- Linux-stable-mirror - lists.linaro.org

[PATCH 1/3] drm/ast: Set DDC timeout in milliseconds

by Thomas Zimmermann

Compute the i2c timeout in jiffies from a value in milliseconds. The original values of 2 jiffies equals 2 milliseconds if HZ has been configured to a value of 1000. This corresponds to 2.2 milliseconds used by most other DRM drivers. Update ast accordingly. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 312fec1405dd ("drm: Initial KMS driver for AST (ASpeed Technologies) 2000 series (v2)") Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v3.5+ --- drivers/gpu/drm/ast/ast_ddc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ast/ast_ddc.c b/drivers/gpu/drm/ast/ast_ddc.c index b7718084422f3..3e156a6b6831d 100644 --- a/drivers/gpu/drm/ast/ast_ddc.c +++ b/drivers/gpu/drm/ast/ast_ddc.c @@ -153,7 +153,7 @@ struct ast_ddc *ast_ddc_create(struct ast_device *ast) bit = &ddc->bit; bit->udelay = 20; - bit->timeout = 2; + bit->timeout = usecs_to_jiffies(2200); bit->data = ddc; bit->setsda = ast_ddc_algo_bit_data_setsda; bit->setscl = ast_ddc_algo_bit_data_setscl; -- 2.44.0

1 year, 5 months

2
1
0 0

[PATCH 0/4 5.10] rxrpc: Fix KASAN: slab-out-of-bounds Read in kernel_bind

by Alexander Ofitserov

This bug was found with syzkaller on Linux kernel v5.10. This patch series fixes the bug. Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org Xin Long (1): rxrpc: use udp tunnel APIs instead of open code in rxrpc_open_socket David Howells (2): rxrpc: Fix missing dependency on NET_UDP_TUNNEL rxrpc: Enable IPv6 checksums on transport socket Vadim Fedorenko (1): rxrpc: Fix dependency on IPv6 in udp tunnel config net/rxrpc/Kconfig | 1 + net/rxrpc/local_object.c | 77 +++++++++++++++------------------------- 2 files changed, 30 insertions(+), 48 deletions(-) -- 2.42.1

1 year, 5 months

1
4
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040850-wildly-gyration-12ff@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 5 months

2
2
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040843-utmost-staff-773b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 5 months

2
2
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040847-departure-lining-fed7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 5 months

2
2
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 5.15-stable tree

by Sasha Levin

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 5 months

2
1
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 5.10-stable tree

by Sasha Levin

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 5 months

2
1
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 4.19-stable tree

by Sasha Levin

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 5 months

2
1
0 0

[PATCH 6.8 000/279] 6.8.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.5 release. There are 279 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:27:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.5-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.5-rc2 Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Rework rebinding Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use ring ops TLB invalidation for rebinds Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Björn Töpel <bjorn(a)rivosinc.com> riscv: Fix vector state restore in rt_sigreturn() Kent Overstreet <kent.overstreet(a)linux.dev> aio: Fix null ptr deref in aio_complete() wakeup Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Correct the delay calculation Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Remove the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/rw: don't allow multishot reads without NOWAIT support Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Christian Bendiksen <christian(a)bendiksen.me> ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: Add pplcllpl/u members to hdac_ext_stream Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Gabe Teeger <gabe.teeger(a)amd.com> Revert "drm/amd/display: Send DTBCLK disable message on first commit" Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Peter Collingbourne <pcc(a)google.com> stackdepot: rename pool_index to pool_index_plus_1 Oscar Salvador <osalvador(a)suse.de> lib/stackdepot: move stack_record struct definition into the header Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix warning by declaring arch_cpu_idle() as noinstr Andreas Schwab <schwab(a)suse.de> riscv: use KERN_INFO in do_trap Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Limit the reserved VM space to only the platforms that need it Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without trip points Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without cooling devices Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix DSC state HW readout for SST connectors Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp pdm configuration check Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Christian Brauner <brauner(a)kernel.org> block: count BLK_OPEN_RESTRICT_WRITES openers Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Vladimir Isaev <vladimir.isaev(a)syntacore.com> riscv: hwprobe: do not produce frtace relocation Samuel Holland <samuel.holland(a)sifive.com> riscv: mm: Fix prototype to avoid discarding const Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: use += operator to append strings Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Guenter Roeck <linux(a)roeck-us.net> mean_and_variance: Drop always failing tests Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Joshua Hay <joshua.a.hay(a)intel.com> idpf: fix kernel panic on unknown packet types Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Will Deacon <will(a)kernel.org> KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent BPF accessing lowat from a subflow socket. Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Wujie Duan <wjduan(a)linx-info.com> KVM: arm64: Fix out-of-IPA space translation fault handling Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> kbuild: make -Woverride-init warnings more consistent Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning José Roberto de Souza <jose.souza(a)intel.com> drm/i915: Do not print 'pxp init failed with 0' when it succeed Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Disable AuxCCS framebuffers if built for Xe Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Validate the PASID in iommu_attach_device_pasid() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size Taimur Hassan <syed.hassan(a)amd.com> drm/amd/display: Send DTBCLK disable message on first commit Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: Update P010 scaling cap David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix debug messaging in gpiod_find_and_request() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Remove AR30 and AB30 format support Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Prasad Pandit <pjp(a)fedoraproject.org> dpll: indent DPLL option type by a tab Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_GT_PER_TILE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/queue: fix engine_class bounds check Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: use jiffies for job timeout Brian Welty <brian.welty(a)intel.com> drm/xe: Add exec_queue.sched_props.job_timeout_ms Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Remove unused xe_bo->props struct Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Jan Kara <jack(a)suse.cz> nfsd: Fix error cleanup path in nfsd_rename() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Stanislav Fomichev <sdf(a)google.com> xsk: Don't assume metadata is always requested in TX completion Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/nvhe/tlb.c | 3 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/kvm/hyp/vhe/tlb.c | 3 +- arch/arm64/kvm/mmu.c | 2 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 5 +- arch/riscv/kernel/signal.c | 15 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/kernel/vdso/Makefile | 1 + arch/riscv/kvm/aia_aplic.c | 37 +++- arch/riscv/mm/tlbflush.c | 4 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 10 +- arch/s390/kernel/perf_pai_ext.c | 10 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 ++--- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 +++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 ++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 +++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++ arch/x86/entry/entry_64_compat.S | 16 ++ arch/x86/entry/syscall_32.c | 21 ++- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 14 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 17 ++ arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/bugs.c | 121 ++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +-- arch/x86/kernel/sev.c | 14 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 +++-- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 -- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +-- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +++----- arch/x86/mm/pat/memtype.c | 49 +++-- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- block/bdev.c | 6 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++++--- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 ++- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/dpll/Kconfig | 2 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 +++++- drivers/gpio/gpiolib.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 ++- drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 +- drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 7 +- drivers/gpu/drm/i915/display/g4x_dp.c | 2 - .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 9 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 4 - drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 + drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 +- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 ++ drivers/gpu/drm/i915/gt/intel_gt.c | 6 + drivers/gpu/drm/i915/gt/intel_gt.h | 9 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 ++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++++-- drivers/gpu/drm/i915/i915_driver.c | 2 +- drivers/gpu/drm/i915/i915_perf.c | 2 +- drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 - drivers/gpu/drm/xe/Makefile | 4 +- drivers/gpu/drm/xe/xe_bo.c | 59 +----- drivers/gpu/drm/xe/xe_bo_types.h | 19 -- drivers/gpu/drm/xe/xe_device.h | 4 +- drivers/gpu/drm/xe/xe_exec.c | 31 +--- drivers/gpu/drm/xe/xe_exec_queue.c | 4 +- drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 + drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_pt.c | 8 +- drivers/gpu/drm/xe/xe_ring_ops.c | 11 +- drivers/gpu/drm/xe/xe_sched_job.c | 10 + drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/gpu/drm/xe/xe_vm.c | 27 +-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/iommu/iommu.c | 11 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 ++- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 ++-- drivers/net/ethernet/intel/e1000e/netdev.c | 24 ++- drivers/net/ethernet/intel/e1000e/phy.c | 184 +++++++++++------- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 13 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++++--- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +++-- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 18 +- drivers/net/ethernet/intel/ice/ice_switch.c | 24 ++- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 +- drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++- drivers/net/ethernet/microchip/lan743x_main.c | 18 ++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +++- drivers/net/ethernet/renesas/ravb_main.c | 33 ++-- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +++- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +++- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 ++ drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/pinctrl/aspeed/Makefile | 2 +- drivers/s390/net/qeth_core_main.c | 38 +++- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +-- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 +++++--- drivers/thermal/gov_power_allocator.c | 14 +- fs/aio.c | 2 +- fs/bcachefs/mean_and_variance_test.c | 28 +-- fs/nfsd/nfs4state.c | 7 +- fs/nfsd/vfs.c | 3 +- fs/proc/Makefile | 2 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 19 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 157 ++++++++++------ fs/smb/client/dfs.c | 51 +++-- fs/smb/client/dfs.h | 33 ++-- fs/smb/client/dfs_cache.c | 53 +++--- fs/smb/client/dir.c | 15 ++ fs/smb/client/file.c | 111 +++++++++-- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 ++ fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 8 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/stackdepot.h | 46 +++++ include/linux/udp.h | 28 +++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + include/net/xdp_sock.h | 2 + include/sound/hdaudio_ext.h | 3 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++++-------- io_uring/kbuf.h | 8 +- io_uring/rw.c | 9 +- kernel/bpf/Makefile | 2 +- kernel/bpf/syscall.c | 35 +++- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- lib/stackdepot.c | 47 +---- mm/Makefile | 3 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++++--- net/bluetooth/hci_event.c | 25 +++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 44 ++++- net/ipv4/inet_fragment.c | 70 +++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 ++- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 2 - net/mptcp/sockopt.c | 4 + net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 +++++++-- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/Makefile.extrawarn | 10 +- scripts/bpf_doc.py | 4 +- scripts/mod/modpost.c | 7 +- security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l41_hda_property.c | 6 + sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/amd/acp/acp-pci.c | 13 +- sound/soc/codecs/cs42l43.c | 12 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- sound/soc/sof/intel/hda-common-ops.c | 3 + sound/soc/sof/intel/hda-dai-ops.c | 11 ++ sound/soc/sof/intel/hda-pcm.c | 29 +++ sound/soc/sof/intel/hda-stream.c | 70 +++++++ sound/soc/sof/intel/hda.h | 6 + sound/soc/sof/intel/lnl.c | 2 - sound/soc/sof/intel/mtl.c | 14 -- sound/soc/sof/intel/mtl.h | 10 - sound/soc/sof/ipc4-pcm.c | 193 +++++++++++++++---- sound/soc/sof/ipc4-priv.h | 14 -- sound/soc/sof/ipc4-topology.c | 22 ++- sound/soc/sof/ops.h | 24 ++- sound/soc/sof/pcm.c | 8 + sound/soc/sof/sof-audio.h | 9 +- sound/soc/sof/sof-priv.h | 24 ++- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 ++-- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++++++++++++-------- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 342 files changed, 3587 insertions(+), 1739 deletions(-)

1 year, 5 months

2
1
0 0

[PATCH 6.6 000/254] 6.6.26-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.26 release. There are 254 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:27:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.26-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.26-rc2 Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Davide Caratti <dcaratti(a)redhat.com> mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix typo in assignment Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: legacy: field get conversion Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: add bit macro includes where needed Ivan Vecera <ivecera(a)redhat.com> i40e: Remove circular header dependencies and fix headers Ivan Vecera <ivecera(a)redhat.com> i40e: Split i40e_osdep.h Ivan Vecera <ivecera(a)redhat.com> i40e: Move memory allocation structures to i40e_alloc.h Ivan Vecera <ivecera(a)redhat.com> i40e: Simplify memory allocation functions Ivan Vecera <ivecera(a)redhat.com> virtchnl: Add header dependencies Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor I40E_MDIO_CLAUSE* macros Ivan Vecera <ivecera(a)redhat.com> i40e: Remove back pointer from i40e_hw structure Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Josh Poimboeuf <jpoimboe(a)kernel.org> x86/nospec: Refactor UNTRAIN_RET[_*] Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Disentangle rethunk-dependent options Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Improve i-cache locality for alias mitigation Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Jack Brennen <jbrennen(a)google.com> modpost: Optimize symbol search from linear to binary search Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add X86_FEATURE_ZEN1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Get rid of amd_erratum_1054[] Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move Zenbleed check to the Zen2 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Carve out the erratum 1386 fix Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add ZenX generations flags Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when detecting delalloc ranges during fiemap Filipe Manana <fdmanana(a)suse.com> btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14016712196 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Replace several IS_METEORLAKE with proper IP version checks Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Eliminate IS_MTL_GRAPHICS_STEP Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Consolidate condition for Wa_22011802037 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Tidy workaround definitions Matt Roper <matthew.d.roper(a)intel.com> drm/i915/dg2: Drop pre-production GT workarounds Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: realloc VSI stats arrays Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: disable multi rx queue for 9000 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/i915/display: Use i915_gem_object_get_dma_address to get dma address ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++- Documentation/admin-guide/kernel-parameters.txt | 12 + Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 3 - arch/riscv/kvm/aia_aplic.c | 37 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 +-- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 ++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 ++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 +++ arch/x86/entry/entry_64_compat.S | 16 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 24 +- arch/x86/events/amd/lbr.c | 16 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 21 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 88 +++-- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/amd.c | 129 +++++-- arch/x86/kernel/cpu/bugs.c | 126 +++++- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 14 +- arch/x86/kernel/vmlinux.lds.S | 7 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 ++- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 - arch/x86/lib/retpoline.S | 165 ++++---- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +--- arch/x86/mm/pat/memtype.c | 49 ++- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 ++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 1 + drivers/gpu/drm/i915/display/intel_cursor.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 +- drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 4 +- drivers/gpu/drm/i915/gt/intel_gt.h | 31 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 + drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 +- drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_lrc.c | 38 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 23 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 6 +- drivers/gpu/drm/i915/gt/intel_reset.c | 20 +- drivers/gpu/drm/i915/gt/intel_reset.h | 2 + drivers/gpu/drm/i915/gt/intel_rps.c | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++++++-------------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/i915_drv.h | 4 - drivers/gpu/drm/i915/i915_perf.c | 11 +- drivers/gpu/drm/i915/intel_clock_gating.c | 8 - drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 +-- drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 +- drivers/net/ethernet/intel/e1000e/82571.c | 3 +- drivers/net/ethernet/intel/e1000e/ethtool.c | 7 +- drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 +-- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 35 +- drivers/net/ethernet/intel/e1000e/phy.c | 191 ++++++---- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 63 ++- drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 + drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 1 - drivers/net/ethernet/intel/i40e/i40e_common.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 +++ drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 +- drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 + drivers/net/ethernet/intel/i40e/i40e_io.h | 16 + drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 70 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 + drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 --- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 5 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 + drivers/net/ethernet/intel/i40e/i40e_type.h | 54 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 - drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 + drivers/net/ethernet/intel/iavf/iavf_common.c | 3 +- drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 +- drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 + drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 74 ++-- drivers/net/ethernet/intel/ice/ice_switch.c | 24 +- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/igb/e1000_82575.c | 29 +- drivers/net/ethernet/intel/igb/e1000_i210.c | 19 +- drivers/net/ethernet/intel/igb/e1000_mac.c | 2 +- drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 13 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 +- drivers/net/ethernet/intel/igbvf/mbx.c | 1 + drivers/net/ethernet/intel/igbvf/netdev.c | 33 +- drivers/net/ethernet/intel/igc/igc_i225.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/igc/igc_phy.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 + drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 ++-- drivers/usb/typec/ucsi/ucsi_glink.c | 14 + fs/btrfs/extent_io.c | 208 +++++++--- fs/btrfs/inode.c | 22 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 + fs/smb/client/cifsglob.h | 17 +- fs/smb/client/connect.c | 45 ++- fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 + fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/avf/virtchnl.h | 5 + include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++---- io_uring/kbuf.h | 8 +- kernel/bpf/syscall.c | 35 +- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 +++- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 106 ++---- net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 ++++- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- scripts/mod/Makefile | 4 +- scripts/mod/modpost.c | 73 +--- scripts/mod/modpost.h | 25 ++ scripts/mod/symsearch.c | 199 ++++++++++ security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/amd/acp/acp-pci.c | 5 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- tools/arch/x86/include/asm/cpufeatures.h | 2 +- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 355 files changed, 4162 insertions(+), 2344 deletions(-)

