NULL pointer dereference in sanitycheck() Pawan Gupta (4): x86/bhi: Add support for clearing branch history at syscall entry x86/bhi: Enumerate Branch History Injection (BHI) bug x86/bhi: Add BHI mitigation knob x86/bhi: Mitigate KVM by default Peter Xu (1): mm/treewide: replace pud_large() with pud_leaf() Petr Oros (1): ice: fix enabling RX VLAN filtering Pierre-Louis Bossart (5): ASoC: rt5682-sdw: fix locking sequence ASoC: rt711-sdca: fix locking sequence ASoC: rt711-sdw: fix locking sequence ASoC: rt712-sdca-sdw: fix locking sequence ASoC: rt722-sdca-sdw: fix locking sequence Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Lehui (1): drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Puranjay Mohan (1): bpf, arm64: fix bug in BPF_LDX_MEMSX Raju Lakkaraju (1): net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Ravi Gunasekaran (1): net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Richard Fitzgerald (3): ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() regmap: maple: Fix cache corruption in regcache_maple_drop() regmap: maple: Fix uninitialized symbol 'ret' warnings Ritvik Budhiraja (1): smb3: retrying on failed server close Rob Clark (1): drm/prime: Unbreak virtgpu dma-buf export Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Sabrina Dubroca (3): tls: recv: process_rx_list shouldn't use an offset with kvec tls: adjust recv return with async crypto and failed copy to userspace tls: get psock ref after taking rxlock to avoid leak Sam Protsenko (1): spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Sandipan Das (3): perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later x86/cpufeatures: Add new word for scattered features perf/x86/amd/lbr: Use freeze based on availability Sean Christopherson (2): x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word KVM: SVM: Use unsigned integers when dealing with ASIDs Sergey Shtylyov (1): of: module: prevent NULL pointer dereference in vsnprintf() Simon Trimmer (2): ALSA: hda: cs35l56: Set the init_done flag before component_add() ALSA: hda: cs35l56: Add ACPI device match tables Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Zou (1): ice: Refactor FW data type and fix bitmap casting issue Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Tejas Upadhyay (2): drm/i915/mtl: Update workaround 14016712196 drm/i915/mtl: Update workaround 14018575942 Tudor Ambarus (6): spi: s3c64xx: sort headers alphabetically spi: s3c64xx: explicitly include <linux/bits.h> spi: s3c64xx: remove else after return spi: s3c64xx: define a magic value spi: s3c64xx: allow full FIFO masks spi: s3c64xx: determine the fifo depth only once Uros Bizjak (1): x86/bpf: Fix IP after emitting call depth accounting Victor Isaev (1): RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Vijendar Mukunda (2): ASoC: amd: acp: fix for acp_init function error handling ASoC: SOF: amd: fix for false dsp interrupts Ville Syrjälä (1): drm/i915: Pre-populate the cursor physical dma address Vitaly Lifshits (3): e1000e: Workaround for sporadic MDI error on Meteor Lake systems e1000e: Minor flow correction in e1000_shutdown function e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Wei Fang (1): net: fec: Set mac_managed_pm during probe Will Deacon (1): KVM: arm64: Ensure target address is granule-aligned for range TLBI Yonglong Liu (1): net: hns3: fix kernel crash when devlink reload during pf initialization Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

1 year, 5 months

1
1
0 0

Linux 6.1.85

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.85 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 48 +++ Documentation/admin-guide/kernel-parameters.txt | 12 Makefile | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 arch/riscv/include/asm/uaccess.h | 4 arch/riscv/kernel/process.c | 3 arch/s390/kernel/entry.S | 1 arch/x86/Kconfig | 25 + arch/x86/coco/core.c | 41 +++ arch/x86/entry/common.c | 10 arch/x86/entry/entry_64.S | 61 ++++ arch/x86/entry/entry_64_compat.S | 16 + arch/x86/entry/syscall_32.c | 21 + arch/x86/entry/syscall_64.c | 19 + arch/x86/entry/syscall_x32.c | 10 arch/x86/events/amd/core.c | 4 arch/x86/events/amd/lbr.c | 16 - arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/coco.h | 2 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 15 + arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/msr-index.h | 9 arch/x86/include/asm/nospec-branch.h | 37 ++ arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/syscall.h | 11 arch/x86/kernel/cpu/bugs.c | 121 ++++++++- arch/x86/kernel/cpu/common.c | 24 + arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/setup.c | 2 arch/x86/kvm/reverse_cpuid.h | 5 arch/x86/kvm/svm/sev.c | 60 ++-- arch/x86/kvm/trace.h | 10 arch/x86/kvm/vmx/vmenter.S | 2 arch/x86/kvm/x86.c | 2 arch/x86/lib/retpoline.S | 6 arch/x86/mm/ident_map.c | 23 - arch/x86/mm/pat/memtype.c | 49 ++- drivers/acpi/acpica/dbnames.c | 8 drivers/ata/sata_mv.c | 63 ++-- drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 + drivers/bluetooth/btqca.c | 8 drivers/bluetooth/hci_qca.c | 19 - drivers/dma-buf/st-dma-fence-chain.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 drivers/gpu/drm/amd/include/amd_shared.h | 1 drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 drivers/md/dm-integrity.c | 2 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_tqp_stats.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/intel/i40e/i40e.h | 6 drivers/net/ethernet/intel/i40e/i40e_main.c | 14 - drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 drivers/net/ethernet/intel/i40e/i40e_register.h | 3 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 - drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 drivers/net/ethernet/realtek/r8169_main.c | 131 ++++++++-- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 ++- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++ drivers/net/phy/micrel.c | 31 +- drivers/net/usb/asix_devices.c | 4 drivers/net/usb/ax88179_178a.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 drivers/net/wwan/t7xx/t7xx_cldma.c | 4 drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 drivers/net/xen-netfront.c | 1 drivers/nvme/host/core.c | 4 drivers/nvme/host/ioctl.c | 3 drivers/nvme/host/nvme.h | 2 drivers/nvme/target/passthru.c | 3 drivers/of/dynamic.c | 12 drivers/perf/riscv_pmu.c | 4 drivers/s390/net/qeth_core_main.c | 38 ++ drivers/scsi/myrb.c | 20 - drivers/scsi/myrs.c | 24 - drivers/scsi/sd.c | 2 fs/nfsd/nfs4state.c | 7 fs/pipe.c | 17 - fs/smb/client/cached_dir.c | 6 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsfs.c | 11 fs/smb/client/cifsglob.h | 17 + fs/smb/client/connect.c | 2 fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++++- fs/smb/client/fscache.c | 16 + fs/smb/client/fscache.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/misc.c | 2 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2misc.c | 4 fs/smb/client/smb2ops.c | 11 fs/smb/client/smb2pdu.c | 2 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/mgmt/share_config.c | 7 fs/smb/server/smb2ops.c | 10 fs/smb/server/smb2pdu.c | 3 fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 include/kvm/arm_pmu.h | 2 include/linux/device.h | 1 include/linux/secretmem.h | 4 include/linux/skbuff.h | 7 include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 kernel/bpf/verifier.c | 5 mm/memory.c | 4 net/9p/client.c | 10 net/bluetooth/hci_debugfs.c | 48 ++- net/bluetooth/hci_event.c | 25 + net/bluetooth/hci_sync.c | 5 net/bridge/netfilter/ebtables.c | 6 net/core/gro.c | 3 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 ++++- net/ipv4/ip_fragment.c | 2 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 23 - net/ipv6/ip6_fib.c | 14 - net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mptcp/protocol.c | 3 net/mptcp/subflow.c | 2 net/netfilter/nf_tables_api.c | 13 net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/sched/sch_api.c | 2 net/tls/tls_sw.c | 7 net/vmw_vsock/virtio_transport.c | 3 scripts/bpf_doc.py | 4 sound/pci/hda/patch_realtek.c | 3 sound/soc/codecs/rt5682-sdw.c | 4 sound/soc/codecs/rt711-sdca-sdw.c | 4 sound/soc/codecs/rt711-sdw.c | 4 sound/soc/soc-ops.c | 2 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 tools/testing/selftests/net/reuseaddr_conflict.c | 2 tools/testing/selftests/net/udpgro_fwd.sh | 10 167 files changed, 1790 insertions(+), 546 deletions(-) Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Aleksandr Mishin (2): net: phy: micrel: Fix potential null pointer dereference octeontx2-af: Add array index check Alexander Mikhalitsyn (1): KVM: SVM: enhance info printk's in SEV init Alexandra Winter (1): s390/qeth: handle deferred cc1 Andrei Matei (1): bpf: Protect against int overflow for stack access size Antoine Tenart (5): selftests: net: gro fwd: update vxlan GRO test expectations gro: fix ownership transfer udp: do not accept non-tunnel GSO skbs landing in a tunnel udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: prevent local UDP tunnel packets from being GROed Arnd Bergmann (4): dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning Ashish Kalra (1): KVM: SVM: Add support for allowing zero SEV ASIDs Atlas Yu (1): r8169: skip DASH fw status checks when DASH is disabled Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Bjørn Mork (1): net: wwan: t7xx: Split 64bit accesses to fix alignment issues Borislav Petkov (AMD) (4): x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Christian Hewitt (1): drm/panfrost: fix power transition timeout warnings Christoffer Sandberg (1): ALSA: hda/realtek - Fix inactive headset mic jack Christophe JAILLET (1): vboxsf: Avoid an spurious warning if load_nls_xxx() fails Claudiu Beznea (1): net: ravb: Let IP-specific receive function to interrogate descriptors Daniel Sneddon (2): x86/bhi: Define SPEC_CTRL_BHI_DIS_S KVM: x86: Add BHI_NO David Hildenbrand (2): x86/mm/pat: fix VM_PAT handling in COW mappings mm/secretmem: fix GUP-fast succeeding on secretmem folios David Howells (2): cifs: Fix duplicate fscache cookie warnings cifs: Fix caching to try to do open O_WRONLY as rdwr on server David Thompson (3): mlxbf_gige: stop PHY during open() error paths mlxbf_gige: call request_irq() after NAPI initialized mlxbf_gige: stop interface during shutdown Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Denis Kirjanov (1): drivers: net: convert to boolean for the mac_managed_pm flag Dominique Martinet (1): 9p: Fix read/write debug statements to report server reply Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() erspan: make sure erspan_base_hdr is present in skb->head Florian Westphal (1): inet: inet_defrag: prevent sk release while still in use Geliang Tang (2): selftests: mptcp: join: fix dev in check_endpoint selftests: mptcp: display simult in extra_msg Greg Kroah-Hartman (2): x86: set SPECTRE_BHI_ON as default Linux 6.1.85 Hangbin Liu (1): scripts/bpf_doc: Use silent mode when exec make cmd Hariprasad Kelam (2): Octeontx2-af: fix pause frame configuration in GMP mode octeontx2-af: Fix issue with loading coalesced KPU profiles Heiner Kallweit (4): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d r8169: use spinlock to protect mac ocp register access r8169: use spinlock to protect access to registers Config2 and Config5 r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Horatiu Vultur (1): net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Ivan Vecera (3): i40e: Fix VF MAC filter removal i40e: Remove _t suffix from enum type names i40e: Enforce software interrupt during busy-poll exit Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jann Horn (1): fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jason A. Donenfeld (1): x86/coco: Require seeding RNG with RDRAND on CoCo systems Jeff Layton (1): nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jesper Dangaard Brouer (1): xen-netfront: Add missing skb_mark_for_recycle Jian Shen (1): net: hns3: mark unexcuted loopback test result as UNEXECUTED Jie Wang (1): net: hns3: fix index limit to support all queue stats Joe Damato (1): i40e: Store the irq number in i40e_q_vector Johan Hovold (4): Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Bluetooth: qca: fix device-address endianness Bluetooth: add quirk for broken address properties Johannes Berg (1): wifi: iwlwifi: mvm: rfi: fix potential response leaks Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid the interface always configured as random address Josh Poimboeuf (1): x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Kuniyuki Iwashima (2): ipv6: Fix infinite recursion in fib6_dump_done(). tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Li Nan (1): scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Linus Torvalds (1): x86/syscall: Don't force use of indirect calls for system calls Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Pinna (1): vsock/virtio: fix packet delivery to tap device Mario Limonciello (3): drm/amd: Evict resources during PM ops prepare() callback drm/amd: Add concept of running prepare_suspend() sequence for IP blocks drm/amd: Flush GFXOFF requests in prepare stage Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Oliver Upton (1): KVM: arm64: Fix host-programmed guest events in nVHE Pablo Neira Ayuso (2): netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release Paul Barker (2): net: ravb: Always process TX descriptor ring net: ravb: Always update error counters Paulo Alcantara (8): smb: client: fix potential UAF in cifs_debug_files_proc_show() smb: client: fix potential UAF in cifs_stats_proc_write() smb: client: fix potential UAF in cifs_stats_proc_show() smb: client: fix potential UAF in smb2_is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_valid_lease_break() smb: client: fix potential UAF in is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_network_name_deleted() smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Pavel Sakharov (1): dma-buf: Fix NULL pointer dereference in sanitycheck() Pawan Gupta (4): x86/bhi: Add support for clearing branch history at syscall entry x86/bhi: Enumerate Branch History Injection (BHI) bug x86/bhi: Add BHI mitigation knob x86/bhi: Mitigate KVM by default Pierre-Louis Bossart (3): ASoC: rt5682-sdw: fix locking sequence ASoC: rt711-sdca: fix locking sequence ASoC: rt711-sdw: fix locking sequence Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Lehui (1): drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Raju Lakkaraju (1): net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Ritvik Budhiraja (1): smb3: retrying on failed server close Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Sabrina Dubroca (3): tls: recv: process_rx_list shouldn't use an offset with kvec tls: adjust recv return with async crypto and failed copy to userspace tls: get psock ref after taking rxlock to avoid leak Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Sandipan Das (2): x86/cpufeatures: Add new word for scattered features perf/x86/amd/lbr: Use freeze based on availability Sean Christopherson (3): x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails KVM: SVM: Use unsigned integers when dealing with ASIDs Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Wei Fang (1): net: fec: Set mac_managed_pm during probe Yonglong Liu (1): net: hns3: fix kernel crash when devlink reload during pf initialization Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() min15.li (1): nvme: fix miss command type check