1 year, 5 months

3
2
0 0

[PATCH 6.1 000/137] 6.1.85-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.85 release. There are 137 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:27:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.85-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.85-rc2 Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> KVM: SVM: enhance info printk's in SEV init Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect access to registers Config2 and Config5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect mac ocp register access Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 +++++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/x86/Kconfig | 25 ++++ arch/x86/coco/core.c | 41 +++++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++++++ arch/x86/entry/entry_64_compat.S | 16 +++ arch/x86/entry/syscall_32.c | 21 +++- arch/x86/entry/syscall_64.c | 19 ++- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 4 +- arch/x86/events/amd/lbr.c | 16 ++- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 15 ++- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 37 +++++- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/kernel/cpu/bugs.c | 121 +++++++++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++-- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/setup.c | 2 + arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 60 ++++++---- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/ident_map.c | 23 +--- arch/x86/mm/pat/memtype.c | 49 +++++--- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 +++++----- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +++- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 ++- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +++++++++---- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +-- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++-- drivers/net/ethernet/microchip/lan743x_main.c | 18 +++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/realtek/r8169_main.c | 131 +++++++++++++++++---- drivers/net/ethernet/renesas/ravb_main.c | 33 +++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++++-- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++++-- drivers/net/phy/micrel.c | 31 +++-- drivers/net/usb/asix_devices.c | 4 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 +- drivers/of/dynamic.c | 12 ++ drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +++++- drivers/scsi/myrb.c | 20 ++-- drivers/scsi/myrs.c | 24 ++-- drivers/scsi/sd.c | 2 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 ++- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 17 ++- fs/smb/client/connect.c | 2 + fs/smb/client/dir.c | 15 +++ fs/smb/client/file.c | 111 ++++++++++++++--- fs/smb/client/fscache.c | 16 ++- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/device.h | 1 + include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 +++++ include/net/bluetooth/hci.h | 9 ++ include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 ++ kernel/bpf/verifier.c | 5 + mm/memory.c | 4 + net/9p/client.c | 10 +- net/bluetooth/hci_debugfs.c | 64 ++++++---- net/bluetooth/hci_event.c | 25 ++++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 33 ++++-- net/ipv4/inet_fragment.c | 70 +++++++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 ++ net/ipv4/udp_offload.c | 23 ++-- net/ipv6/ip6_fib.c | 14 +-- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 13 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 167 files changed, 1799 insertions(+), 555 deletions(-)

1 year, 5 months

2
1
0 0

[PATCH] mm,swapops: Update check in is_pfn_swap_entry for hwpoison entries

by Oscar Salvador

Tony reported that the Machine check recovery was broken in v6.9-rc1, as he was hitting a VM_BUG_ON when injecting uncorrectable memory errors to DRAM. After some more digging and debugging on his side, he realized that this went back to v6.1, with the introduction of 'commit 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")'. That commit, among other things, introduced swp_offset_pfn(), replacing hwpoison_entry_to_pfn() in its favour. The patch also introduced a VM_BUG_ON() check for is_pfn_swap_entry(), but is_pfn_swap_entry() never got updated to cover hwpoison entries, which means that we would hit the VM_BUG_ON whenever we would call swp_offset_pfn() for such entries on environments with CONFIG_DEBUG_VM set. Fix this by updating the check to cover hwpoison entries as well, and update the comment while we are it. Reported-by: Tony Luck <tony.luck(a)intel.com> Closes: https://lore.kernel.org/all/Zg8kLSl2yAlA3o5D@agluck-desk3/ Tested-by: Tony Luck <tony.luck(a)intel.com> Fixes: 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry") Cc: <stable(a)vger.kernel.org> # 6.1.x Signed-off-by: Oscar Salvador <osalvador(a)suse.de> --- include/linux/swapops.h | 65 +++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/include/linux/swapops.h b/include/linux/swapops.h index 48b700ba1d18..a5c560a2f8c2 100644 --- a/include/linux/swapops.h +++ b/include/linux/swapops.h @@ -390,6 +390,35 @@ static inline bool is_migration_entry_dirty(swp_entry_t entry) } #endif /* CONFIG_MIGRATION */ +#ifdef CONFIG_MEMORY_FAILURE + +/* + * Support for hardware poisoned pages + */ +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + BUG_ON(!PageLocked(page)); + return swp_entry(SWP_HWPOISON, page_to_pfn(page)); +} + +static inline int is_hwpoison_entry(swp_entry_t entry) +{ + return swp_type(entry) == SWP_HWPOISON; +} + +#else + +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + return swp_entry(0, 0); +} + +static inline int is_hwpoison_entry(swp_entry_t swp) +{ + return 0; +} +#endif + typedef unsigned long pte_marker; #define PTE_MARKER_UFFD_WP BIT(0) @@ -483,8 +512,9 @@ static inline struct folio *pfn_swap_entry_folio(swp_entry_t entry) /* * A pfn swap entry is a special type of swap entry that always has a pfn stored - * in the swap offset. They are used to represent unaddressable device memory - * and to restrict access to a page undergoing migration. + * in the swap offset. They can either be used to represent unaddressable device + * memory, to restrict access to a page undergoing migration or to represent a + * pfn which has been hwpoisoned and unmapped. */ static inline bool is_pfn_swap_entry(swp_entry_t entry) { @@ -492,7 +522,7 @@ static inline bool is_pfn_swap_entry(swp_entry_t entry) BUILD_BUG_ON(SWP_TYPE_SHIFT < SWP_PFN_BITS); return is_migration_entry(entry) || is_device_private_entry(entry) || - is_device_exclusive_entry(entry); + is_device_exclusive_entry(entry) || is_hwpoison_entry(entry); } struct page_vma_mapped_walk; @@ -561,35 +591,6 @@ static inline int is_pmd_migration_entry(pmd_t pmd) } #endif /* CONFIG_ARCH_ENABLE_THP_MIGRATION */ -#ifdef CONFIG_MEMORY_FAILURE - -/* - * Support for hardware poisoned pages - */ -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - BUG_ON(!PageLocked(page)); - return swp_entry(SWP_HWPOISON, page_to_pfn(page)); -} - -static inline int is_hwpoison_entry(swp_entry_t entry) -{ - return swp_type(entry) == SWP_HWPOISON; -} - -#else - -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - return swp_entry(0, 0); -} - -static inline int is_hwpoison_entry(swp_entry_t swp) -{ - return 0; -} -#endif - static inline int non_swap_entry(swp_entry_t entry) { return swp_type(entry) >= MAX_SWAPFILES; -- 2.44.0

1 year, 5 months

4
6
0 0

FAILED: patch "[PATCH] drm/i915/gt: Reset queue_priority_hint on parking" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4a3859ea5240365d21f6053ee219bb240d520895 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033042-ruckus-moonlight-d2e5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4a3859ea5240365d21f6053ee219bb240d520895 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Mon, 18 Mar 2024 14:58:47 +0100 Subject: [PATCH] drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. This preempt-to-busy race can be triggered by the heartbeat, which will also act as the power-management barrier and upon completion allow us to idle the HW. We may process the completion of the heartbeat, and begin parking the engine before the CS event that restores the queue_priority_hint, causing us to fail the assertion that it is MIN. <3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 166.210781] Dumping ftrace buffer: <0>[ 166.210795] --------------------------------- ... <0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 } <0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646 <0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0 <0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659 <0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40 <0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 } <0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2 <0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin <0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2 <0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin <0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660 <0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns } <0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked <0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040 <0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns } <0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns } <0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 167.303811] --------------------------------- <4>[ 167.304722] ------------[ cut here ]------------ <2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283! <4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1 <4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 <4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915] <4>[ 167.304839] RIP: 0010:__engine_park+0x3fd/0x680 [i915] <4>[ 167.304937] Code: 00 48 c7 c2 b0 e5 86 a0 48 8d 3d 00 00 00 00 e8 79 48 d4 e0 bf 01 00 00 00 e8 ef 0a d4 e0 31 f6 bf 09 00 00 00 e8 03 49 c0 e0 <0f> 0b 0f 0b be 01 00 00 00 e8 f5 61 fd ff 31 c0 e9 34 fd ff ff 48 <4>[ 167.304940] RSP: 0018:ffffc9000059fce0 EFLAGS: 00010246 <4>[ 167.304942] RAX: 0000000000000200 RBX: 0000000000000000 RCX: 0000000000000006 <4>[ 167.304944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 <4>[ 167.304946] RBP: ffff8881330ca1b0 R08: 0000000000000001 R09: 0000000000000001 <4>[ 167.304947] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881330ca000 <4>[ 167.304948] R13: ffff888110f02aa0 R14: ffff88812d1d0205 R15: ffff88811277d4f0 <4>[ 167.304950] FS: 0000000000000000(0000) GS:ffff88844f780000(0000) knlGS:0000000000000000 <4>[ 167.304952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 167.304953] CR2: 00007fc362200c40 CR3: 000000013306e003 CR4: 0000000000770ef0 <4>[ 167.304955] PKRU: 55555554 <4>[ 167.304957] Call Trace: <4>[ 167.304958] <TASK> <4>[ 167.305573] ____intel_wakeref_put_last+0x1d/0x80 [i915] <4>[ 167.305685] i915_request_retire.part.0+0x34f/0x600 [i915] <4>[ 167.305800] retire_requests+0x51/0x80 [i915] <4>[ 167.305892] intel_gt_retire_requests_timeout+0x27f/0x700 [i915] <4>[ 167.305985] process_scheduled_works+0x2db/0x530 <4>[ 167.305990] worker_thread+0x18c/0x350 <4>[ 167.305993] kthread+0xfe/0x130 <4>[ 167.305997] ret_from_fork+0x2c/0x50 <4>[ 167.306001] ret_from_fork_asm+0x1b/0x30 <4>[ 167.306004] </TASK> It is necessary for the queue_priority_hint to be lower than the next request submission upon waking up, as we rely on the hint to decide when to kick the tasklet to submit that first request. Fixes: 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy") Closes: https://gitlab.freedesktop.org/drm/intel/issues/10154 Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v5.4+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240318135906.716055-2-janus… (cherry picked from commit 98850e96cf811dc2d0a7d0af491caff9f5d49c1e) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/gt/intel_engine_pm.c b/drivers/gpu/drm/i915/gt/intel_engine_pm.c index 96bdb93a948d..fb7bff27b45a 100644 --- a/drivers/gpu/drm/i915/gt/intel_engine_pm.c +++ b/drivers/gpu/drm/i915/gt/intel_engine_pm.c @@ -279,9 +279,6 @@ static int __engine_park(struct intel_wakeref *wf) intel_engine_park_heartbeat(engine); intel_breadcrumbs_park(engine->breadcrumbs); - /* Must be reset upon idling, or we may miss the busy wakeup. */ - GEM_BUG_ON(engine->sched_engine->queue_priority_hint != INT_MIN); - if (engine->park) engine->park(engine); diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 42aade0faf2d..b061a0a0d6b0 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -3272,6 +3272,9 @@ static void execlists_park(struct intel_engine_cs *engine) { cancel_timer(&engine->execlists.timer); cancel_timer(&engine->execlists.preempt); + + /* Reset upon idling, or we may delay the busy wakeup. */ + WRITE_ONCE(engine->sched_engine->queue_priority_hint, INT_MIN); } static void add_to_engine(struct i915_request *rq)