1 year, 5 months

1
1
0 0

Linux 5.15.154

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.154 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/filesystem-monitoring.rst | 74 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 Documentation/admin-guide/hw-vuln/spectre.rst | 66 Documentation/admin-guide/index.rst | 1 Documentation/admin-guide/kernel-parameters.txt | 39 Documentation/core-api/dma-api.rst | 14 Documentation/filesystems/locking.rst | 10 Documentation/filesystems/nfs/exporting.rst | 33 Documentation/x86/mds.rst | 38 MAINTAINERS | 7 Makefile | 6 arch/Kconfig | 24 arch/arm/boot/dts/mmp2-brownstone.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 arch/arm64/include/asm/kvm_pgtable.h | 18 arch/arm64/include/asm/stage2_pgtable.h | 20 arch/arm64/kvm/mmu.c | 9 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/ia64/Kconfig | 1 arch/ia64/Makefile | 2 arch/openrisc/kernel/dma.c | 16 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/riscv/include/asm/uaccess.h | 4 arch/riscv/kernel/process.c | 3 arch/s390/kernel/entry.S | 1 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 38 arch/x86/boot/compressed/head_64.S | 8 arch/x86/entry/common.c | 6 arch/x86/entry/entry.S | 23 arch/x86/entry/entry_32.S | 3 arch/x86/entry/entry_64.S | 72 arch/x86/entry/entry_64_compat.S | 4 arch/x86/entry/syscall_32.c | 21 arch/x86/entry/syscall_64.c | 19 arch/x86/entry/syscall_x32.c | 10 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/asm.h | 5 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 18 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/linkage.h | 12 arch/x86/include/asm/msr-index.h | 19 arch/x86/include/asm/nospec-branch.h | 64 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/suspend_32.h | 10 arch/x86/include/asm/syscall.h | 10 arch/x86/include/asm/text-patching.h | 31 arch/x86/kernel/alternative.c | 56 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 360 ++- arch/x86/kernel/cpu/common.c | 77 arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/cpu/scattered.c | 1 arch/x86/kernel/kprobes/core.c | 38 arch/x86/kernel/nmi.c | 3 arch/x86/kernel/static_call.c | 50 arch/x86/kvm/cpuid.c | 29 arch/x86/kvm/reverse_cpuid.h | 47 arch/x86/kvm/svm/sev.c | 16 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 11 arch/x86/kvm/vmx/vmx.c | 12 arch/x86/kvm/x86.c | 17 arch/x86/lib/retpoline.S | 5 arch/x86/mm/ident_map.c | 23 block/blk-settings.c | 4 crypto/algboss.c | 4 drivers/accessibility/speakup/synth.c | 4 drivers/acpi/acpica/dbnames.c | 8 drivers/acpi/cppc_acpi.c | 27 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 drivers/base/cpu.c | 8 drivers/base/power/wakeirq.c | 4 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/clocksource/arm_global_timer.c | 2 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 drivers/hid/uhid.c | 20 drivers/hwmon/amc6821.c | 11 drivers/i2c/busses/i2c-i801.c | 4 drivers/infiniband/core/cm_trace.h | 2 drivers/infiniband/core/cma_trace.h | 2 drivers/iommu/dma-iommu.c | 15 drivers/iommu/iova.c | 5 drivers/md/dm-integrity.c | 2 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/media/tuners/xc4000.c | 4 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/block.c | 14 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/intel/i40e/i40e.h | 6 drivers/net/ethernet/intel/i40e/i40e_main.c | 14 drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 drivers/net/ethernet/intel/i40e/i40e_register.h | 3 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 drivers/net/ethernet/realtek/r8169_main.c | 11 drivers/net/ethernet/renesas/ravb_main.c | 8 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/usb/asix.h | 3 drivers/net/usb/asix_devices.c | 20 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 12 drivers/net/xen-netfront.c | 1 drivers/nvme/host/core.c | 6 drivers/nvmem/meson-efuse.c | 25 drivers/of/dynamic.c | 12 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/pci-driver.c | 23 drivers/pci/pcie/dpc.c | 15 drivers/pci/pcie/err.c | 20 drivers/pci/quirks.c | 100 drivers/pci/setup-res.c | 8 drivers/phy/tegra/xusb.c | 13 drivers/s390/crypto/zcrypt_api.c | 2 drivers/s390/net/qeth_core_main.c | 38 drivers/scsi/hosts.c | 7 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_gs.c | 2 drivers/scsi/qla2xxx/qla_init.c | 128 - drivers/scsi/qla2xxx/qla_iocb.c | 68 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_os.c | 2 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/tee/optee/device.c | 3 drivers/thermal/devfreq_cooling.c | 2 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/imx.c | 22 drivers/tty/serial/sc16is7xx.c | 15 drivers/tty/serial/serial_core.c | 12 drivers/tty/vt/vt.c | 2 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 72 drivers/usb/dwc2/gadget.c | 10 drivers/usb/dwc2/hcd.c | 49 drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/dwc2/platform.c | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 39 drivers/usb/host/xhci.c | 2 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/storage/scsiglue.c | 1 drivers/usb/storage/uas.c | 81 drivers/usb/storage/usb.c | 4 drivers/usb/typec/ucsi/ucsi.c | 42 drivers/usb/typec/ucsi/ucsi.h | 4 drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 drivers/vfio/pci/vfio_pci_intrs.c | 176 - drivers/vfio/platform/vfio_platform_irq.c | 106 drivers/vfio/virqfd.c | 21 drivers/xen/events/events_base.c | 5 fs/Kconfig | 2 fs/aio.c | 8 fs/btrfs/scrub.c | 12 fs/btrfs/volumes.c | 2 fs/cifs/connect.c | 2 fs/exec.c | 1 fs/exportfs/expfs.c | 8 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/ext4/super.c | 10 fs/fat/nfs.c | 6 fs/fuse/dir.c | 4 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/ksmbd/smb2pdu.c | 10 fs/lockd/host.c | 2 fs/lockd/svc.c | 217 -- fs/lockd/svc4proc.c | 29 fs/lockd/svclock.c | 31 fs/lockd/svcproc.c | 30 fs/lockd/svcsubs.c | 4 fs/lockd/xdr.c | 152 - fs/lockd/xdr4.c | 153 - fs/locks.c | 85 fs/nfs/callback.c | 96 fs/nfs/callback_xdr.c | 5 fs/nfs/direct.c | 11 fs/nfs/export.c | 9 fs/nfs/nfs4state.c | 2 fs/nfs/nfs4trace.h | 477 ---- fs/nfs/nfstrace.h | 269 -- fs/nfs/pnfs.h | 4 fs/nfs/write.c | 2 fs/nfsd/Kconfig | 27 fs/nfsd/Makefile | 8 fs/nfsd/acl.h | 6 fs/nfsd/blocklayout.c | 1 fs/nfsd/blocklayoutxdr.c | 1 fs/nfsd/cache.h | 2 fs/nfsd/export.h | 1 fs/nfsd/filecache.c | 1168 ++++++----- fs/nfsd/filecache.h | 19 fs/nfsd/flexfilelayout.c | 3 fs/nfsd/lockd.c | 2 fs/nfsd/netns.h | 34 fs/nfsd/nfs2acl.c | 55 fs/nfsd/nfs3acl.c | 85 fs/nfsd/nfs3proc.c | 212 + fs/nfsd/nfs3xdr.c | 444 +--- fs/nfsd/nfs4acl.c | 46 fs/nfsd/nfs4callback.c | 125 - fs/nfsd/nfs4idmap.c | 9 fs/nfsd/nfs4layouts.c | 4 fs/nfsd/nfs4proc.c | 986 +++++---- fs/nfsd/nfs4recover.c | 12 fs/nfsd/nfs4state.c | 1041 +++++++-- fs/nfsd/nfs4xdr.c | 1115 +++++----- fs/nfsd/nfscache.c | 63 fs/nfsd/nfsctl.c | 146 - fs/nfsd/nfsd.h | 35 fs/nfsd/nfsfh.c | 270 +- fs/nfsd/nfsfh.h | 145 - fs/nfsd/nfsproc.c | 121 - fs/nfsd/nfssvc.c | 263 +- fs/nfsd/nfsxdr.c | 178 - fs/nfsd/state.h | 59 fs/nfsd/stats.c | 16 fs/nfsd/stats.h | 4 fs/nfsd/trace.h | 692 +++++- fs/nfsd/vfs.c | 820 +++---- fs/nfsd/vfs.h | 56 fs/nfsd/xdr.h | 35 fs/nfsd/xdr3.h | 61 fs/nfsd/xdr4.h | 81 fs/nfsd/xdr4cb.h | 6 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/notify/dnotify/dnotify.c | 15 fs/notify/fanotify/fanotify.c | 361 ++- fs/notify/fanotify/fanotify.h | 212 + fs/notify/fanotify/fanotify_user.c | 441 +++- fs/notify/fdinfo.c | 16 fs/notify/fsnotify.c | 177 - fs/notify/fsnotify.h | 4 fs/notify/group.c | 36 fs/notify/inotify/inotify.h | 11 fs/notify/inotify/inotify_fsnotify.c | 7 fs/notify/inotify/inotify_user.c | 53 fs/notify/mark.c | 137 - fs/notify/notification.c | 14 fs/open.c | 42 fs/pipe.c | 17 fs/ubifs/file.c | 13 fs/vboxsf/super.c | 3 include/asm-generic/vmlinux.lds.h | 4 include/linux/cpu.h | 2 include/linux/device.h | 1 include/linux/dma-map-ops.h | 1 include/linux/dma-mapping.h | 5 include/linux/dnotify.h | 2 include/linux/exportfs.h | 17 include/linux/fanotify.h | 31 include/linux/fs.h | 26 include/linux/fsnotify.h | 70 include/linux/fsnotify_backend.h | 356 ++- include/linux/gfp.h | 9 include/linux/hyperv.h | 22 include/linux/iova.h | 2 include/linux/kthread.h | 1 include/linux/linkage.h | 4 include/linux/lockd/lockd.h | 10 include/linux/lockd/xdr.h | 27 include/linux/lockd/xdr4.h | 29 include/linux/minmax.h | 17 include/linux/module.h | 6 include/linux/nfs.h | 8 include/linux/nfs4.h | 17 include/linux/nfs_fs.h | 1 include/linux/nfs_ssc.h | 4 include/linux/pci.h | 1 include/linux/phy/tegra/xusb.h | 1 include/linux/ring_buffer.h | 1 include/linux/secretmem.h | 4 include/linux/sunrpc/svc.h | 93 include/linux/sunrpc/svc_xprt.h | 11 include/linux/sunrpc/svcsock.h | 7 include/linux/sunrpc/xdr.h | 2 include/linux/timer.h | 18 include/linux/udp.h | 28 include/linux/vfio.h | 2 include/net/cfg802154.h | 1 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 include/soc/fsl/qman.h | 9 include/trace/events/rdma.h | 168 - include/trace/events/rpcgss.h | 18 include/trace/events/rpcrdma.h | 44 include/trace/events/sunrpc.h | 74 include/trace/misc/fs.h | 122 + include/trace/misc/nfs.h | 387 +++ include/trace/misc/rdma.h | 168 + include/trace/misc/sunrpc.h | 18 include/uapi/linux/fanotify.h | 29 include/uapi/linux/nfsd/nfsfh.h | 115 - init/initramfs.c | 2 io_uring/io_uring.c | 2 kernel/audit_fsnotify.c | 8 kernel/audit_tree.c | 2 kernel/audit_watch.c | 5 kernel/bounds.c | 2 kernel/bpf/verifier.c | 5 kernel/dma/mapping.c | 12 kernel/dma/swiotlb.c | 11 kernel/entry/common.c | 8 kernel/events/core.c | 9 kernel/kthread.c | 23 kernel/locking/rwsem.c | 14 kernel/module.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 63 kernel/time/timer.c | 164 - kernel/trace/ring_buffer.c | 233 +- kernel/trace/trace.c | 21 lib/Kconfig.debug | 1 lib/pci_iomap.c | 2 lib/test_kasan.c | 21 mm/compaction.c | 7 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/swapfile.c | 25 mm/vmscan.c | 5 net/bluetooth/bnep/core.c | 2 net/bluetooth/cmtp/core.c | 2 net/bluetooth/hci_debugfs.c | 48 net/bluetooth/hci_event.c | 25 net/bluetooth/hidp/core.c | 2 net/bridge/netfilter/ebtables.c | 6 net/core/skbuff.c | 6 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 20 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mac80211/cfg.c | 5 net/mac802154/llsec.c | 18 net/mptcp/protocol.c | 3 net/mptcp/subflow.c | 3 net/netfilter/nf_tables_api.c | 20 net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/sunrpc/svc.c | 227 -- net/sunrpc/svc_xprt.c | 68 net/sunrpc/svcsock.c | 24 net/sunrpc/xdr.c | 22 net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/landlock/syscalls.c | 18 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/codecs/rt5682-sdw.c | 4 sound/soc/codecs/rt711-sdca-sdw.c | 4 sound/soc/codecs/rt711-sdw.c | 4 sound/soc/soc-ops.c | 2 tools/objtool/check.c | 3 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/mptcp/diag.sh | 6 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 tools/testing/selftests/net/reuseaddr_conflict.c | 2 tools/testing/selftests/net/udpgro_fwd.sh | 10 virt/kvm/async_pf.c | 31 446 files changed, 12088 insertions(+), 7026 deletions(-) Al Viro (2): nfsd_splice_actor(): handle compound pages fs/notify: constify path Alan Stern (3): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in usb_deauthorize_interface() Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Alex Williamson (7): vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger Alexander Aring (1): lockd: introduce safe async lock op Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Usyskin (2): mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID Alexandra Winter (1): s390/qeth: handle deferred cc1 Amir Goldstein (37): fsnotify: pass data_type to fsnotify_name() fsnotify: pass dentry instead of inode data fsnotify: clarify contract for create event hooks fsnotify: clarify object type argument fsnotify: separate mark iterator type from object type enum fanotify: introduce group flag FAN_REPORT_TARGET_FID fsnotify: generate FS_RENAME event with rich information fanotify: use macros to get the offset to fanotify_info buffer fanotify: use helpers to parcel fanotify_info buffer fanotify: support secondary dir fh and name in fanotify_info fanotify: record old and new parent and name in FAN_RENAME event fanotify: record either old name new name or both for FAN_RENAME fanotify: report old and/or new parent+name in FAN_RENAME event fanotify: wire up FAN_RENAME event fsnotify: invalidate dcache before IN_DELETE event fsnotify: fix merge with parent's ignored mask fsnotify: optimize FS_MODIFY events with no ignored masks fanotify: do not allow setting dirent events in mask of non-dir inotify: move control flags from mask to mark flags fsnotify: pass flags argument to fsnotify_alloc_group() fsnotify: make allow_dups a property of the group fsnotify: create helpers for group mark_mutex lock inotify: use fsnotify group lock helpers nfsd: use fsnotify group lock helpers dnotify: use fsnotify group lock helpers fsnotify: allow adding an inode mark without pinning inode fanotify: create helper fanotify_mark_user_flags() fanotify: factor out helper fanotify_mark_update_flags() fanotify: implement "evictable" inode marks fanotify: use fsnotify group lock helpers fanotify: enable "evictable" inode marks fsnotify: introduce mark type iterator fsnotify: consistent behavior for parent not watching children fanotify: refine the validation checks on non-dir inode mask fanotify: prepare for setting event flags in ignore mask fanotify: cleanups for fanotify_mark() input validations fanotify: introduce FAN_MARK_IGNORE Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports André Rösti (1): entry: Respect changes to system call number by trace_sys_enter() Anna Schumaker (1): NFSD: Simplify READ_PLUS Antoine Tenart (5): selftests: net: gro fwd: update vxlan GRO test expectations udp: do not accept non-tunnel GSO skbs landing in a tunnel udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: prevent local UDP tunnel packets from being GROed gro: fix ownership transfer Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Arnd Bergmann (6): kasan/test: avoid gcc warning for intentional overflow staging: vc04_services: changen strncpy() to strscpy_pad() dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Bang Li (1): fsnotify: remove redundant parameter judgment Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (3): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion scsi: usb: Call scsi_done() directly scsi: usb: Stop using the SCSI pointer Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Benjamin Coddington (1): NLM: Defend against file_lock changes after vfs_test_lock() Bikash Hazarika (2): scsi: qla2xxx: Update manufacturer details scsi: qla2xxx: Update manufacturer detail Bixuan Cui (1): iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy Bjorn Helgaas (1): PCI: Work around Intel I210 ROM BAR overlap defect Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (4): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Changcheng Deng (1): NFSD:fix boolreturn.cocci warning ChenXiaoSong (5): nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (2): usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christophe JAILLET (4): slimbus: core: Remove usage of the deprecated ida_simple_xx() API nfsd: Avoid some useless tests nfsd: Propagate some error code returned by memdup_user() vboxsf: Avoid an spurious warning if load_nls_xxx() fails Chuck Lever (155): NFS: Remove unnecessary TRACE_DEFINE_ENUM()s SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field NFS: Move generic FS show macros to global header NFS: Move NFS protocol display macros to global header NFSD: Optimize DRC bucket pruning SUNRPC: Replace the "__be32 *p" parameter to .pc_decode SUNRPC: Change return value type of .pc_decode NFSD: Save location of NFSv4 COMPOUND status SUNRPC: Replace the "__be32 *p" parameter to .pc_encode SUNRPC: Change return value type of .pc_encode NFSD: Remove be32_to_cpu() from DRC hash function NFSD: Combine XDR error tracepoints NFSD: De-duplicate nfsd4_decode_bitmap4() NFSD: Clean up nfsd_vfs_write() NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) NFSD: Write verifier might go backwards NFSD: Clean up the nfsd_net::nfssvc_boot field NFSD: Rename boot verifier functions NFSD: Trace boot verifier resets NFSD: Move fill_pre_wcc() and fill_post_wcc() NFSD: Deprecate NFS_OFFSET_MAX orDate: Thu Sep 30 19:19:57 2021 -0400 NFSD: Skip extra computation for RC_NOCACHE case NFSD: Streamline the rare "found" case NFSD: Remove NFSD_PROC_ARGS_* macros SUNRPC: Remove the .svo_enqueue_xprt method SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() SUNRPC: Remove svo_shutdown method SUNRPC: Rename svc_create_xprt() SUNRPC: Rename svc_close_xprt() SUNRPC: Remove svc_shutdown_net() NFSD: Remove svc_serv_ops::svo_module NFSD: Move svc_serv_ops::svo_function into struct svc_serv NFSD: Remove CONFIG_NFSD_V3 NFSD: Clean up _lm_ operation names NFSD: Clean up nfsd_splice_actor() NFSD: Clean up nfsd3_proc_create() NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() NFSD: Refactor nfsd_create_setattr() NFSD: Refactor NFSv3 CREATE NFSD: Refactor NFSv4 OPEN(CREATE) NFSD: Remove do_nfsd_create() NFSD: Clean up nfsd_open_verified() NFSD: Instantiate a struct file when creating a regular NFSv4 file NFSD: Remove dprintk call sites from tail of nfsd4_open() NFSD: Fix whitespace NFSD: Move documenting comment for nfsd4_process_open2() NFSD: Trace filecache opens SUNRPC: Use RMW bitops in single-threaded hot paths NFSD: Modernize nfsd4_release_lockowner() NFSD: Add documenting comment for nfsd4_release_lockowner() NFSD: nfsd_file_put() can sleep NFSD: Fix potential use-after-free in nfsd_file_put() NFSD: Decode NFSv4 birth time attribute NFSD: Instrument fh_verify() NFSD: Demote a WARN to a pr_warn() NFSD: Report filecache LRU size NFSD: Report count of calls to nfsd_file_acquire() NFSD: Report count of freed filecache items NFSD: Report average age of filecache items NFSD: Add nfsd_file_lru_dispose_list() helper NFSD: Refactor nfsd_file_gc() NFSD: Refactor nfsd_file_lru_scan() NFSD: Report the number of items evicted by the LRU walk NFSD: Record number of flush calls NFSD: Zero counters when the filecache is re-initialized NFSD: Hook up the filecache stat file NFSD: WARN when freeing an item still linked via nf_lru NFSD: Trace filecache LRU activity NFSD: Leave open files out of the filecache LRU NFSD: Fix the filecache LRU shrinker NFSD: Never call nfsd_file_gc() in foreground paths NFSD: No longer record nf_hashval in the trace log NFSD: Remove lockdep assertion from unhash_and_release_locked() NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode NFSD: Refactor __nfsd_file_close_inode() NFSD: nfsd_file_hash_remove can compute hashval NFSD: Remove nfsd_file::nf_hashval NFSD: Replace the "init once" mechanism NFSD: Set up an rhashtable for the filecache NFSD: Convert the filecache to use rhashtable NFSD: Clean up unused code after rhashtable conversion NFSD: Separate tracepoints for acquire and create NFSD: Move nfsd_file_trace_alloc() tracepoint NFSD: NFSv4 CLOSE should release an nfsd_file immediately NFSD: Ensure nf_inode is never dereferenced NFSD: Optimize nfsd4_encode_operation() NFSD: Optimize nfsd4_encode_fattr() NFSD: Clean up SPLICE_OK in nfsd4_encode_read() NFSD: Add an nfsd4_read::rd_eof field NFSD: Optimize nfsd4_encode_readv() NFSD: Simplify starting_len NFSD: Use xdr_pad_size() NFSD: Clean up nfsd4_encode_readlink() NFSD: Fix strncpy() fortify warning NFSD: nfserrno(-ENOMEM) is nfserr_jukebox NFSD: Shrink size of struct nfsd4_copy_notify NFSD: Shrink size of struct nfsd4_copy NFSD: Reorder the fields in struct nfsd4_op NFSD: Make nfs4_put_copy() static NFSD: Replace boolean fields in struct nfsd4_copy NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) NFSD: Refactor nfsd4_do_copy() NFSD: Remove kmalloc from nfsd4_do_async_copy() NFSD: Add nfsd4_send_cb_offload() NFSD: Move copy offload callback arguments into a separate structure NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND NFSD: Replace dprintk() call site in fh_verify() NFSD: Trace NFSv4 COMPOUND tags NFSD: Add tracepoints to report NFSv4 callback completions NFSD: Add a mechanism to wait for a DELEGRETURN NFSD: Refactor nfsd_setattr() NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY SUNRPC: Parametrize how much