1 year, 5 months

2
1
0 0

[PATCH 0/3] arm64: dts: qcom: Fix the msi-map entries

by Manivannan Sadhasivam

While adding the GIC ITS MSI support, it was found that the msi-map entries needed to be swapped to receive MSIs from the endpoint. But later it was identified that the swapping was needed due to a bug in the Qualcomm PCIe controller driver. And since the bug is now fixed with commit bf79e33cdd89 ("PCI: qcom: Enable BDF to SID translation properly"), let's fix the msi-map entries also to reflect the actual mapping in the hardware. Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- Manivannan Sadhasivam (3): arm64: dts: qcom: sm8450: Fix the msi-map entries arm64: dts: qcom: sm8550: Fix the msi-map entries arm64: dts: qcom: sm8650: Fix the msi-map entries arch/arm64/boot/dts/qcom/sm8450.dtsi | 16 ++++------------ arch/arm64/boot/dts/qcom/sm8550.dtsi | 10 ++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 10 ++++------ 3 files changed, 12 insertions(+), 24 deletions(-) --- base-commit: f6cef5f8c37f58a3bc95b3754c3ae98e086631ca change-id: 20240318-pci-bdf-sid-fix-2e7db6fe4238 Best regards, -- Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>

1 year, 5 months

3
4
0 0

kernel panic caused by recent changes in fs/cifs

by Chenglong Tang

Hi, developers, This is Chenglong Tang from the Google Container Optimized OS team. We recently received a kernel panic bug from the customers regarding cifs. This happened since the backport of following changes in cifs(in our kernel COS-5.10.208 and COS-5.15.146): cifs: Fix non-availability of dedup breaking generic/304: https://lore.kernel.org/r/3876191.1701555260@warthog.procyon.org.uk/ smb: client: fix potential NULL deref in parse_dfs_referrals(): Upstream commit 92414333eb375ed64f4ae92d34d579e826936480 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE: Upstream commit 13736654481198e519059d4a2e2e3b20fa9fdb3e smb: client: fix NULL deref in asn1_ber_decoder(): Upstream commit 90d025c2e953c11974e76637977c473200593a46 smb: a few more smb changes... The line that crashed is line 197 in fs/cifs/dfs_cache.c ``` if (unlikely(strcmp(cp->charset, cache_cp->charset))) { ``` I attached the dmesg and backtrace for debugging purposes. Let me know if you need more information. Best, Chenglong

1 year, 5 months

1
1
0 0

Requesting backport for fc20c523211 (cifs: fixes for get_inode_info)

by Meetakshi Setiya

commit fc20c523211a38b87fc850a959cb2149e4fd64b0 upstream cifs: fixes for get_inode_info requesting backport to 6.8.x, 6.6.x, 6.5.x and 6.1.x This patch fixes memory leaks, adds error checking, and performs some important code modifications to the changes introduced by patch 2 of this patch series: https://lore.kernel.org/stable/CAFTVevX6=4qFo6nwV14sCnfPRO9yb9q+YsP3XPaHMsP… commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 (smb: client: do not defer close open handles to deleted files) This patch and the three patches in the mails that precede this are related and fix an important customer reported bug on the linux smb client (explained in the mail for patch 1). Patches 2, 3 and 4 are meant to fix whatever regressions were introduced/exposed by patch 1. The patches have to be applied in the mentioned order and should be backported together. Patch 1: https://lore.kernel.org/stable/CAFTVevWEnEDAQbw59N-R03ppFgqa3qwTySfn61-+T4V… Patch 2: https://lore.kernel.org/stable/CAFTVevX6=4qFo6nwV14sCnfPRO9yb9q+YsP3XPaHMsP… Patch 3: https://lore.kernel.org/stable/CAFTVevX6Yzjm40EoGZzex6G-f3T-YNG2CZMAuy=fBSw… Patch 4: The current patch Thanks Meetakshi

1 year, 5 months

3
3
0 0

[PATCH v2] perf/x86: Fix out of range data

by Namhyung Kim

On x86 each cpu_hw_events maintains a table for counter assignment but it missed to update one for the deleted event in x86_pmu_del(). This can make perf_clear_dirty_counters() reset used counter if it's called before event scheduling or enabling. Then it would return out of range data which doesn't make sense. The following code can reproduce the problem. $ cat repro.c #include <pthread.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <linux/perf_event.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <sys/syscall.h> struct perf_event_attr attr = { .type = PERF_TYPE_HARDWARE, .config = PERF_COUNT_HW_CPU_CYCLES, .disabled = 1, }; void *worker(void *arg) { int cpu = (long)arg; int fd1 = syscall(SYS_perf_event_open, &attr, -1, cpu, -1, 0); int fd2 = syscall(SYS_perf_event_open, &attr, -1, cpu, -1, 0); void *p; do { ioctl(fd1, PERF_EVENT_IOC_ENABLE, 0); p = mmap(NULL, 4096, PROT_READ, MAP_SHARED, fd1, 0); ioctl(fd2, PERF_EVENT_IOC_ENABLE, 0); ioctl(fd2, PERF_EVENT_IOC_DISABLE, 0); munmap(p, 4096); ioctl(fd1, PERF_EVENT_IOC_DISABLE, 0); } while (1); return NULL; } int main(void) { int i; int n = sysconf(_SC_NPROCESSORS_ONLN); pthread_t *th = calloc(n, sizeof(*th)); for (i = 0; i < n; i++) pthread_create(&th[i], NULL, worker, (void *)(long)i); for (i = 0; i < n; i++) pthread_join(th[i], NULL); free(th); return 0; } And you can see the out of range data using perf stat like this. Probably it'd be easier to see on a large machine. $ gcc -o repro repro.c -pthread $ ./repro & $ sudo perf stat -A -I 1000 2>&1 | awk '{ if (length($3) > 15) print }' 1.001028462 CPU6 196,719,295,683,763 cycles # 194290.996 GHz (71.54%) 1.001028462 CPU3 396,077,485,787,730 branch-misses # 15804359784.80% of all branches (71.07%) 1.001028462 CPU17 197,608,350,727,877 branch-misses # 14594186554.56% of all branches (71.22%) 2.020064073 CPU4 198,372,472,612,140 cycles # 194681.113 GHz (70.95%) 2.020064073 CPU6 199,419,277,896,696 cycles # 195720.007 GHz (70.57%) 2.020064073 CPU20 198,147,174,025,639 cycles # 194474.654 GHz (71.03%) 2.020064073 CPU20 198,421,240,580,145 stalled-cycles-frontend # 100.14% frontend cycles idle (70.93%) 3.037443155 CPU4 197,382,689,923,416 cycles # 194043.065 GHz (71.30%) 3.037443155 CPU20 196,324,797,879,414 cycles # 193003.773 GHz (71.69%) 3.037443155 CPU5 197,679,956,608,205 stalled-cycles-backend # 1315606428.66% backend cycles idle (71.19%) 3.037443155 CPU5 198,571,860,474,851 instructions # 13215422.58 insn per cycle It should move the contents in the cpuc->assign as well. Fixes: 5471eea5d3bf ("perf/x86: Reset the dirty counter to prevent the leak for an RDPMC task") Reviewed-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Namhyung Kim <namhyung(a)kernel.org> --- * add Kan's reviewed-by tag arch/x86/events/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 09050641ce5d..5b0dd07b1ef1 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -1644,6 +1644,7 @@ static void x86_pmu_del(struct perf_event *event, int flags) while (++i < cpuc->n_events) { cpuc->event_list[i-1] = cpuc->event_list[i]; cpuc->event_constraint[i-1] = cpuc->event_constraint[i]; + cpuc->assign[i-1] = cpuc->assign[i]; } cpuc->event_constraint[i-1] = NULL; --cpuc->n_events; -- 2.44.0.278.ge034bb2e1d-goog

1 year, 5 months

2
1
0 0

Late Filling (Extension)

by Marisol Alvarez

Hello, I trust this message finds you well. My name is Marisol Alvarez, and I am currently in search of a new tax preparer for Extension. I came across your services and would like to inquire about your availability for new clients for the extension period. Specifically, I need assistance with the preparation of my individual tax returns, which includes Schedule D and Schedule C. Could you please provide information on your fee structure for handling returns with these schedules? Additionally, I am interested in becoming a client and would like to know the steps involved in signing up for your tax preparation services. I appreciate your prompt response and look forward to the possibility of working with you. Kind regards, Marisol Alvarez Member Services Specialist