of argsize should be zeroed NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing NFSD: Refactor common code out of dirlist helpers NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks NFSD: Clean up WRITE arg decoders NFSD: Clean up nfs4svc_encode_compoundres() NFSD: Remove "inline" directives on op_rsize_bop helpers NFSD: Remove unused nfsd4_compoundargs::cachetype field NFSD: Pack struct nfsd4_compoundres NFSD: Rename the fields in copy_stateid_t NFSD: Cap rsize_bop result based on send buffer size NFSD: Fix trace_nfsd_fh_verify_err() crasher NFSD: Fix reads with a non-zero offset that don't end on a page boundary NFSD: Finish converting the NFSv3 GETACL result encoder NFSD: Pass the target nfsd_file to nfsd_commit() NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection NFSD: Flesh out a documenting comment for filecache.c NFSD: Clean up nfs4_preprocess_stateid_op() call sites NFSD: Trace stateids returned via DELEGRETURN NFSD: Trace delegation revocations NFSD: Use const pointers as parameters to fh_ helpers NFSD: Update file_hashtbl() helpers NFSD: Clean up nfsd4_init_file() NFSD: Add a nfsd4_file_hash_remove() helper NFSD: Clean up find_or_add_file() NFSD: Refactor find_file() NFSD: Use rhashtable for managing nfs4_file objects NFSD: Fix licensing header in filecache.c NFSD: Add an nfsd_file_fsync tracepoint trace: Relocate event helper files NFSD: Use only RQ_DROPME to signal the need to drop a reply Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" NFSD: Use set_bit(RQ_DROPME) NFSD: copy the whole verifier in nfsd_copy_write_verifier NFSD: Protect against filesystem freezing NFSD: Convert filecache to rhltable NFSD: Add an nfsd4_encode_nfstime4() helper Documentation: Add missing documentation for EXPORT_OP flags Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Colin Ian King (3): NFSD: Initialize pointer ni with NULL and not plain integer 0 nfsd: remove redundant assignment to variable len NFSD: Remove redundant assignment to variable host_err Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (23): fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. NFSD: add courteous server support for thread with only delegation NFSD: add support for share reservation conflict to courteous server NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd fs/lock: add helper locks_owner_has_blockers to check for blockers fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict NFSD: add support for lock conflict to courteous server NFSD: Show state of courtesy client in client info NFSD: refactoring v4 specific code to a helper in nfs4state.c NFSD: keep track of the number of v4 clients in the system NFSD: limit the number of v4 clients to 1024 per 1GB of system memory NFSD: keep track of the number of courtesy clients in the system NFSD: add shrinker to reap courtesy clients on low memory condition NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker NFSD: add support for sending CB_RECALL_ANY NFSD: add delegation reaper to react to low memory condition NFSD: add CB_RECALL_ANY tracepoints NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time NFSD: replace delayed_work with work_struct for nfsd_client_shrinker NFSD: enhance inter-server copy cleanup NFSD: fix leaked reference count of nfsd4_ssc_umount_item NFSD: fix problems with cleanup on errors in nfsd4_copy NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Damien Le Moal (1): block: Clear zone limits for a non-zoned stacked queue Dan Carpenter (2): nfsd: fix double fget() bug in __write_ports_addfd() staging: vc04_services: fix information leak in create_component() Daniel Sneddon (2): x86/bhi: Define SPEC_CTRL_BHI_DIS_S KVM: x86: Add BHI_NO Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB David Disseldorp (1): exportfs: use pr_debug for unreachable debug statements David Hildenbrand (1): mm/secretmem: fix GUP-fast succeeding on secretmem folios David Laight (1): minmax: add umin(a, b) and umax(a, b) David Thompson (3): mlxbf_gige: stop PHY during open() error paths mlxbf_gige: call request_irq() after NAPI initialized mlxbf_gige: stop interface during shutdown Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Denis Kirjanov (1): drivers: net: convert to boolean for the mac_managed_pm flag Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Eric Dumazet (4): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head Eric W. Biederman (2): exit: Implement kthread_exit exit: Rename module_put_and_exit to module_put_and_kthread_exit Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (4): clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabriel Krisman Bertazi (27): fsnotify: Don't insert unmergeable events in hashtable fanotify: Fold event size calculation to its own function fanotify: Split fsid check from other fid mode checks inotify: Don't force FS_IN_IGNORED fsnotify: Add helper to detect overflow_event fsnotify: Add wrapper around fsnotify_add_event fsnotify: Retrieve super block from the data field fsnotify: Protect fsnotify_handle_inode_event from no-inode events fsnotify: Pass group argument to free_event fanotify: Support null inode event in fanotify_dfid_inode fanotify: Allow file handle encoding for unhashed events fanotify: Encode empty file handle when no inode is provided fanotify: Require fid_mode for any non-fd event fsnotify: Support FS_ERROR event type fanotify: Reserve UAPI bits for FAN_FS_ERROR fanotify: Pre-allocate pool of error events fanotify: Support enqueueing of error events fanotify: Support merging of error events fanotify: Wrap object_fh inline space in a creator macro fanotify: Add helpers to decide whether to report FID/DFID fanotify: WARN_ON against too large file handles fanotify: Report fid info for file related file system errors fanotify: Emit generic error info for error event fanotify: Allow users to request FAN_FS_ERROR events ext4: Send notifications on error docs: Document the FAN_FS_ERROR event ext4: fix error code saved on super block during file system abort Gaosheng Cui (3): nfsd: remove nfsd4_prepare_cb_recall() declaration fsnotify: remove unused declaration fanotify: Remove obsoleted fanotify_event_has_path() Geert Uytterhoeven (1): net: ravb: Add R-Car Gen4 support Geliang Tang (1): selftests: mptcp: diag: return KSFT_FAIL not test_cnt Gokul krishna Krishnakumar (1): locking/rwsem: Disable preemption while trying for rwsem lock Greg Kroah-Hartman (3): cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" x86: set SPECTRE_BHI_ON as default Linux 5.15.154 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression H. Peter Anvin (Intel) (1): x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Hariprasad Kelam (2): Octeontx2-af: fix pause frame configuration in GMP mode octeontx2-af: Fix issue with loading coalesced KPU profiles Heiner Kallweit (2): i2c: i801: Avoid potential double call to gpiod_remove_lookup_table r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Huang Ying (1): swap: comments get_swap_device() with usage rule Hugo Villeneuve (1): serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Ivan Vecera (2): i40e: Remove _t suffix from enum type names i40e: Enforce software interrupt during busy-poll exit J. Bruce Fields (4): nfsd: update create verifier comment nfsd4: remove obselete comment nfsd: improve stateid access bitmask documentation nfs: block notification on fs with its own ->lock Jakob Koschel (1): nfsd: fix using the correct variable for sizeof() Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (4): drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jann Horn (3): HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jarred White (1): ACPI: CPPC: Use access_width over bit_width for system memory accesses Jason A. Donenfeld (2): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer Jeff Layton (52): nfsd: Add errno mapping for EREMOTEIO nfsd: Retry once in nfsd_open on an -EOPENSTALE return nfsd: silence extraneous printk on nfsd.ko insertion NFSD: drop fh argument from alloc_init_deleg NFSD: verify the opened dentry after setting a delegation nfsd: clean up mounted_on_fileid handling nfsd: only fill out return pointer on success in nfsd4_lookup_stateid nfsd: fix comments about spinlock handling with delegations nfsd: make nfsd4_run_cb a bool return function nfsd: extra checks when freeing delegation stateids nfsd: fix nfsd_file_unhash_and_dispose nfsd: rework hashtable handling in nfsd_do_file_acquire nfsd: ensure we always call fh_verify_error tracepoint nfsd: fix net-namespace logic in __nfsd_file_cache_purge nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint nfsd: put the export reference in nfsd4_verify_deleg_dentry lockd: use locks_inode_context helper nfsd: use locks_inode_context helper nfsd: ignore requests to disable unsupported versions nfsd: move nfserrno() to vfs.c nfsd: allow disabling NFSv2 at compile time nfsd: remove the pages_flushed statistic from filecache nfsd: reorganize filecache.c filelock: add a new locks_inode_context accessor function nfsd: fix up the filecache laundrette scheduling nfsd: return error if nfs4_setacl fails lockd: set missing fl_flags field when retrieving args lockd: ensure we use the correct file descriptor when unlocking lockd: fix file selection in nlmsvc_cancel_blocked nfsd: rework refcounting in filecache nfsd: fix handling of cached open files in nfsd4_open codepath nfsd: don't free files unconditionally in __nfsd_file_cache_purge nfsd: don't destroy global nfs4_file table in per-net shutdown nfsd: allow nfsd_file_get to sanely handle a NULL pointer nfsd: clean up potential nfsd_file refcount leaks in COPY codepath nfsd: don't hand out delegation on setuid files being opened for write nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open nfsd: don't fsync nfsd_files on last close nfsd: don't replace page in rq_pages if it's a continuation of last page nfsd: call op_release, even when op_func returns an error nfsd: don't open-code clear_and_wake_up_bit nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator nfsd: don't kill nfsd_files because of lease break error nfsd: add some comments to nfsd_file_do_acquire nfsd: don't take/put an extra reference when putting a file nfsd: update comment over __nfsd_file_cache_purge nfsd: allow reaping files still under writeback nfsd: simplify the delayed disposal list code nfsd: make a copy of struct iattr before calling notify_change nfsd: drop the nfsd_put helper nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jens Axboe (1): io_uring: ensure '0' is returned on file registration success Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jesper Dangaard Brouer (1): xen-netfront: Add missing skb_mark_for_recycle Jiapeng Chong (1): NFSD: Fix inconsistent indenting Jim Mattson (2): KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace KVM: x86: Use a switch statement and macros in __feature_translate() Jinpeng Cui (1): NFSD: remove redundant variable status Joe Damato (1): i40e: Store the irq number in i40e_q_vector Johan Hovold (1): arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johannes Berg (1): wifi: iwlwifi: mvm: rfi: fix potential response leaks Johannes Thumshirn (1): btrfs: zoned: use zone aware sb location for scrub John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Garry (2): dma-mapping: add dma_opt_mapping_size() dma-iommu: add iommu_dma_opt_mapping_size() John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josef Bacik (1): nfs: fix UAF in direct writes Josh Poimboeuf (1): x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Josua Mayer (1): hwmon: (amc6821) add of_match table Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kees Cook (1): NFSD: Avoid clashing function prototypes Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Linus Torvalds (1): x86/syscall: Don't force use of indirect calls for system calls Mahmoud Adam (1): net/rds: fix possible cp null dereference Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Marios Makassikis (1): ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Martin Blumenstingl (1): clocksource/drivers/arm_global_timer: Fix maximum prescaler value Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (2): ext4: fix corruption during on-line resize xen/events: close evtchn after mapping cleanup Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (1): Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Mickaël Salaün (1): landlock: Warn once if a Landlock action is requested while disabled Mika Westerberg (3): PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited PCI/DPC: Quirk PIO log size for certain Intel Root Ports PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (2): fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (5): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: Fix exiting from clock gating usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (4): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS hexagon: vmlinux.lds.S: handle attributes section NeilBrown (46): NFSD: move filehandle format declarations out of "uapi". NFSD: drop support for ancient filehandles NFSD: simplify struct nfsfh NFSD: handle errors better in write_ports_addfd() SUNRPC: change svc_get() to return the svc. SUNRPC/NFSD: clean up get/put functions. SUNRPC: stop using ->sv_nrthreads as a refcount nfsd: make nfsd_stats.th_cnt atomic_t SUNRPC: use sv_lock to protect updates to sv_nrthreads. NFSD: narrow nfsd_mutex protection in nfsd thread NFSD: Make it possible to use svc_set_num_threads_sync SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NFSD: simplify locking for network notifier. lockd: introduce nlmsvc_serv lockd: simplify management of network status notifiers lockd: move lockd_start_svc() call into lockd_create_svc() lockd: move svc_exit_thread() into the thread lockd: introduce lockd_put() lockd: rename lockd_create_svc() to lockd_get() SUNRPC: move the pool_map definitions (back) into svc.c SUNRPC: always treat sv_nrpools==1 as "not pooled" lockd: use svc_set_num_threads() for thread start and stop NFS: switch the callback service back to non-pooled. NFSD: simplify per-net file cache management NFS: restore module put when manager exits. NFSD: introduce struct nfsd_attrs NFSD: set attributes when creating symlinks NFSD: add security label to struct nfsd_attrs NFSD: add posix ACLs to struct nfsd_attrs NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NFSD: always drop directory lock in nfsd_unlink() NFSD: only call fh_unlock() once in nfsd_link() NFSD: reduce locking in nfsd_lookup() NFSD: use explicit lock/unlock for directory ops NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NFSD: discard fh_locked flag and fh_lock/fh_unlock NFSD: fix regression with setting ACLs. NFSD: drop fname and flen args from nfsd_create_locked() lockd: drop inappropriate svc_get() from locked_get() nfsd: Simplify code around svc_exit_thread() call in nfsd() nfsd: separate nfsd_last_thread() from nfsd_put() NFSD: fix possible oops when nfsd/pool_stats is closed. nfsd: call nfsd_last_thread() before final nfsd_put() nfsd: fix RELEASE_LOCKOWNER nfsd: don't take fi_lock in nfsd_break_deleg_cb() nfsd: don't call locks_release_private() twice concurrently Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Nicolin Chen (1): iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Nirmoy Das (1): drm/i915: Check before removing mm notifier Oleksij Rempel (1): net: usb: asix: suspend embedded PHY if external is used Olga Kornievskaia (1): NFSD enforce filehandle check for source file in COPY Oliver Ford (1): fs: inotify: Fix typo in inotify comment Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Oliver Upton (2): KVM: arm64: Work out supported block level at compile time KVM: arm64: Limit stage2_apply_range() batch size to largest block Ondrej Valousek (1): nfsd: Add support for the birth time attribute Pablo Neira Ayuso (5): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release Paul Barker (1): net: ravb: Always process TX descriptor ring Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Pawan Gupta (13): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests x86/bhi: Add support for clearing branch history at syscall entry x86/bhi: Enumerate Branch History Injection (BHI) bug x86/bhi: Add BHI mitigation knob x86/bhi: Mitigate KVM by default Peng Tao (1): nfsd: map EBADF Peter Collingbourne (2): kasan: test: add memcpy test that avoids out-of-bounds write serial: Lock console when calling into driver before registration Peter Zijlstra (4): arch: Introduce CONFIG_FUNCTION_ALIGNMENT x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/static_call: Add support for Jcc tail-calls Petr Mladek (1): printk/console: Split out code that enables default console Philip Yang (1): drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Philipp Stanner (1): pci_iounmap(): Fix MMIO mapping leak Pierre-Louis Bossart (3): ASoC: rt5682-sdw: fix locking sequence ASoC: rt711-sdca: fix locking sequence ASoC: rt711-sdw: fix locking sequence Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Prashanth K (1): usb: xhci: Add error handling in xhci_map_urb_for_dma Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (6): scsi: qla2xxx: Prevent command send on chip reset scsi: qla2xxx: Fix N2N stuck connection scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: NVME|FCP prefer flag not being honored scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Rickard x Andersson (1): tty: serial: imx: Fix broken RS485 Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Saurav Kashyap (2): scsi: qla2xxx: Fix double free of fcport scsi: qla2xxx: Change debug message during driver unload Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (7): KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word KVM: x86: Bail to userspace if emulation of atomic user access faults KVM: x86: Mark target gfn of emulated atomic instruction as dirty SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Rostedt (Google) (8): ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() NFSD: Fix nfsd_clid_class use of __string_len() macro net: hns3: tracing: fix hclgevf trace event strings tracing: Use .flush() call to wake up readers Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Sumit Garg (1): tee: optee: Fix kernel panic caused by incorrect error handling Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tavian Barnes (1): nfsd: Fix creation time serialization order Tetsuo Handa (1): NFSD: unregister shrinker when nfsd_init_net() fails Thomas Gleixner (4): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() x86/asm: Differentiate between code and function alignment Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Tom Chung (1): drm/amd/display: Preserve original aspect ratio in create stream Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Trond Myklebust (4): nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() nfsd: Fix a write performance regression nfsd: Clean up nfsd_file_put() nfsd: Fix a regression in nfsd_setattr() Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasily Averin (2): nfsd4: add refcount for nfsd4_blocked_lock fanotify: fix incorrect fmode_t casts Ville Syrjälä (1): drm/amdgpu: Use drm_mode_copy() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wei Fang (1): net: fec: Set mac_managed_pm during probe Weitao Wang (1): USB: UAS: return ENODEV when submit urbs fail with device not attached Will Deacon (1): swiotlb: Fix alignment checks when both allocation and DMA masks are present Wolfram Sang (3): mmc: tmio: avoid concurrent runs of mmc_request_done() NFSD: move from strlcpy with unused retval to strscpy lockd: move from strlcpy with unused retval to strscpy Xin Gao (1): fsnotify: Fix comment typo Xiu Jianfeng (1): NFSD: Use struct_size() helper in alloc_session() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Ye Zhang (1): thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zack Rusin (1): drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Zhang Jiaming (1): NFSD: Fix space and spelling mistake Zhang Xiaoxu (2): nfsd: Unregister the cld notifier when laundry_wq create failed nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() min15.li (1): nvme: fix miss command type check yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 5 months