1 year, 5 months

1
0
0 0

[PATCH 5.15 000/690] 5.15.154-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.154 release. There are 690 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Apr 2024 12:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.154-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.154-rc1 min15.li <min15.li(a)samsung.com> nvme: fix miss command type check Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jann Horn <jannh(a)google.com> openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached Jann Horn <jannh(a)google.com> HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Oleksij Rempel <linux(a)rempel-privat.de> net: usb: asix: suspend embedded PHY if external is used Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer details Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Sean Christopherson <seanjc(a)google.com> KVM: x86: Bail to userspace if emulation of atomic user access faults Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jens Axboe <axboe(a)kernel.dk> io_uring: ensure '0' is returned on file registration success Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> locking/rwsem: Disable preemption while trying for rwsem lock Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Bixuan Cui <cuibixuan(a)linux.alibaba.com> iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Stop using the SCSI pointer Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Call scsi_done() directly Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/amdgpu: Use drm_mode_copy() Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() Alexander Aring <aahringo(a)redhat.com> lockd: introduce safe async lock op NeilBrown <neilb(a)suse.de> NFSD: fix possible oops when nfsd/pool_stats is closed. Chuck Lever <chuck.lever(a)oracle.com> Documentation: Add missing documentation for EXPORT_OP flags NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() NeilBrown <neilb(a)suse.de> nfsd: don't allow nfsd threads to be signalled. Tavian Barnes <tavianator(a)tavianator.com> nfsd: Fix creation time serialization order Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_encode_nfstime4() helper NeilBrown <neilb(a)suse.de> lockd: drop inappropriate svc_get() from locked_get() Dan Carpenter <dan.carpenter(a)linaro.org> nfsd: fix double fget() bug in __write_ports_addfd() Jeff Layton <jlayton(a)kernel.org> nfsd: make a copy of struct iattr before calling notify_change Dai Ngo <dai.ngo(a)oracle.com> NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Jeff Layton <jlayton(a)kernel.org> nfsd: simplify the delayed disposal list code Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert filecache to rhltable Jeff Layton <jlayton(a)kernel.org> nfsd: allow reaping files still under writeback Jeff Layton <jlayton(a)kernel.org> nfsd: update comment over __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: don't take/put an extra reference when putting a file Jeff Layton <jlayton(a)kernel.org> nfsd: add some comments to nfsd_file_do_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: don't kill nfsd_files because of lease break error Jeff Layton <jlayton(a)kernel.org> nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator Jeff Layton <jlayton(a)kernel.org> nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries Jeff Layton <jlayton(a)kernel.org> nfsd: don't open-code clear_and_wake_up_bit Jeff Layton <jlayton(a)kernel.org> nfsd: call op_release, even when op_func returns an error Jeff Layton <jlayton(a)kernel.org> nfsd: don't replace page in rq_pages if it's a continuation of last page Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against filesystem freezing Chuck Lever <chuck.lever(a)oracle.com> NFSD: copy the whole verifier in nfsd_copy_write_verifier Jeff Layton <jlayton(a)kernel.org> nfsd: don't fsync nfsd_files on last close Jeff Layton <jlayton(a)kernel.org> nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix problems with cleanup on errors in nfsd4_copy Jeff Layton <jlayton(a)kernel.org> nfsd: don't hand out delegation on setuid files being opened for write Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix leaked reference count of nfsd4_ssc_umount_item Jeff Layton <jlayton(a)kernel.org> nfsd: clean up potential nfsd_file refcount leaks in COPY codepath Jeff Layton <jlayton(a)kernel.org> nfsd: allow nfsd_file_get to sanely handle a NULL pointer Dai Ngo <dai.ngo(a)oracle.com> NFSD: enhance inter-server copy cleanup Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Jeff Layton <jlayton(a)kernel.org> nfsd: don't free files unconditionally in __nfsd_file_cache_purge Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" Jeff Layton <jlayton(a)kernel.org> nfsd: fix handling of cached open files in nfsd4_open codepath Jeff Layton <jlayton(a)kernel.org> nfsd: rework refcounting in filecache Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add CB_RECALL_ANY tracepoints Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Chuck Lever <chuck.lever(a)oracle.com> trace: Relocate event helper files Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: return error if nfs4_setacl fails Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_file_fsync tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Jeff Layton <jlayton(a)kernel.org> nfsd: reorganize filecache.c Jeff Layton <jlayton(a)kernel.org> nfsd: remove the pages_flushed statistic from filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection Chuck Lever <chuck.lever(a)oracle.com> NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pass the target nfsd_file to nfsd_commit() David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Finish converting the NFSv3 GETACL result encoder Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix reads with a non-zero offset that don't end on a page boundary Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix trace_nfsd_fh_verify_err() crasher Jeff Layton <jlayton(a)kernel.org> nfsd: put the export reference in nfsd4_verify_deleg_dentry Jeff Layton <jlayton(a)kernel.org> nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix net-namespace logic in __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: ensure we always call fh_verify_error tracepoint Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> NFSD: unregister shrinker when nfsd_init_net() fails Jeff Layton <jlayton(a)kernel.org> nfsd: rework hashtable handling in nfsd_do_file_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: fix nfsd_file_unhash_and_dispose Gaosheng Cui <cuigaosheng1(a)huawei.com> fanotify: Remove obsoleted fanotify_event_has_path() Gaosheng Cui <cuigaosheng1(a)huawei.com> fsnotify: remove unused declaration Al Viro <viro(a)zeniv.linux.org.uk> fs/notify: constify path Jeff Layton <jlayton(a)kernel.org> nfsd: extra checks when freeing delegation stateids Jeff Layton <jlayton(a)kernel.org> nfsd: make nfsd4_run_cb a bool return function Jeff Layton <jlayton(a)kernel.org> nfsd: fix comments about spinlock handling with delegations Jeff Layton <jlayton(a)kernel.org> nfsd: only fill out return pointer on success in nfsd4_lookup_stateid Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap rsize_bop result based on send buffer size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename the fields in copy_stateid_t ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pack struct nfsd4_compoundres Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused nfsd4_compoundargs::cachetype field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove "inline" directives on op_rsize_bop helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4svc_encode_compoundres() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up WRITE arg decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor common code out of dirlist helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Parametrize how much of argsize should be zeroed Dai Ngo <dai.ngo(a)oracle.com> NFSD: add shrinker to reap courtesy clients on low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of courtesy clients in the system Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a mechanism to wait for a DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints to report NFSv4 callback completions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace NFSv4 COMPOUND tags Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace dprintk() call site in fh_verify() Gaosheng Cui <cuigaosheng1(a)huawei.com> nfsd: remove nfsd4_prepare_cb_recall() declaration Jeff Layton <jlayton(a)kernel.org> nfsd: clean up mounted_on_fileid handling NeilBrown <neilb(a)suse.de> NFSD: drop fname and flen args from nfsd_create_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Propagate some error code returned by memdup_user() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Avoid some useless tests Jinpeng Cui <cui.jinpeng2(a)zte.com.cn> NFSD: remove redundant variable status Olga Kornievskaia <kolga(a)netapp.com> NFSD enforce filehandle check for source file in COPY Wolfram Sang <wsa+renesas(a)sang-engineering.com> lockd: move from strlcpy with unused retval to strscpy Wolfram Sang <wsa+renesas(a)sang-engineering.com> NFSD: move from strlcpy with unused retval to strscpy Al Viro <viro(a)zeniv.linux.org.uk> nfsd_splice_actor(): handle compound pages NeilBrown <neilb(a)suse.de> NFSD: fix regression with setting ACLs. NeilBrown <neilb(a)suse.de> NFSD: discard fh_locked flag and fh_lock/fh_unlock NeilBrown <neilb(a)suse.de> NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NeilBrown <neilb(a)suse.de> NFSD: use explicit lock/unlock for directory ops NeilBrown <neilb(a)suse.de> NFSD: reduce locking in nfsd_lookup() NeilBrown <neilb(a)suse.de> NFSD: only call fh_unlock() once in nfsd_link() NeilBrown <neilb(a)suse.de> NFSD: always drop directory lock in nfsd_unlink() NeilBrown <neilb(a)suse.de> NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NeilBrown <neilb(a)suse.de> NFSD: add posix ACLs to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: add security label to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: set attributes when creating symlinks NeilBrown <neilb(a)suse.de> NFSD: introduce struct nfsd_attrs Jeff Layton <jlayton(a)kernel.org> NFSD: verify the opened dentry after setting a delegation Jeff Layton <jlayton(a)kernel.org> NFSD: drop fh argument from alloc_init_deleg Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move copy offload callback arguments into a separate structure Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd4_send_cb_offload() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove kmalloc from nfsd4_do_async_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_do_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace boolean fields in struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfs4_put_copy() static Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reorder the fields in struct nfsd4_op Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy_notify Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfserrno(-ENOMEM) is nfserr_jukebox Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix strncpy() fortify warning Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_encode_readlink() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_pad_size() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Simplify starting_len Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_readv() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_read::rd_eof field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up SPLICE_OK in nfsd4_encode_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_fattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_operation() Jeff Layton <jlayton(a)kernel.org> nfsd: silence extraneous printk on nfsd.ko insertion Dai Ngo <dai.ngo(a)oracle.com> NFSD: limit the number of v4 clients to 1024 per 1GB of system memory Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of v4 clients in the system Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring v4 specific code to a helper in nfs4state.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Ensure nf_inode is never dereferenced Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 CLOSE should release an nfsd_file immediately Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move nfsd_file_trace_alloc() tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Separate tracepoints for acquire and create Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up unused code after rhashtable conversion Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert the filecache to use rhashtable Chuck Lever <chuck.lever(a)oracle.com> NFSD: Set up an rhashtable for the filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the "init once" mechanism Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove nfsd_file::nf_hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_hash_remove can compute hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor __nfsd_file_close_inode() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove lockdep assertion from unhash_and_release_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: No longer record nf_hashval in the trace log Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never call nfsd_file_gc() in foreground paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix the filecache LRU shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Leave open files out of the filecache LRU Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache LRU activity Chuck Lever <chuck.lever(a)oracle.com> NFSD: WARN when freeing an item still linked via nf_lru Chuck Lever <chuck.lever(a)oracle.com> NFSD: Hook up the filecache stat file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Zero counters when the filecache is re-initialized Chuck Lever <chuck.lever(a)oracle.com> NFSD: Record number of flush calls Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report the number of items evicted by the LRU walk Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_lru_scan() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_gc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_file_lru_dispose_list() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report average age of filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of freed filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of calls to nfsd_file_acquire() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report filecache LRU size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Demote a WARN to a pr_warn() Colin Ian King <colin.i.king(a)gmail.com> nfsd: remove redundant assignment to variable len Zhang Jiaming <jiaming(a)nfschina.com> NFSD: Fix space and spelling mistake Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instrument fh_verify() Benjamin Coddington <bcodding(a)redhat.com> NLM: Defend against file_lock changes after vfs_test_lock() Xin Gao <gaoxin(a)cdjrlc.com> fsnotify: Fix comment typo Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce FAN_MARK_IGNORE Amir Goldstein <amir73il(a)gmail.com> fanotify: cleanups for fanotify_mark() input validations Amir Goldstein <amir73il(a)gmail.com> fanotify: prepare for setting event flags in ignore mask Oliver Ford <ojford(a)gmail.com> fs: inotify: Fix typo in inotify comment Chuck Lever <chuck.lever(a)oracle.com> NFSD: Decode NFSv4 birth time attribute Amir Goldstein <amir73il(a)gmail.com> fanotify: refine the validation checks on non-dir inode mask NeilBrown <neilb(a)suse.de> NFS: restore module put when manager exits. Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix potential use-after-free in nfsd_file_put() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_put() can sleep Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Unregister the cld notifier when laundry_wq create failed Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Use RMW bitops in single-threaded hot paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache opens Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move documenting comment for nfsd4_process_open2() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix whitespace Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove dprintk call sites from tail of nfsd4_open() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instantiate a struct file when creating a regular NFSv4 file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_open_verified() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv4 OPEN(CREATE) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv3 CREATE Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_create_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd3_proc_create() Dai Ngo <dai.ngo(a)oracle.com> NFSD: Show state of courtesy client in client info Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for lock conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add helper locks_owner_has_blockers to check for blockers Dai Ngo <dai.ngo(a)oracle.com> NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for share reservation conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> NFSD: add courteous server support for thread with only delegation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_splice_actor() Vasily Averin <vvs(a)openvz.org> fanotify: fix incorrect fmode_t casts Amir Goldstein <amir73il(a)gmail.com> fsnotify: consistent behavior for parent not watching children Amir Goldstein <amir73il(a)gmail.com> fsnotify: introduce mark type iterator Amir Goldstein <amir73il(a)gmail.com> fanotify: enable "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fanotify: implement "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: factor out helper fanotify_mark_update_flags() Amir Goldstein <amir73il(a)gmail.com> fanotify: create helper fanotify_mark_user_flags() Amir Goldstein <amir73il(a)gmail.com> fsnotify: allow adding an inode mark without pinning inode Amir Goldstein <amir73il(a)gmail.com> dnotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> nfsd: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> inotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fsnotify: create helpers for group mark_mutex lock Amir Goldstein <amir73il(a)gmail.com> fsnotify: make allow_dups a property of the group Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass flags argument to fsnotify_alloc_group() Amir Goldstein <amir73il(a)gmail.com> inotify: move control flags from mask to mark flags Dai Ngo <dai.ngo(a)oracle.com> fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. Amir Goldstein <amir73il(a)gmail.com> fanotify: do not allow setting dirent events in mask of non-dir Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Clean up nfsd_file_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a write performance regression Bang Li <libang.linuxer(a)gmail.com> fsnotify: remove redundant parameter judgment Amir Goldstein <amir73il(a)gmail.com> fsnotify: optimize FS_MODIFY events with no ignored masks Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix merge with parent's ignored mask Jakob Koschel <jakobkoschel(a)gmail.com> nfsd: fix using the correct variable for sizeof() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up _lm_ operation names Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove CONFIG_NFSD_V3 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move svc_serv_ops::svo_function into struct svc_serv Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove svc_serv_ops::svo_module Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svc_shutdown_net() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_close_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_create_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svo_shutdown method Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove the .svo_enqueue_xprt method Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove NFSD_PROC_ARGS_* macros Chuck Lever <chuck.lever(a)oracle.com> NFSD: Streamline the rare "found" case Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip extra computation for RC_NOCACHE case Chuck Lever <chuck.lever(a)oracle.com> orDate: Thu Sep 30 19:19:57 2021 -0400 Ondrej Valousek <ondrej.valousek.xm(a)renesas.com> nfsd: Add support for the birth time attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Deprecate NFS_OFFSET_MAX Amir Goldstein <amir73il(a)gmail.com> fsnotify: invalidate dcache before IN_DELETE event Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move fill_pre_wcc() and fill_post_wcc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace boot verifier resets Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename boot verifier functions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the nfsd_net::nfssvc_boot field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Write verifier might go backwards Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_vfs_write() Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Retry once in nfsd_open on an -EOPENSTALE return Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Add errno mapping for EREMOTEIO Peng Tao <tao.peng(a)primarydata.com> nfsd: map EBADF Vasily Averin <vvs(a)virtuozzo.com> nfsd4: add refcount for nfsd4_blocked_lock J. Bruce Fields <bfields(a)redhat.com> nfs: block notification on fs with its own ->lock Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate nfsd4_decode_bitmap4() J. Bruce Fields <bfields(a)redhat.com> nfsd: improve stateid access bitmask documentation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Combine XDR error tracepoints NeilBrown <neilb(a)suse.de> NFSD: simplify per-net file cache management Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> NFSD: Fix inconsistent indenting Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove be32_to_cpu() from DRC hash function NeilBrown <neilb(a)suse.de> NFS: switch the callback service back to non-pooled. NeilBrown <neilb(a)suse.de> lockd: use svc_set_num_threads() for thread start and stop NeilBrown <neilb(a)suse.de> SUNRPC: always treat sv_nrpools==1 as "not pooled" NeilBrown <neilb(a)suse.de> SUNRPC: move the pool_map definitions (back) into svc.c NeilBrown <neilb(a)suse.de> lockd: rename lockd_create_svc() to lockd_get() NeilBrown <neilb(a)suse.de> lockd: introduce lockd_put() NeilBrown <neilb(a)suse.de> lockd: move svc_exit_thread() into the thread NeilBrown <neilb(a)suse.de> lockd: move lockd_start_svc() call into lockd_create_svc() NeilBrown <neilb(a)suse.de> lockd: simplify management of network status notifiers NeilBrown <neilb(a)suse.de> lockd: introduce nlmsvc_serv NeilBrown <neilb(a)suse.de> NFSD: simplify locking for network notifier. NeilBrown <neilb(a)suse.de> SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NeilBrown <neilb(a)suse.de> NFSD: Make it possible to use svc_set_num_threads_sync NeilBrown <neilb(a)suse.de> NFSD: narrow nfsd_mutex protection in nfsd thread NeilBrown <neilb(a)suse.de> SUNRPC: use sv_lock to protect updates to sv_nrthreads. NeilBrown <neilb(a)suse.de> nfsd: make nfsd_stats.th_cnt atomic_t NeilBrown <neilb(a)suse.de> SUNRPC: stop using ->sv_nrthreads as a refcount NeilBrown <neilb(a)suse.de> SUNRPC/NFSD: clean up get/put functions. NeilBrown <neilb(a)suse.de> SUNRPC: change svc_get() to return the svc. NeilBrown <neilb(a)suse.de> NFSD: handle errors better in write_ports_addfd() Eric W. Biederman <ebiederm(a)xmission.com> exit: Rename module_put_and_exit to module_put_and_kthread_exit Eric W. Biederman <ebiederm(a)xmission.com> exit: Implement kthread_exit Amir Goldstein <amir73il(a)gmail.com> fanotify: wire up FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: report old and/or new parent+name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: record either old name new name or both for FAN_RENAME Amir Goldstein <amir73il(a)gmail.com> fanotify: record old and new parent and name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: support secondary dir fh and name in fanotify_info Amir Goldstein <amir73il(a)gmail.com> fanotify: use helpers to parcel fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fanotify: use macros to get the offset to fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fsnotify: generate FS_RENAME event with rich information Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce group flag FAN_REPORT_TARGET_FID Amir Goldstein <amir73il(a)gmail.com> fsnotify: separate mark iterator type from object type enum Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify object type argument Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: fix error code saved on super block during file system abort J. Bruce Fields <bfields(a)redhat.com> nfsd4: remove obselete comment Changcheng Deng <deng.changcheng(a)zte.com.cn> NFSD:fix boolreturn.cocci warning J. Bruce Fields <bfields(a)redhat.com> nfsd: update create verifier comment Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_encode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_encode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Save location of NFSv4 COMPOUND status Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_decode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_decode Colin Ian King <colin.king(a)canonical.com> NFSD: Initialize pointer ni with NULL and not plain integer 0 NeilBrown <neilb(a)suse.de> NFSD: simplify struct nfsfh NeilBrown <neilb(a)suse.de> NFSD: drop support for ancient filehandles NeilBrown <neilb(a)suse.de> NFSD: move filehandle format declarations out of "uapi". Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize DRC bucket pruning Chuck Lever <chuck.lever(a)oracle.com> NFS: Move NFS protocol display macros to global header Chuck Lever <chuck.lever(a)oracle.com> NFS: Move generic FS show macros to global header Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field Chuck Lever <chuck.lever(a)oracle.com> NFS: Remove unnecessary TRACE_DEFINE_ENUM()s Gabriel Krisman Bertazi <krisman(a)collabora.com> docs: Document the FAN_FS_ERROR event Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: Send notifications on error Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow users to request FAN_FS_ERROR events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Emit generic error info for error event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Report fid info for file related file system errors Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: WARN_ON against too large file handles Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Add helpers to decide whether to report FID/DFID Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Wrap object_fh inline space in a creator macro Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support merging of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support enqueueing of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Pre-allocate pool of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Reserve UAPI bits for FAN_FS_ERROR Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Support FS_ERROR event type Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Require fid_mode for any non-fd event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Encode empty file handle when no inode is provided Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow file handle encoding for unhashed events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support null inode event in fanotify_dfid_inode Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Pass group argument to free_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Protect fsnotify_handle_inode_event from no-inode events Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Retrieve super block from the data field Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add wrapper around fsnotify_add_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add helper to detect overflow_event Gabriel Krisman Bertazi <krisman(a)collabora.com> inotify: Don't force FS_IN_IGNORED Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Split fsid check from other fid mode checks Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Fold event size calculation to its own function Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Don't insert unmergeable events in hashtable Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify contract for create event hooks Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass dentry instead of inode data Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass data_type to fsnotify_name() Peter Zijlstra <peterz(a)infradead.org> x86/static_call: Add support for Jcc tail-calls Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Introduce int3_emulate_jcc() Thomas Gleixner <tglx(a)linutronix.de> x86/asm: Differentiate between code and function alignment Peter Zijlstra <peterz(a)infradead.org> arch: Introduce CONFIG_FUNCTION_ALIGNMENT Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/rfds: Mitigate Register File Data Sampling (RFDS) Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation/hw-vuln: Add documentation for RFDS Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson <seanjc(a)google.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW H. Peter Anvin (Intel) <hpa(a)zytor.com> x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Limit stage2_apply_range() batch size to largest block Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Work out supported block level at compile time Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device John Garry <john.garry(a)huawei.com> dma-iommu: add iommu_dma_opt_mapping_size() John Garry <john.garry(a)huawei.com> dma-mapping: add dma_opt_mapping_size() Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Geert Uytterhoeven <geert+renesas(a)glider.be> net: ravb: Add R-Car Gen4 support Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for certain Intel Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited Bjorn Helgaas <bhelgaas(a)google.com> PCI: Work around Intel I210 ROM BAR overlap defect Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Petr Mladek <pmladek(a)suse.com> printk/console: Split out code that enables default console Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Peter Collingbourne <pcc(a)google.com> kasan: test: add memcpy test that avoids out-of-bounds write Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + .../admin-guide/filesystem-monitoring.rst | 74 ++ Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++ Documentation/admin-guide/hw-vuln/spectre.rst | 18 +- Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt | 27 +- Documentation/core-api/dma-api.rst | 14 + Documentation/filesystems/locking.rst | 10 +- Documentation/filesystems/nfs/exporting.rst | 33 + Documentation/x86/mds.rst | 34 +- MAINTAINERS | 7 + Makefile | 8 +- arch/Kconfig | 24 + arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/include/asm/kvm_pgtable.h | 18 +- arch/arm64/include/asm/stage2_pgtable.h | 20 - arch/arm64/kvm/mmu.c | 9 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/ia64/Kconfig | 1 + arch/ia64/Makefile | 2 +- arch/openrisc/kernel/dma.c | 16 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 + arch/x86/boot/compressed/head_64.S | 8 + arch/x86/entry/entry.S | 23 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 + arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 5 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 6 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/linkage.h | 12 +- arch/x86/include/asm/msr-index.h | 10 + arch/x86/include/asm/nospec-branch.h | 47 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/text-patching.h | 31 + arch/x86/kernel/alternative.c | 56 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 245 ++-- arch/x86/kernel/cpu/common.c | 57 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/kprobes/core.c | 38 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kernel/static_call.c | 50 +- arch/x86/kvm/cpuid.c | 29 +- arch/x86/kvm/reverse_cpuid.h | 44 +- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/kvm/x86.c | 17 +- arch/x86/lib/retpoline.S | 5 +- arch/x86/mm/ident_map.c | 23 +- block/blk-settings.c | 4 + crypto/algboss.c | 4 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/acpi/cppc_acpi.c | 27 +- drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/cpu.c | 8 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hid/uhid.c | 20 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/infiniband/core/cm_trace.h | 2 +- drivers/infiniband/core/cma_trace.h | 2 +- drivers/iommu/dma-iommu.c | 15 + drivers/iommu/iova.c | 5 + drivers/md/dm-integrity.c | 2 +- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/realtek/r8169_main.c | 11 +- drivers/net/ethernet/renesas/ravb_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/usb/asix.h | 3 + drivers/net/usb/asix_devices.c | 20 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 12 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 6 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/of/dynamic.c | 12 + drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/pci-driver.c | 23 +- drivers/pci/pcie/dpc.c | 15 +- drivers/pci/pcie/err.c | 20 + drivers/pci/quirks.c | 100 ++ drivers/pci/setup-res.c | 8 +- drivers/phy/tegra/xusb.c | 13 + drivers/s390/crypto/zcrypt_api.c | 2 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/hosts.c | 7 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/sc16is7xx.c | 15 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 + drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 +- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/scsiglue.c | 1 - drivers/usb/storage/uas.c | 81 +- drivers/usb/storage/usb.c | 4 +- drivers/usb/typec/ucsi/ucsi.c | 52 +- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_intrs.c | 188 +-- drivers/vfio/platform/vfio_platform_irq.c | 106 +- drivers/vfio/virqfd.c | 21 + drivers/xen/events/events_base.c | 5 +- fs/Kconfig | 2 +- fs/aio.c | 8 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/cifs/connect.c | 2 +- fs/exec.c | 1 + fs/exportfs/expfs.c | 8 +- fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/ext4/super.c | 10 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/ksmbd/smb2pdu.c | 10 +- fs/lockd/host.c | 2 +- fs/lockd/svc.c | 223 ++-- fs/lockd/svc4proc.c | 29 +- fs/lockd/svclock.c | 31 +- fs/lockd/svcproc.c | 30 +- fs/lockd/svcsubs.c | 4 +- fs/lockd/xdr.c | 152 ++- fs/lockd/xdr4.c | 153 ++- fs/locks.c | 85 +- fs/nfs/callback.c | 105 +- fs/nfs/callback_xdr.c | 5 +- fs/nfs/direct.c | 11 +- fs/nfs/export.c | 9 +- fs/nfs/nfs4state.c | 2 +- fs/nfs/nfs4trace.h | 477 +------- fs/nfs/nfstrace.h | 269 +---- fs/nfs/pnfs.h | 4 - fs/nfs/write.c | 2 +- fs/nfsd/Kconfig | 27 +- fs/nfsd/Makefile | 8 +- fs/nfsd/acl.h | 6 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/cache.h | 2 +- fs/nfsd/export.h | 1 - fs/nfsd/filecache.c | 1192 +++++++++++--------- fs/nfsd/filecache.h | 19 +- fs/nfsd/flexfilelayout.c | 3 +- fs/nfsd/lockd.c | 2 +- fs/nfsd/netns.h | 34 +- fs/nfsd/nfs2acl.c | 55 +- fs/nfsd/nfs3acl.c | 83 +- fs/nfsd/nfs3proc.c | 212 +++- fs/nfsd/nfs3xdr.c | 444 +++----- fs/nfsd/nfs4acl.c | 46 +- fs/nfsd/nfs4callback.c | 125 +- fs/nfsd/nfs4idmap.c | 9 +- fs/nfsd/nfs4layouts.c | 4 +- fs/nfsd/nfs4proc.c | 991 +++++++++------- fs/nfsd/nfs4recover.c | 12 +- fs/nfsd/nfs4state.c | 1049 +++++++++++++---- fs/nfsd/nfs4xdr.c | 1115 +++++++++--------- fs/nfsd/nfscache.c | 63 +- fs/nfsd/nfsctl.c | 146 ++- fs/nfsd/nfsd.h | 35 +- fs/nfsd/nfsfh.c | 264 ++--- fs/nfsd/nfsfh.h | 145 ++- fs/nfsd/nfsproc.c | 121 +- fs/nfsd/nfssvc.c | 275 ++--- fs/nfsd/nfsxdr.c | 178 ++- fs/nfsd/state.h | 59 +- fs/nfsd/stats.c | 16 +- fs/nfsd/stats.h | 4 +- fs/nfsd/trace.h | 692 ++++++++++-- fs/nfsd/vfs.c | 822 +++++++------- fs/nfsd/vfs.h | 56 +- fs/nfsd/xdr.h | 35 +- fs/nfsd/xdr3.h | 61 +- fs/nfsd/xdr4.h | 81 +- fs/nfsd/xdr4cb.h | 6 + fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/notify/dnotify/dnotify.c | 15 +- fs/notify/fanotify/fanotify.c | 363 ++++-- fs/notify/fanotify/fanotify.h | 212 +++- fs/notify/fanotify/fanotify_user.c | 441 ++++++-- fs/notify/fdinfo.c | 16 +- fs/notify/fsnotify.c | 177 +-- fs/notify/fsnotify.h | 4 - fs/notify/group.c | 36 +- fs/notify/inotify/inotify.h | 11 +- fs/notify/inotify/inotify_fsnotify.c | 7 +- fs/notify/inotify/inotify_user.c | 53 +- fs/notify/mark.c | 137 ++- fs/notify/notification.c | 14 +- fs/open.c | 42 + fs/pipe.c | 17 +- fs/ubifs/file.c | 13 +- fs/vboxsf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 4 +- include/linux/cpu.h | 2 + include/linux/device.h | 1 + include/linux/dma-map-ops.h | 1 + include/linux/dma-mapping.h | 5 + include/linux/dnotify.h | 2 +- include/linux/exportfs.h | 17 +- include/linux/fanotify.h | 31 +- include/linux/fs.h | 26 + include/linux/fsnotify.h | 70 +- include/linux/fsnotify_backend.h | 356 +++++- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/iova.h | 2 + include/linux/kthread.h | 1 + include/linux/linkage.h | 4 +- include/linux/lockd/lockd.h | 10 +- include/linux/lockd/xdr.h | 27 +- include/linux/lockd/xdr4.h | 29 +- include/linux/minmax.h | 17 + include/linux/module.h | 6 +- include/linux/nfs.h | 8 - include/linux/nfs4.h | 17 + include/linux/nfs_fs.h | 1 + include/linux/nfs_ssc.h | 4 +- include/linux/pci.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/secretmem.h | 4 +- include/linux/sunrpc/svc.h | 93 +- include/linux/sunrpc/svc_xprt.h | 11 +- include/linux/sunrpc/svcsock.h | 7 +- include/linux/sunrpc/xdr.h | 2 + include/linux/timer.h | 18 +- include/linux/udp.h | 28 + include/linux/vfio.h | 2 + include/net/cfg802154.h | 1 + include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 + include/soc/fsl/qman.h | 9 + include/trace/events/rpcgss.h | 18 +- include/trace/events/rpcrdma.h | 44 +- include/trace/events/sunrpc.h | 74 +- include/trace/misc/fs.h | 122 ++ include/trace/misc/nfs.h | 387 +++++++ include/trace/{events => misc}/rdma.h | 0 include/trace/misc/sunrpc.h | 18 + include/uapi/linux/fanotify.h | 29 + include/uapi/linux/nfsd/nfsfh.h | 115 -- init/initramfs.c | 2 +- io_uring/io_uring.c | 2 +- kernel/audit_fsnotify.c | 8 +- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 5 +- kernel/bounds.c | 2 +- kernel/bpf/verifier.c | 5 + kernel/dma/mapping.c | 12 + kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/events/core.c | 9 + kernel/kthread.c | 23 +- kernel/locking/rwsem.c | 14 +- kernel/module.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 63 +- kernel/time/timer.c | 160 +-- kernel/trace/ring_buffer.c | 233 ++-- kernel/trace/trace.c | 21 +- lib/Kconfig.debug | 1 + lib/pci_iomap.c | 2 +- lib/test_kasan.c | 21 +- mm/compaction.c | 7 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/bnep/core.c | 2 +- net/bluetooth/cmtp/core.c | 2 +- net/bluetooth/hci_debugfs.c | 64 +- net/bluetooth/hci_event.c | 25 + net/bluetooth/hidp/core.c | 2 +- net/bridge/netfilter/ebtables.c | 6 + net/core/skbuff.c | 6 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 14 + net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 20 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 3 + net/netfilter/nf_tables_api.c | 20 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sunrpc/svc.c | 227 ++-- net/sunrpc/svc_xprt.c | 84 +- net/sunrpc/svcsock.c | 24 +- net/sunrpc/xdr.c | 22 + net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/objtool/check.c | 3 +- tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- virt/kvm/async_pf.c | 31 +- 439 files changed, 11612 insertions(+), 6882 deletions(-)

1 year, 5 months

8
700
0 0

[PATCH 6.1 000/138] 6.1.85-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.85 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Apr 2024 12:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.85-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.85-rc1 min15.li <min15.li(a)samsung.com> nvme: fix miss command type check David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: rework paiXXX_start and paiXXX_stop functions Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: cleanup event initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai_crypto: remove per-cpu variable assignement in event initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: initialize event count once at initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai_ext: replace atomic_t with refcount_t Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: rename structure member users to active_events Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: rework pai_crypto mapped buffer reference count David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> KVM: SVM: enhance info printk's in SEV init Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect access to registers Config2 and Config5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect mac ocp register access Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 96 ++++++++------- arch/s390/kernel/perf_pai_ext.c | 66 ++++++----- arch/x86/coco/core.c | 41 +++++++ arch/x86/events/amd/core.c | 4 +- arch/x86/events/amd/lbr.c | 16 ++- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 10 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/nospec-branch.h | 20 +++- arch/x86/include/asm/required-features.h | 3 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/setup.c | 2 + arch/x86/kvm/reverse_cpuid.h | 2 + arch/x86/kvm/svm/sev.c | 60 ++++++---- arch/x86/kvm/trace.h | 10 +- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/ident_map.c | 23 +--- arch/x86/mm/pat/memtype.c | 49 +++++--- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 +++++----- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +++- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 ++- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +++++++++---- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +-- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++-- drivers/net/ethernet/microchip/lan743x_main.c | 18 +++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/realtek/r8169_main.c | 131 +++++++++++++++++---- drivers/net/ethernet/renesas/ravb_main.c | 33 +++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++++-- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++++-- drivers/net/phy/micrel.c | 31 +++-- drivers/net/usb/asix_devices.c | 4 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 +- drivers/of/dynamic.c | 12 ++ drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +++++- drivers/scsi/myrb.c | 20 ++-- drivers/scsi/myrs.c | 24 ++-- drivers/scsi/sd.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 10 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 ++- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 17 ++- fs/smb/client/connect.c | 2 + fs/smb/client/dir.c | 15 +++ fs/smb/client/file.c | 111 ++++++++++++++--- fs/smb/client/fscache.c | 16 ++- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/device.h | 1 + include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 +++++ include/net/bluetooth/hci.h | 9 ++ include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 ++ kernel/bpf/verifier.c | 5 + mm/memory.c | 4 + net/9p/client.c | 10 +- net/bluetooth/hci_debugfs.c | 64 ++++++---- net/bluetooth/hci_event.c | 25 ++++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 33 ++++-- net/ipv4/inet_fragment.c | 70 +++++++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 ++ net/ipv4/udp_offload.c | 23 ++-- net/ipv6/ip6_fib.c | 14 +-- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 13 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 155 files changed, 1520 insertions(+), 589 deletions(-)