1
1
0 0

Backport commit ed4adc07207d ("net: ravb: Count packets instead of descriptors in GbEth RX path")

by Claudiu Beznea

Hi, The commit ed4adc07207d ("net: ravb: Count packets instead of descriptors in GbEth RX path") is a clean cherry-pick for v6.1 kernels. It fixes the value returned by NAPI poll method. The NAPI instance is serviced based on this value. Thank you, Claudiu Beznea ________________________________ Renesas Electronics Europe GmbH Registered Office: Arcadiastrasse 10 DE-40472 Duesseldorf Commercial Registry: Duesseldorf, HRB 3708 Managing Director: Carsten Jauch VAT-No.: DE 14978647 Tax-ID-No: 105/5839/1793 Legal Disclaimer: This e-mail communication (and any attachment/s) is confidential and contains proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.

1 year, 5 months

3
2
0 0

[tip: x86/urgent] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n

by tip-bot2 for Sean Christopherson

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: f337a6a21e2fd67eadea471e93d05dd37baaa9be Gitweb: https://git.kernel.org/tip/f337a6a21e2fd67eadea471e93d05dd37baaa9be Author: Sean Christopherson <seanjc(a)google.com> AuthorDate: Tue, 09 Apr 2024 10:51:05 -07:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Wed, 10 Apr 2024 16:22:47 +02:00 x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly states that disabling SPECULATION_MITIGATIONS is supposed to turn off all mitigations by default. │ If you say N, all mitigations will be disabled. You really │ should know what you are doing to say so. As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Daniel Sneddon <daniel.sneddon(a)linux.intel.com> Cc: stable(a)vger.kernel.org Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20240409175108.1512861-2-seanjc@google.com --- kernel/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/cpu.c b/kernel/cpu.c index 8f6affd..07ad53b 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3207,7 +3207,8 @@ enum cpu_mitigations { }; static enum cpu_mitigations cpu_mitigations __ro_after_init = - CPU_MITIGATIONS_AUTO; + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : + CPU_MITIGATIONS_OFF; static int __init mitigations_parse_cmdline(char *arg) {

1 year, 5 months

1
0
0 0

[tip: x86/urgent] x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n

by tip-bot2 for Sean Christopherson

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: e8f2ec1cc10e86adfc2089fb93a1158e69989bbd Gitweb: https://git.kernel.org/tip/e8f2ec1cc10e86adfc2089fb93a1158e69989bbd Author: Sean Christopherson <seanjc(a)google.com> AuthorDate: Tue, 09 Apr 2024 10:51:06 -07:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Wed, 10 Apr 2024 16:22:56 +02:00 x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n Rework the initialization of bhi_mitigation to use positive CONFIG tests for the ON/AUTO cases so that lack of *any* CONFIG_SPECTRE_BHI_* #define, i.e. when the kernel is built with CONFIG_SPECULATION_MITIGATIONS=n, results in the mitigation being OFF by default, not AUTO. Per the help text for SPECULATION_MITIGATIONS, the intent is that 'N' disables all mitigations. Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Daniel Sneddon <daniel.sneddon(a)linux.intel.com> Cc: stable(a)vger.kernel.org Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20240409175108.1512861-3-seanjc@google.com --- arch/x86/kernel/cpu/bugs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 27f5004..7e4a706 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1630,9 +1630,9 @@ enum bhi_mitigations { }; static enum bhi_mitigations bhi_mitigation __ro_after_init = - IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : - IS_ENABLED(CONFIG_SPECTRE_BHI_OFF) ? BHI_MITIGATION_OFF : - BHI_MITIGATION_AUTO; + IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : + IS_ENABLED(CONFIG_SPECTRE_BHI_AUTO) ? BHI_MITIGATION_AUTO : + BHI_MITIGATION_OFF; static int __init spectre_bhi_parse_cmdline(char *str) {

1 year, 5 months

1
0
0 0

[git:media_stage/master] media: mc: Fix graph walk in media_pipeline_start

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: mc: Fix graph walk in media_pipeline_start Author: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Date: Mon Mar 18 11:50:59 2024 +0200 The graph walk tries to follow all links, even if they are not between pads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link. Fix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK links. Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Cc: stable(a)vger.kernel.org # for 6.1 and later Fixes: ae219872834a ("media: mc: entity: Rewrite media_pipeline_start()") Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/mc/mc-entity.c | 6 ++++++ 1 file changed, 6 insertions(+) --- diff --git a/drivers/media/mc/mc-entity.c b/drivers/media/mc/mc-entity.c index 0e28b9a7936e..96dd0f6ccd0d 100644 --- a/drivers/media/mc/mc-entity.c +++ b/drivers/media/mc/mc-entity.c @@ -619,6 +619,12 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe, link = list_entry(entry->links, typeof(*link), list); last_link = media_pipeline_walk_pop(walk); + if ((link->flags & MEDIA_LNK_FL_LINK_TYPE) != MEDIA_LNK_FL_DATA_LINK) { + dev_dbg(walk->mdev->dev, + "media pipeline: skipping link (not data-link)\n"); + return 0; + } + dev_dbg(walk->mdev->dev, "media pipeline: exploring link '%s':%u -> '%s':%u\n", link->source->entity->name, link->source->index,

1 year, 5 months

1
0
0 0

[git:media_stage/master] media: v4l: async: Properly re-initialise notifier entry in unregister

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: async: Properly re-initialise notifier entry in unregister Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Fri Mar 8 15:06:13 2024 +0200 The notifier_entry of a notifier is not re-initialised after unregistering the notifier. This leads to dangling pointers being left there so use list_del_init() to return the notifier_entry an empty list. Fixes: b8ec754ae4c5 ("media: v4l: async: Set v4l2_device and subdev in async notifier init") Cc: <stable(a)vger.kernel.org> # for 6.6 and later Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/v4l2-core/v4l2-async.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/v4l2-core/v4l2-async.c b/drivers/media/v4l2-core/v4l2-async.c index 2ff35d5d60f2..4bb073587817 100644 --- a/drivers/media/v4l2-core/v4l2-async.c +++ b/drivers/media/v4l2-core/v4l2-async.c @@ -635,7 +635,7 @@ __v4l2_async_nf_unregister(struct v4l2_async_notifier *notifier) v4l2_async_nf_unbind_all_subdevs(notifier); - list_del(&notifier->notifier_entry); + list_del_init(&notifier->notifier_entry); } void v4l2_async_nf_unregister(struct v4l2_async_notifier *notifier)