1 year, 5 months

11
148
0 0

[PATCH 6.6 000/252] 6.6.26-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.26 release. There are 252 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Apr 2024 12:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.26-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.26-rc1 Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Davide Caratti <dcaratti(a)redhat.com> mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix typo in assignment Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: rework paiXXX_start and paiXXX_stop functions Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: cleanup event initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai_crypto: remove per-cpu variable assignement in event initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: initialize event count once at initialization Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: legacy: field get conversion Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: add bit macro includes where needed Ivan Vecera <ivecera(a)redhat.com> i40e: Remove circular header dependencies and fix headers Ivan Vecera <ivecera(a)redhat.com> i40e: Split i40e_osdep.h Ivan Vecera <ivecera(a)redhat.com> i40e: Move memory allocation structures to i40e_alloc.h Ivan Vecera <ivecera(a)redhat.com> i40e: Simplify memory allocation functions Ivan Vecera <ivecera(a)redhat.com> virtchnl: Add header dependencies Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor I40E_MDIO_CLAUSE* macros Ivan Vecera <ivecera(a)redhat.com> i40e: Remove back pointer from i40e_hw structure Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Josh Poimboeuf <jpoimboe(a)kernel.org> x86/nospec: Refactor UNTRAIN_RET[_*] Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Disentangle rethunk-dependent options Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Improve i-cache locality for alias mitigation Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Jack Brennen <jbrennen(a)google.com> modpost: Optimize symbol search from linear to binary search Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add X86_FEATURE_ZEN1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Get rid of amd_erratum_1054[] Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move Zenbleed check to the Zen2 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Carve out the erratum 1386 fix Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add ZenX generations flags Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when detecting delalloc ranges during fiemap Filipe Manana <fdmanana(a)suse.com> btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14016712196 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Replace several IS_METEORLAKE with proper IP version checks Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Eliminate IS_MTL_GRAPHICS_STEP Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Consolidate condition for Wa_22011802037 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Tidy workaround definitions Matt Roper <matthew.d.roper(a)intel.com> drm/i915/dg2: Drop pre-production GT workarounds Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: realloc VSI stats arrays Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: disable multi rx queue for 9000 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/i915/display: Use i915_gem_object_get_dma_address to get dma address ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 3 - arch/riscv/kvm/aia_aplic.c | 37 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 48 +-- arch/s390/kernel/perf_pai_ext.c | 43 +-- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 +-- arch/sparc/mm/init_64.c | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 1 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 ++ arch/x86/events/amd/core.c | 24 +- arch/x86/events/amd/lbr.c | 16 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 16 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/nospec-branch.h | 71 ++-- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/kernel/cpu/amd.c | 129 +++++-- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 14 +- arch/x86/kernel/vmlinux.lds.S | 7 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 2 + arch/x86/kvm/svm/sev.c | 45 ++- arch/x86/kvm/trace.h | 10 +- arch/x86/lib/retpoline.S | 165 ++++---- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 44 +-- arch/x86/mm/pat/memtype.c | 49 ++- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 11 +- drivers/gpio/gpiolib-cdev.c | 58 ++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 1 + drivers/gpu/drm/i915/display/intel_cursor.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 +- drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 4 +- drivers/gpu/drm/i915/gt/intel_gt.h | 31 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 + drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 +- drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_lrc.c | 38 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 23 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 6 +- drivers/gpu/drm/i915/gt/intel_reset.c | 20 +- drivers/gpu/drm/i915/gt/intel_reset.h | 2 + drivers/gpu/drm/i915/gt/intel_rps.c | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++++++-------------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/i915_drv.h | 4 - drivers/gpu/drm/i915/i915_perf.c | 11 +- drivers/gpu/drm/i915/intel_clock_gating.c | 8 - drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 +-- drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 +- drivers/net/ethernet/intel/e1000e/82571.c | 3 +- drivers/net/ethernet/intel/e1000e/ethtool.c | 7 +- drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 +-- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 35 +- drivers/net/ethernet/intel/e1000e/phy.c | 191 ++++++---- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 63 ++- drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 + drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 1 - drivers/net/ethernet/intel/i40e/i40e_common.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 +++ drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 +- drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 + drivers/net/ethernet/intel/i40e/i40e_io.h | 16 + drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 70 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 + drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 --- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 5 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 + drivers/net/ethernet/intel/i40e/i40e_type.h | 54 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 - drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 + drivers/net/ethernet/intel/iavf/iavf_common.c | 3 +- drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 +- drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 + drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 74 ++-- drivers/net/ethernet/intel/ice/ice_switch.c | 24 +- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/igb/e1000_82575.c | 29 +- drivers/net/ethernet/intel/igb/e1000_i210.c | 19 +- drivers/net/ethernet/intel/igb/e1000_mac.c | 2 +- drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 13 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 +- drivers/net/ethernet/intel/igbvf/mbx.c | 1 + drivers/net/ethernet/intel/igbvf/netdev.c | 33 +- drivers/net/ethernet/intel/igc/igc_i225.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/igc/igc_phy.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 + drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/sd.c | 2 +- drivers/scsi/sg.c | 4 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 ++-- drivers/usb/typec/ucsi/ucsi.c | 10 +- drivers/usb/typec/ucsi/ucsi_glink.c | 14 + fs/btrfs/extent_io.c | 208 +++++++--- fs/btrfs/inode.c | 22 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 + fs/smb/client/cifsglob.h | 17 +- fs/smb/client/connect.c | 45 ++- fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 + fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/avf/virtchnl.h | 5 + include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++---- io_uring/kbuf.h | 8 +- kernel/bpf/syscall.c | 35 +- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 +++- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 106 ++---- net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 ++++- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- scripts/mod/Makefile | 4 +- scripts/mod/modpost.c | 73 +--- scripts/mod/modpost.h | 25 ++ scripts/mod/symsearch.c | 199 ++++++++++ security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/amd/acp/acp-pci.c | 5 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- tools/arch/x86/include/asm/cpufeatures.h | 2 +- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 343 files changed, 3828 insertions(+), 2302 deletions(-)

1 year, 5 months

12
264
0 0

[PATCH 1/4] KVM: x86/mmu: Check kvm_mmu_page_ad_need_write_protect() when clearing TDP MMU dirty bits

by David Matlack

Check kvm_mmu_page_ad_need_write_protect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. TDP MMU SPTEs must be write-protected when the TDP MMU is being used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled. KVM always disables the PML hardware when running L2, so failing to write-protect TDP MMU SPTEs will cause writes made by L2 to not be reflected in the dirty log. Reported-by: syzbot+900d58a45dcaab9e4821(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=900d58a45dcaab9e4821 Fixes: 5982a5392663 ("KVM: x86/mmu: Use kvm_ad_enabled() to determine if TDP MMU SPTEs need wrprot") Cc: stable(a)vger.kernel.org Cc: Vipin Sharma <vipinsh(a)google.com> Cc: Sean Christopherson <seanjc(a)google.com> Signed-off-by: David Matlack <dmatlack(a)google.com> --- arch/x86/kvm/mmu/tdp_mmu.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 6ae19b4ee5b1..c3c1a8f430ef 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1498,6 +1498,16 @@ void kvm_tdp_mmu_try_split_huge_pages(struct kvm *kvm, } } +static bool tdp_mmu_need_write_protect(struct kvm_mmu_page *sp) +{ + /* + * All TDP MMU shadow pages share the same role as their root, aside + * from level, so it is valid to key off any shadow page to determine if + * write protection is needed for an entire tree. + */ + return kvm_mmu_page_ad_need_write_protect(sp) || !kvm_ad_enabled(); +} + /* * Clear the dirty status of all the SPTEs mapping GFNs in the memslot. If * AD bits are enabled, this will involve clearing the dirty bit on each SPTE. @@ -1508,7 +1518,8 @@ void kvm_tdp_mmu_try_split_huge_pages(struct kvm *kvm, static bool clear_dirty_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, gfn_t start, gfn_t end) { - u64 dbit = kvm_ad_enabled() ? shadow_dirty_mask : PT_WRITABLE_MASK; + const u64 dbit = tdp_mmu_need_write_protect(root) + ? PT_WRITABLE_MASK : shadow_dirty_mask; struct tdp_iter iter; bool spte_set = false; @@ -1523,7 +1534,7 @@ static bool clear_dirty_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, if (tdp_mmu_iter_cond_resched(kvm, &iter, false, true)) continue; - KVM_MMU_WARN_ON(kvm_ad_enabled() && + KVM_MMU_WARN_ON(dbit == shadow_dirty_mask && spte_ad_need_write_protect(iter.old_spte)); if (!(iter.old_spte & dbit)) @@ -1570,8 +1581,8 @@ bool kvm_tdp_mmu_clear_dirty_slot(struct kvm *kvm, static void clear_dirty_pt_masked(struct kvm *kvm, struct kvm_mmu_page *root, gfn_t gfn, unsigned long mask, bool wrprot) { - u64 dbit = (wrprot || !kvm_ad_enabled()) ? PT_WRITABLE_MASK : - shadow_dirty_mask; + const u64 dbit = (wrprot || tdp_mmu_need_write_protect(root)) + ? PT_WRITABLE_MASK : shadow_dirty_mask; struct tdp_iter iter; lockdep_assert_held_write(&kvm->mmu_lock); @@ -1583,7 +1594,7 @@ static void clear_dirty_pt_masked(struct kvm *kvm, struct kvm_mmu_page *root, if (!mask) break; - KVM_MMU_WARN_ON(kvm_ad_enabled() && + KVM_MMU_WARN_ON(dbit == shadow_dirty_mask && spte_ad_need_write_protect(iter.old_spte)); if (iter.level > PG_LEVEL_4K || -- 2.44.0.291.gc1ea87d7ee-goog

1 year, 5 months

2
1
0 0

+ mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/shmem: Inline shmem_is_huge() for disabled transparent hugepages has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Subject: mm/shmem: Inline shmem_is_huge() for disabled transparent hugepages Date: Tue, 9 Apr 2024 17:54:07 +0200 In order to minimize code size (CONFIG_CC_OPTIMIZE_FOR_SIZE=y), compiler might choose to make a regular function call (out-of-line) for shmem_is_huge() instead of inlining it. When transparent hugepages are disabled (CONFIG_TRANSPARENT_HUGEPAGE=n), it can cause compilation error. mm/shmem.c: In function `shmem_getattr': ./include/linux/huge_mm.h:383:27: note: in expansion of macro `BUILD_BUG' 383 | #define HPAGE_PMD_SIZE ({ BUILD_BUG(); 0; }) | ^~~~~~~~~ mm/shmem.c:1148:33: note: in expansion of macro `HPAGE_PMD_SIZE' 1148 | stat->blksize = HPAGE_PMD_SIZE; To prevent the possible error, always inline shmem_is_huge() when transparent hugepages are disabled. Link: https://lkml.kernel.org/r/20240409155407.2322714-1-sumanthk@linux.ibm.com Signed-off-by: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Ilya Leoshkevich <iii(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/shmem_fs.h | 9 +++++++++ mm/shmem.c | 6 ------ 2 files changed, 9 insertions(+), 6 deletions(-) --- a/include/linux/shmem_fs.h~mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages +++ a/include/linux/shmem_fs.h @@ -110,8 +110,17 @@ extern struct page *shmem_read_mapping_p extern void shmem_truncate_range(struct inode *inode, loff_t start, loff_t end); int shmem_unuse(unsigned int type); +#ifdef CONFIG_TRANSPARENT_HUGEPAGE extern bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, struct mm_struct *mm, unsigned long vm_flags); +#else +static __always_inline bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, + struct mm_struct *mm, unsigned long vm_flags) +{ + return false; +} +#endif + #ifdef CONFIG_SHMEM extern unsigned long shmem_swap_usage(struct vm_area_struct *vma); #else --- a/mm/shmem.c~mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages +++ a/mm/shmem.c @@ -748,12 +748,6 @@ static long shmem_unused_huge_count(stru #define shmem_huge SHMEM_HUGE_DENY -bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, - struct mm_struct *mm, unsigned long vm_flags) -{ - return false; -} - static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, struct shrink_control *sc, unsigned long nr_to_split) { _ Patches currently in -mm which might be from sumanthk(a)linux.ibm.com are mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch

1 year, 5 months

1
0
0 0

[PATCH] arm64: dts: ti: verdin-am62: Set memory size to 2gb

by max.oss.09＠gmail.com

From: Max Krummenacher <max.krummenacher(a)toradex.com> The maximum DDR RAM size stuffed on the Verdin AM62 is 2GB, correct the memory node accordingly. Fixes: 316b80246b16 ("arm64: dts: ti: add verdin am62") Cc: stable(a)vger.kernel.org Signed-off-by: Max Krummenacher <max.krummenacher(a)toradex.com> --- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi b/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi index e8d8857ad51f..8c837467069b 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi @@ -76,7 +76,7 @@ verdin_key_wakeup: key-wakeup { memory@80000000 { device_type = "memory"; - reg = <0x00000000 0x80000000 0x00000000 0x40000000>; /* 1G RAM */ + reg = <0x00000000 0x80000000 0x00000000 0x80000000>; /* 2G RAM */ }; opp-table { -- 2.42.0

1 year, 5 months

3
2
0 0

+ kexec-fix-the-unexpected-kexec_dprintk-macro.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: kexec: fix the unexpected kexec_dprintk() macro has been added to the -mm mm-nonmm-unstable branch. Its filename is kexec-fix-the-unexpected-kexec_dprintk-macro.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Baoquan He <bhe(a)redhat.com> Subject: kexec: fix the unexpected kexec_dprintk() macro Date: Tue, 9 Apr 2024 12:22:38 +0800 Jiri reported that the current kexec_dprintk() always prints out debugging message whenever kexec/kdmmp loading is triggered. That is not wanted. The debugging message is supposed to be printed out when 'kexec -s -d' is specified for kexec/kdump loading. After investigating, the reason is the current kexec_dprintk() takes printk(KERN_INFO) or printk(KERN_DEBUG) depending on whether '-d' is specified. However, distros usually have defaulg log level like below: [~]# cat /proc/sys/kernel/printk 7 4 1 7 So, even though '-d' is not specified, printk(KERN_DEBUG) also always prints out. I thought printk(KERN_DEBUG) is equal to pr_debug(), it's not. Fix it by changing to use pr_info() instead which are expected to work. Link: https://lkml.kernel.org/r/20240409042238.1240462-1-bhe@redhat.com Fixes: cbc2fe9d9cb2 ("kexec_file: add kexec_file flag to control debug printing") Signed-off-by: Baoquan He <bhe(a)redhat.com> Reported-by: Jiri Slaby <jirislaby(a)kernel.org> Closes: https://lore.kernel.org/all/4c775fca-5def-4a2d-8437-7130b02722a2@kernel.org Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kexec.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/include/linux/kexec.h~kexec-fix-the-unexpected-kexec_dprintk-macro +++ a/include/linux/kexec.h @@ -461,10 +461,8 @@ static inline void arch_kexec_pre_free_p extern bool kexec_file_dbg_print; -#define kexec_dprintk(fmt, ...) \ - printk("%s" fmt, \ - kexec_file_dbg_print ? KERN_INFO : KERN_DEBUG, \ - ##__VA_ARGS__) +#define kexec_dprintk(fmt, arg...) \ + do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0) #else /* !CONFIG_KEXEC_CORE */ struct pt_regs; _ Patches currently in -mm which might be from bhe(a)redhat.com are mm-vmallocc-optimize-to-reduce-arguments-of-alloc_vmap_area.patch x86-remove-unneeded-memblock_find_dma_reserve.patch mm-mm_initc-remove-the-useless-dma_reserve.patch mm-mm_initc-add-new-function-calc_nr_all_pages.patch mm-mm_initc-remove-meaningless-calculation-of-zone-managed_pages-in-free_area_init_core.patch mm-mm_initc-remove-meaningless-calculation-of-zone-managed_pages-in-free_area_init_core-v3.patch mm-mm_initc-remove-unneeded-calc_memmap_size.patch mm-mm_initc-remove-arch_reserved_kernel_pages.patch mm-move-array-mem_section-init-code-out-of-memory_present.patch mm-init-remove-the-unnecessary-special-treatment-for-memory-less-node.patch mm-make-__absent_pages_in_range-as-static.patch mm-page_allocc-remove-unneeded-codes-in-numa-version-of-build_zonelists.patch mm-page_allocc-remove-unneeded-codes-in-numa-version-of-build_zonelists-v2.patch mm-mm_initc-remove-the-outdated-code-comment-above-deferred_grow_zone.patch mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone.patch mm-page_allocc-change-the-array-length-to-migrate_pcptypes.patch arch-loongarch-clean-up-the-left-code-and-kconfig-item-related-to-crash_core.patch documentation-kdump-clean-up-the-outdated-description.patch kexec-fix-the-unexpected-kexec_dprintk-macro.patch

1 year, 5 months

1
0
0 0

+ squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Squashfs: check the inode number is not the invalid value of zero has been added to the -mm mm-hotfixes-unstable branch. Its filename is squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Phillip Lougher <phillip(a)squashfs.org.uk> Subject: Squashfs: check the inode number is not the invalid value of zero Date: Mon, 8 Apr 2024 23:02:06 +0100 Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an inode number with the invalid value of zero, which was not checked. The reason this causes the out of bounds access is due to following sequence of events: 1. Fill_meta_index() is called to allocate (via empty_meta_index()) and fill a metadata index. It however suffers a data read error and aborts, invalidating the newly returned empty metadata index. It does this by setting the inode number of the index to zero, which means unused (zero is not a valid inode number). 2. When fill_meta_index() is subsequently called again on another read operation, locate_meta_index() returns the previous index because it matches the inode number of 0. Because this index has been returned it is expected to have been filled, and because it hasn't been, an out of bounds access is performed. This patch adds a sanity check which checks that the inode number is not zero when the inode is created and returns -EINVAL if it is. Link: https://lkml.kernel.org/r/20240408220206.435788-1-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: "Ubisectech Sirius" <bugreport(a)ubisectech.com> Closes: https://lore.kernel.org/lkml/87f5c007-b8a5-41ae-8b57-431e924c5915.bugreport… Cc: Christian Brauner <brauner(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/squashfs/inode.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/fs/squashfs/inode.c~squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero +++ a/fs/squashfs/inode.c @@ -48,6 +48,10 @@ static int squashfs_new_inode(struct sup gid_t i_gid; int err; + inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); + if(inode->i_ino == 0) + return -EINVAL; + err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->uid), &i_uid); if (err) return err; @@ -58,7 +62,6 @@ static int squashfs_new_inode(struct sup i_uid_write(inode, i_uid); i_gid_write(inode, i_gid); - inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); inode_set_mtime(inode, le32_to_cpu(sqsh_ino->mtime), 0); inode_set_atime(inode, inode_get_mtime_sec(inode), 0); inode_set_ctime(inode, inode_get_mtime_sec(inode), 0); _ Patches currently in -mm which might be from phillip(a)squashfs.org.uk are squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch squashfs-remove-deprecated-strncpy-by-not-copying-the-string.patch

1 year, 5 months

1
0
0 0

Re: [PATCH 6.8 000/280] 6.8.5-rc3 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 5 months

1
0
0 0

[PATCH] memory: tegra210-emc: processing the null pointer of the nominal EMC table.

by Elizaveta Gorina

From: Elizaveta Gorina <s02220065(a)gse.cs.msu.ru> If the device is unavailable, of_reserved_mem_device_init_by_name returns 0, and emc->nominal is not initialized and the null pointer is dereferenced. Make a return from the tegra210_emc_probe function when emc->nominal is equal to the null pointer. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 0553d7b204ef ("memory: tegra: Support derated timings on Tegra210") Cc: stable(a)vger.kernel.org Signed-off-by: Elizaveta Gorina <s02220065(a)gse.cs.msu.ru> --- drivers/memory/tegra/tegra210-emc-core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/memory/tegra/tegra210-emc-core.c b/drivers/memory/tegra/tegra210-emc-core.c index 78ca1d6c0977..a49a5e36ba34 100644 --- a/drivers/memory/tegra/tegra210-emc-core.c +++ b/drivers/memory/tegra/tegra210-emc-core.c @@ -1865,6 +1865,9 @@ static int tegra210_emc_probe(struct platform_device *pdev) emc->num_timings); if (err < 0) goto release; + } else { + err = -ENODEV; + goto release; } if (emc->derated) { -- 2.25.1