1 year, 5 months

1
0
0 0

[git:media_stage/master] media: v4l: async: Fix notifier list entry init

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: async: Fix notifier list entry init Author: Alexander Stein <alexander.stein(a)ew.tq-group.com> Date: Thu Mar 7 15:24:51 2024 +0100 struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head. This results in a NULL-pointer dereference if csi2_async_register() fails, e.g. node for remote endpoint is disabled, and returns -ENOTCONN. The following calls to v4l2_async_nf_unregister() results in a NULL pointer dereference. Add the missing list head initializer. Fixes: b8ec754ae4c5 ("media: v4l: async: Set v4l2_device and subdev in async notifier init") Cc: <stable(a)vger.kernel.org> # for 6.6 and later Signed-off-by: Alexander Stein <alexander.stein(a)ew.tq-group.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/v4l2-core/v4l2-async.c | 2 ++ 1 file changed, 2 insertions(+) --- diff --git a/drivers/media/v4l2-core/v4l2-async.c b/drivers/media/v4l2-core/v4l2-async.c index 3ec323bd528b..6a7dcf43d712 100644 --- a/drivers/media/v4l2-core/v4l2-async.c +++ b/drivers/media/v4l2-core/v4l2-async.c @@ -563,6 +563,7 @@ void v4l2_async_nf_init(struct v4l2_async_notifier *notifier, { INIT_LIST_HEAD(&notifier->waiting_list); INIT_LIST_HEAD(&notifier->done_list); + INIT_LIST_HEAD(&notifier->notifier_entry); notifier->v4l2_dev = v4l2_dev; } EXPORT_SYMBOL(v4l2_async_nf_init); @@ -572,6 +573,7 @@ void v4l2_async_subdev_nf_init(struct v4l2_async_notifier *notifier, { INIT_LIST_HEAD(&notifier->waiting_list); INIT_LIST_HEAD(&notifier->done_list); + INIT_LIST_HEAD(&notifier->notifier_entry); notifier->sd = sd; } EXPORT_SYMBOL_GPL(v4l2_async_subdev_nf_init);

1 year, 5 months

1
0
0 0

[git:media_stage/master] media: ov2680: Clear the 'ret' variable on success

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov2680: Clear the 'ret' variable on success Author: Fabio Estevam <festevam(a)denx.de> Date: Thu Mar 28 19:44:12 2024 -0300 Since commit 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") even when the correct 'link-frequencies' property is passed in the devicetree, the driver fails to probe: ov2680 1-0036: probe with driver ov2680 failed with error -22 The reason is that the variable 'ret' may contain the -EINVAL value from a previous assignment: ret = fwnode_property_read_u32(dev_fwnode(dev), "clock-frequency", &rate); Fix the problem by clearing 'ret' on the successful path. Tested on imx7s-warp board with the following devicetree: port { ov2680_to_mipi: endpoint { remote-endpoint = <&mipi_from_sensor>; clock-lanes = <0>; data-lanes = <1>; link-frequencies = /bits/ 64 <330000000>; }; }; Cc: stable(a)vger.kernel.org Fixes: 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") Suggested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Fabio Estevam <festevam(a)denx.de> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/ov2680.c | 1 + 1 file changed, 1 insertion(+) --- diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c index 39d321e2b7f9..3e3b7c2b492c 100644 --- a/drivers/media/i2c/ov2680.c +++ b/drivers/media/i2c/ov2680.c @@ -1135,6 +1135,7 @@ static int ov2680_parse_dt(struct ov2680_dev *sensor) goto out_free_bus_cfg; } + ret = 0; out_free_bus_cfg: v4l2_fwnode_endpoint_free(&bus_cfg); return ret;

1 year, 5 months

1
0
0 0

[git:media_stage/master] media: ov2680: Allow probing if link-frequencies is absent

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov2680: Allow probing if link-frequencies is absent Author: Fabio Estevam <festevam(a)denx.de> Date: Thu Mar 28 19:44:13 2024 -0300 Since commit 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") the ov2680 no longer probes on a imx7s-warp7: ov2680 1-0036: error -EINVAL: supported link freq 330000000 not found ov2680 1-0036: probe with driver ov2680 failed with error -22 As the 'link-frequencies' property is not mandatory, allow the probe to succeed by skipping the link-frequency verification when the property is absent. Cc: stable(a)vger.kernel.org Fixes: 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") Signed-off-by: Fabio Estevam <festevam(a)denx.de> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/ov2680.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c index 3e3b7c2b492c..a857763c7984 100644 --- a/drivers/media/i2c/ov2680.c +++ b/drivers/media/i2c/ov2680.c @@ -1123,18 +1123,23 @@ static int ov2680_parse_dt(struct ov2680_dev *sensor) goto out_free_bus_cfg; } + if (!bus_cfg.nr_of_link_frequencies) { + dev_warn(dev, "Consider passing 'link-frequencies' in DT\n"); + goto skip_link_freq_validation; + } + for (i = 0; i < bus_cfg.nr_of_link_frequencies; i++) if (bus_cfg.link_frequencies[i] == sensor->link_freq[0]) break; - if (bus_cfg.nr_of_link_frequencies == 0 || - bus_cfg.nr_of_link_frequencies == i) { + if (bus_cfg.nr_of_link_frequencies == i) { ret = dev_err_probe(dev, -EINVAL, "supported link freq %lld not found\n", sensor->link_freq[0]); goto out_free_bus_cfg; } +skip_link_freq_validation: ret = 0; out_free_bus_cfg: v4l2_fwnode_endpoint_free(&bus_cfg);

1 year, 5 months

1
0
0 0

[git:media_stage/master] media: ov2740: Fix LINK_FREQ and PIXEL_RATE control value reporting

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov2740: Fix LINK_FREQ and PIXEL_RATE control value reporting Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Wed Mar 27 10:57:31 2024 +0200 The driver dug the supported link frequency up from the V4L2 fwnode endpoint and used it internally, but failed to report this in the LINK_FREQ and PIXEL_RATE controls. Fix this. Fixes: 0677a2d9b735 ("media: ov2740: Add support for 180 MHz link frequency") Cc: stable(a)vger.kernel.org # for v6.8 and later Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Bingbu Cao <bingbu.cao(a)intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/ov2740.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- diff --git a/drivers/media/i2c/ov2740.c b/drivers/media/i2c/ov2740.c index 552935ccb4a9..57906df7be4e 100644 --- a/drivers/media/i2c/ov2740.c +++ b/drivers/media/i2c/ov2740.c @@ -768,14 +768,15 @@ static int ov2740_init_controls(struct ov2740 *ov2740) cur_mode = ov2740->cur_mode; size = ARRAY_SIZE(link_freq_menu_items); - ov2740->link_freq = v4l2_ctrl_new_int_menu(ctrl_hdlr, &ov2740_ctrl_ops, - V4L2_CID_LINK_FREQ, - size - 1, 0, - link_freq_menu_items); + ov2740->link_freq = + v4l2_ctrl_new_int_menu(ctrl_hdlr, &ov2740_ctrl_ops, + V4L2_CID_LINK_FREQ, size - 1, + ov2740->supported_modes->link_freq_index, + link_freq_menu_items); if (ov2740->link_freq) ov2740->link_freq->flags |= V4L2_CTRL_FLAG_READ_ONLY; - pixel_rate = to_pixel_rate(OV2740_LINK_FREQ_360MHZ_INDEX); + pixel_rate = to_pixel_rate(ov2740->supported_modes->link_freq_index); ov2740->pixel_rate = v4l2_ctrl_new_std(ctrl_hdlr, &ov2740_ctrl_ops, V4L2_CID_PIXEL_RATE, 0, pixel_rate, 1, pixel_rate);

1 year, 5 months

1
0
0 0

[git:media_stage/master] media: v4l: async: Don't set notifier's V4L2 device if registering fails

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: async: Don't set notifier's V4L2 device if registering fails Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Fri Mar 8 15:07:45 2024 +0200 The V4L2 device used to be set when the notifier was registered but this has been moved to the notifier initialisation. Don't touch the V4L2 device if registration fails. Fixes: b8ec754ae4c5 ("media: v4l: async: Set v4l2_device and subdev in async notifier init") Cc: <stable(a)vger.kernel.org> # for 6.6 and later Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/v4l2-core/v4l2-async.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-async.c b/drivers/media/v4l2-core/v4l2-async.c index 6a7dcf43d712..2ff35d5d60f2 100644 --- a/drivers/media/v4l2-core/v4l2-async.c +++ b/drivers/media/v4l2-core/v4l2-async.c @@ -620,16 +620,10 @@ err_unlock: int v4l2_async_nf_register(struct v4l2_async_notifier *notifier) { - int ret; - if (WARN_ON(!notifier->v4l2_dev == !notifier->sd)) return -EINVAL; - ret = __v4l2_async_nf_register(notifier); - if (ret) - notifier->v4l2_dev = NULL; - - return ret; + return __v4l2_async_nf_register(notifier); } EXPORT_SYMBOL(v4l2_async_nf_register);

1 year, 5 months

1
0
0 0