1 year, 5 months

1
0
0 0

[PATCH 5.15 000/696] 5.15.154-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.154 release. There are 696 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:27:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.154-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.154-rc2 Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jann Horn <jannh(a)google.com> openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached Jann Horn <jannh(a)google.com> HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Oleksij Rempel <linux(a)rempel-privat.de> net: usb: asix: suspend embedded PHY if external is used Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer details Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Sean Christopherson <seanjc(a)google.com> KVM: x86: Bail to userspace if emulation of atomic user access faults Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jens Axboe <axboe(a)kernel.dk> io_uring: ensure '0' is returned on file registration success Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> locking/rwsem: Disable preemption while trying for rwsem lock Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Bixuan Cui <cuibixuan(a)linux.alibaba.com> iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Stop using the SCSI pointer Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Call scsi_done() directly Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/amdgpu: Use drm_mode_copy() Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() Alexander Aring <aahringo(a)redhat.com> lockd: introduce safe async lock op NeilBrown <neilb(a)suse.de> NFSD: fix possible oops when nfsd/pool_stats is closed. Chuck Lever <chuck.lever(a)oracle.com> Documentation: Add missing documentation for EXPORT_OP flags NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() Tavian Barnes <tavianator(a)tavianator.com> nfsd: Fix creation time serialization order Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_encode_nfstime4() helper NeilBrown <neilb(a)suse.de> lockd: drop inappropriate svc_get() from locked_get() Dan Carpenter <dan.carpenter(a)linaro.org> nfsd: fix double fget() bug in __write_ports_addfd() Jeff Layton <jlayton(a)kernel.org> nfsd: make a copy of struct iattr before calling notify_change Dai Ngo <dai.ngo(a)oracle.com> NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Jeff Layton <jlayton(a)kernel.org> nfsd: simplify the delayed disposal list code Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert filecache to rhltable Jeff Layton <jlayton(a)kernel.org> nfsd: allow reaping files still under writeback Jeff Layton <jlayton(a)kernel.org> nfsd: update comment over __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: don't take/put an extra reference when putting a file Jeff Layton <jlayton(a)kernel.org> nfsd: add some comments to nfsd_file_do_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: don't kill nfsd_files because of lease break error Jeff Layton <jlayton(a)kernel.org> nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator Jeff Layton <jlayton(a)kernel.org> nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries Jeff Layton <jlayton(a)kernel.org> nfsd: don't open-code clear_and_wake_up_bit Jeff Layton <jlayton(a)kernel.org> nfsd: call op_release, even when op_func returns an error Jeff Layton <jlayton(a)kernel.org> nfsd: don't replace page in rq_pages if it's a continuation of last page Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against filesystem freezing Chuck Lever <chuck.lever(a)oracle.com> NFSD: copy the whole verifier in nfsd_copy_write_verifier Jeff Layton <jlayton(a)kernel.org> nfsd: don't fsync nfsd_files on last close Jeff Layton <jlayton(a)kernel.org> nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix problems with cleanup on errors in nfsd4_copy Jeff Layton <jlayton(a)kernel.org> nfsd: don't hand out delegation on setuid files being opened for write Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix leaked reference count of nfsd4_ssc_umount_item Jeff Layton <jlayton(a)kernel.org> nfsd: clean up potential nfsd_file refcount leaks in COPY codepath Jeff Layton <jlayton(a)kernel.org> nfsd: allow nfsd_file_get to sanely handle a NULL pointer Dai Ngo <dai.ngo(a)oracle.com> NFSD: enhance inter-server copy cleanup Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Jeff Layton <jlayton(a)kernel.org> nfsd: don't free files unconditionally in __nfsd_file_cache_purge Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" Jeff Layton <jlayton(a)kernel.org> nfsd: fix handling of cached open files in nfsd4_open codepath Jeff Layton <jlayton(a)kernel.org> nfsd: rework refcounting in filecache Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add CB_RECALL_ANY tracepoints Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Chuck Lever <chuck.lever(a)oracle.com> trace: Relocate event helper files Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: return error if nfs4_setacl fails Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_file_fsync tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Jeff Layton <jlayton(a)kernel.org> nfsd: reorganize filecache.c Jeff Layton <jlayton(a)kernel.org> nfsd: remove the pages_flushed statistic from filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection Chuck Lever <chuck.lever(a)oracle.com> NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pass the target nfsd_file to nfsd_commit() David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Finish converting the NFSv3 GETACL result encoder Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix reads with a non-zero offset that don't end on a page boundary Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix trace_nfsd_fh_verify_err() crasher Jeff Layton <jlayton(a)kernel.org> nfsd: put the export reference in nfsd4_verify_deleg_dentry Jeff Layton <jlayton(a)kernel.org> nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix net-namespace logic in __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: ensure we always call fh_verify_error tracepoint Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> NFSD: unregister shrinker when nfsd_init_net() fails Jeff Layton <jlayton(a)kernel.org> nfsd: rework hashtable handling in nfsd_do_file_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: fix nfsd_file_unhash_and_dispose Gaosheng Cui <cuigaosheng1(a)huawei.com> fanotify: Remove obsoleted fanotify_event_has_path() Gaosheng Cui <cuigaosheng1(a)huawei.com> fsnotify: remove unused declaration Al Viro <viro(a)zeniv.linux.org.uk> fs/notify: constify path Jeff Layton <jlayton(a)kernel.org> nfsd: extra checks when freeing delegation stateids Jeff Layton <jlayton(a)kernel.org> nfsd: make nfsd4_run_cb a bool return function Jeff Layton <jlayton(a)kernel.org> nfsd: fix comments about spinlock handling with delegations Jeff Layton <jlayton(a)kernel.org> nfsd: only fill out return pointer on success in nfsd4_lookup_stateid Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap rsize_bop result based on send buffer size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename the fields in copy_stateid_t ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pack struct nfsd4_compoundres Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused nfsd4_compoundargs::cachetype field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove "inline" directives on op_rsize_bop helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4svc_encode_compoundres() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up WRITE arg decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor common code out of dirlist helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Parametrize how much of argsize should be zeroed Dai Ngo <dai.ngo(a)oracle.com> NFSD: add shrinker to reap courtesy clients on low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of courtesy clients in the system Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a mechanism to wait for a DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints to report NFSv4 callback completions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace NFSv4 COMPOUND tags Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace dprintk() call site in fh_verify() Gaosheng Cui <cuigaosheng1(a)huawei.com> nfsd: remove nfsd4_prepare_cb_recall() declaration Jeff Layton <jlayton(a)kernel.org> nfsd: clean up mounted_on_fileid handling NeilBrown <neilb(a)suse.de> NFSD: drop fname and flen args from nfsd_create_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Propagate some error code returned by memdup_user() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Avoid some useless tests Jinpeng Cui <cui.jinpeng2(a)zte.com.cn> NFSD: remove redundant variable status Olga Kornievskaia <kolga(a)netapp.com> NFSD enforce filehandle check for source file in COPY Wolfram Sang <wsa+renesas(a)sang-engineering.com> lockd: move from strlcpy with unused retval to strscpy Wolfram Sang <wsa+renesas(a)sang-engineering.com> NFSD: move from strlcpy with unused retval to strscpy Al Viro <viro(a)zeniv.linux.org.uk> nfsd_splice_actor(): handle compound pages NeilBrown <neilb(a)suse.de> NFSD: fix regression with setting ACLs. NeilBrown <neilb(a)suse.de> NFSD: discard fh_locked flag and fh_lock/fh_unlock NeilBrown <neilb(a)suse.de> NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NeilBrown <neilb(a)suse.de> NFSD: use explicit lock/unlock for directory ops NeilBrown <neilb(a)suse.de> NFSD: reduce locking in nfsd_lookup() NeilBrown <neilb(a)suse.de> NFSD: only call fh_unlock() once in nfsd_link() NeilBrown <neilb(a)suse.de> NFSD: always drop directory lock in nfsd_unlink() NeilBrown <neilb(a)suse.de> NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NeilBrown <neilb(a)suse.de> NFSD: add posix ACLs to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: add security label to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: set attributes when creating symlinks NeilBrown <neilb(a)suse.de> NFSD: introduce struct nfsd_attrs Jeff Layton <jlayton(a)kernel.org> NFSD: verify the opened dentry after setting a delegation Jeff Layton <jlayton(a)kernel.org> NFSD: drop fh argument from alloc_init_deleg Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move copy offload callback arguments into a separate structure Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd4_send_cb_offload() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove kmalloc from nfsd4_do_async_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_do_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace boolean fields in struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfs4_put_copy() static Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reorder the fields in struct nfsd4_op Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy_notify Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfserrno(-ENOMEM) is nfserr_jukebox Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix strncpy() fortify warning Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_encode_readlink() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_pad_size() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Simplify starting_len Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_readv() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_read::rd_eof field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up SPLICE_OK in nfsd4_encode_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_fattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_operation() Jeff Layton <jlayton(a)kernel.org> nfsd: silence extraneous printk on nfsd.ko insertion Dai Ngo <dai.ngo(a)oracle.com> NFSD: limit the number of v4 clients to 1024 per 1GB of system memory Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of v4 clients in the system Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring v4 specific code to a helper in nfs4state.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Ensure nf_inode is never dereferenced Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 CLOSE should release an nfsd_file immediately Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move nfsd_file_trace_alloc() tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Separate tracepoints for acquire and create Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up unused code after rhashtable conversion Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert the filecache to use rhashtable Chuck Lever <chuck.lever(a)oracle.com> NFSD: Set up an rhashtable for the filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the "init once" mechanism Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove nfsd_file::nf_hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_hash_remove can compute hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor __nfsd_file_close_inode() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove lockdep assertion from unhash_and_release_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: No longer record nf_hashval in the trace log Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never call nfsd_file_gc() in foreground paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix the filecache LRU shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Leave open files out of the filecache LRU Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache LRU activity Chuck Lever <chuck.lever(a)oracle.com> NFSD: WARN when freeing an item still linked via nf_lru Chuck Lever <chuck.lever(a)oracle.com> NFSD: Hook up the filecache stat file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Zero counters when the filecache is re-initialized Chuck Lever <chuck.lever(a)oracle.com> NFSD: Record number of flush calls Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report the number of items evicted by the LRU walk Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_lru_scan() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_gc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_file_lru_dispose_list() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report average age of filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of freed filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of calls to nfsd_file_acquire() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report filecache LRU size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Demote a WARN to a pr_warn() Colin Ian King <colin.i.king(a)gmail.com> nfsd: remove redundant assignment to variable len Zhang Jiaming <jiaming(a)nfschina.com> NFSD: Fix space and spelling mistake Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instrument fh_verify() Benjamin Coddington <bcodding(a)redhat.com> NLM: Defend against file_lock changes after vfs_test_lock() Xin Gao <gaoxin(a)cdjrlc.com> fsnotify: Fix comment typo Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce FAN_MARK_IGNORE Amir Goldstein <amir73il(a)gmail.com> fanotify: cleanups for fanotify_mark() input validations Amir Goldstein <amir73il(a)gmail.com> fanotify: prepare for setting event flags in ignore mask Oliver Ford <ojford(a)gmail.com> fs: inotify: Fix typo in inotify comment Chuck Lever <chuck.lever(a)oracle.com> NFSD: Decode NFSv4 birth time attribute Amir Goldstein <amir73il(a)gmail.com> fanotify: refine the validation checks on non-dir inode mask NeilBrown <neilb(a)suse.de> NFS: restore module put when manager exits. Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix potential use-after-free in nfsd_file_put() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_put() can sleep Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Unregister the cld notifier when laundry_wq create failed Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Use RMW bitops in single-threaded hot paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache opens Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move documenting comment for nfsd4_process_open2() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix whitespace Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove dprintk call sites from tail of nfsd4_open() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instantiate a struct file when creating a regular NFSv4 file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_open_verified() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv4 OPEN(CREATE) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv3 CREATE Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_create_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd3_proc_create() Dai Ngo <dai.ngo(a)oracle.com> NFSD: Show state of courtesy client in client info Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for lock conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add helper locks_owner_has_blockers to check for blockers Dai Ngo <dai.ngo(a)oracle.com> NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for share reservation conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> NFSD: add courteous server support for thread with only delegation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_splice_actor() Vasily Averin <vvs(a)openvz.org> fanotify: fix incorrect fmode_t casts Amir Goldstein <amir73il(a)gmail.com> fsnotify: consistent behavior for parent not watching children Amir Goldstein <amir73il(a)gmail.com> fsnotify: introduce mark type iterator Amir Goldstein <amir73il(a)gmail.com> fanotify: enable "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fanotify: implement "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: factor out helper fanotify_mark_update_flags() Amir Goldstein <amir73il(a)gmail.com> fanotify: create helper fanotify_mark_user_flags() Amir Goldstein <amir73il(a)gmail.com> fsnotify: allow adding an inode mark without pinning inode Amir Goldstein <amir73il(a)gmail.com> dnotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> nfsd: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> inotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fsnotify: create helpers for group mark_mutex lock Amir Goldstein <amir73il(a)gmail.com> fsnotify: make allow_dups a property of the group Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass flags argument to fsnotify_alloc_group() Amir Goldstein <amir73il(a)gmail.com> inotify: move control flags from mask to mark flags Dai Ngo <dai.ngo(a)oracle.com> fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. Amir Goldstein <amir73il(a)gmail.com> fanotify: do not allow setting dirent events in mask of non-dir Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Clean up nfsd_file_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a write performance regression Bang Li <libang.linuxer(a)gmail.com> fsnotify: remove redundant parameter judgment Amir Goldstein <amir73il(a)gmail.com> fsnotify: optimize FS_MODIFY events with no ignored masks Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix merge with parent's ignored mask Jakob Koschel <jakobkoschel(a)gmail.com> nfsd: fix using the correct variable for sizeof() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up _lm_ operation names Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove CONFIG_NFSD_V3 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move svc_serv_ops::svo_function into struct svc_serv Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove svc_serv_ops::svo_module Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svc_shutdown_net() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_close_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_create_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svo_shutdown method Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove the .svo_enqueue_xprt method Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove NFSD_PROC_ARGS_* macros Chuck Lever <chuck.lever(a)oracle.com> NFSD: Streamline the rare "found" case Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip extra computation for RC_NOCACHE case Chuck Lever <chuck.lever(a)oracle.com> orDate: Thu Sep 30 19:19:57 2021 -0400 Ondrej Valousek <ondrej.valousek.xm(a)renesas.com> nfsd: Add support for the birth time attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Deprecate NFS_OFFSET_MAX Amir Goldstein <amir73il(a)gmail.com> fsnotify: invalidate dcache before IN_DELETE event Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move fill_pre_wcc() and fill_post_wcc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace boot verifier resets Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename boot verifier functions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the nfsd_net::nfssvc_boot field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Write verifier might go backwards Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_vfs_write() Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Retry once in nfsd_open on an -EOPENSTALE return Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Add errno mapping for EREMOTEIO Peng Tao <tao.peng(a)primarydata.com> nfsd: map EBADF Vasily Averin <vvs(a)virtuozzo.com> nfsd4: add refcount for nfsd4_blocked_lock J. Bruce Fields <bfields(a)redhat.com> nfs: block notification on fs with its own ->lock Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate nfsd4_decode_bitmap4() J. Bruce Fields <bfields(a)redhat.com> nfsd: improve stateid access bitmask documentation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Combine XDR error tracepoints NeilBrown <neilb(a)suse.de> NFSD: simplify per-net file cache management Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> NFSD: Fix inconsistent indenting Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove be32_to_cpu() from DRC hash function NeilBrown <neilb(a)suse.de> NFS: switch the callback service back to non-pooled. NeilBrown <neilb(a)suse.de> lockd: use svc_set_num_threads() for thread start and stop NeilBrown <neilb(a)suse.de> SUNRPC: always treat sv_nrpools==1 as "not pooled" NeilBrown <neilb(a)suse.de> SUNRPC: move the pool_map definitions (back) into svc.c NeilBrown <neilb(a)suse.de> lockd: rename lockd_create_svc() to lockd_get() NeilBrown <neilb(a)suse.de> lockd: introduce lockd_put() NeilBrown <neilb(a)suse.de> lockd: move svc_exit_thread() into the thread NeilBrown <neilb(a)suse.de> lockd: move lockd_start_svc() call into lockd_create_svc() NeilBrown <neilb(a)suse.de> lockd: simplify management of network status notifiers NeilBrown <neilb(a)suse.de> lockd: introduce nlmsvc_serv NeilBrown <neilb(a)suse.de> NFSD: simplify locking for network notifier. NeilBrown <neilb(a)suse.de> SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NeilBrown <neilb(a)suse.de> NFSD: Make it possible to use svc_set_num_threads_sync NeilBrown <neilb(a)suse.de> NFSD: narrow nfsd_mutex protection in nfsd thread NeilBrown <neilb(a)suse.de> SUNRPC: use sv_lock to protect updates to sv_nrthreads. NeilBrown <neilb(a)suse.de> nfsd: make nfsd_stats.th_cnt atomic_t NeilBrown <neilb(a)suse.de> SUNRPC: stop using ->sv_nrthreads as a refcount NeilBrown <neilb(a)suse.de> SUNRPC/NFSD: clean up get/put functions. NeilBrown <neilb(a)suse.de> SUNRPC: change svc_get() to return the svc. NeilBrown <neilb(a)suse.de> NFSD: handle errors better in write_ports_addfd() Eric W. Biederman <ebiederm(a)xmission.com> exit: Rename module_put_and_exit to module_put_and_kthread_exit Eric W. Biederman <ebiederm(a)xmission.com> exit: Implement kthread_exit Amir Goldstein <amir73il(a)gmail.com> fanotify: wire up FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: report old and/or new parent+name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: record either old name new name or both for FAN_RENAME Amir Goldstein <amir73il(a)gmail.com> fanotify: record old and new parent and name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: support secondary dir fh and name in fanotify_info Amir Goldstein <amir73il(a)gmail.com> fanotify: use helpers to parcel fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fanotify: use macros to get the offset to fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fsnotify: generate FS_RENAME event with rich information Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce group flag FAN_REPORT_TARGET_FID Amir Goldstein <amir73il(a)gmail.com> fsnotify: separate mark iterator type from object type enum Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify object type argument Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: fix error code saved on super block during file system abort J. Bruce Fields <bfields(a)redhat.com> nfsd4: remove obselete comment Changcheng Deng <deng.changcheng(a)zte.com.cn> NFSD:fix boolreturn.cocci warning J. Bruce Fields <bfields(a)redhat.com> nfsd: update create verifier comment Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_encode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_encode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Save location of NFSv4 COMPOUND status Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_decode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_decode Colin Ian King <colin.king(a)canonical.com> NFSD: Initialize pointer ni with NULL and not plain integer 0 NeilBrown <neilb(a)suse.de> NFSD: simplify struct nfsfh NeilBrown <neilb(a)suse.de> NFSD: drop support for ancient filehandles NeilBrown <neilb(a)suse.de> NFSD: move filehandle format declarations out of "uapi". Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize DRC bucket pruning Chuck Lever <chuck.lever(a)oracle.com> NFS: Move NFS protocol display macros to global header Chuck Lever <chuck.lever(a)oracle.com> NFS: Move generic FS show macros to global header Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field Chuck Lever <chuck.lever(a)oracle.com> NFS: Remove unnecessary TRACE_DEFINE_ENUM()s Gabriel Krisman Bertazi <krisman(a)collabora.com> docs: Document the FAN_FS_ERROR event Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: Send notifications on error Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow users to request FAN_FS_ERROR events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Emit generic error info for error event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Report fid info for file related file system errors Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: WARN_ON against too large file handles Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Add helpers to decide whether to report FID/DFID Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Wrap object_fh inline space in a creator macro Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support merging of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support enqueueing of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Pre-allocate pool of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Reserve UAPI bits for FAN_FS_ERROR Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Support FS_ERROR event type Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Require fid_mode for any non-fd event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Encode empty file handle when no inode is provided Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow file handle encoding for unhashed events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support null inode event in fanotify_dfid_inode Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Pass group argument to free_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Protect fsnotify_handle_inode_event from no-inode events Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Retrieve super block from the data field Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add wrapper around fsnotify_add_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add helper to detect overflow_event Gabriel Krisman Bertazi <krisman(a)collabora.com> inotify: Don't force FS_IN_IGNORED Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Split fsid check from other fid mode checks Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Fold event size calculation to its own function Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Don't insert unmergeable events in hashtable Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify contract for create event hooks Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass dentry instead of inode data Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass data_type to fsnotify_name() Peter Zijlstra <peterz(a)infradead.org> x86/static_call: Add support for Jcc tail-calls Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Introduce int3_emulate_jcc() Thomas Gleixner <tglx(a)linutronix.de> x86/asm: Differentiate between code and function alignment Peter Zijlstra <peterz(a)infradead.org> arch: Introduce CONFIG_FUNCTION_ALIGNMENT Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/rfds: Mitigate Register File Data Sampling (RFDS) Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation/hw-vuln: Add documentation for RFDS Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson <seanjc(a)google.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW H. Peter Anvin (Intel) <hpa(a)zytor.com> x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Limit stage2_apply_range() batch size to largest block Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Work out supported block level at compile time Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device John Garry <john.garry(a)huawei.com> dma-iommu: add iommu_dma_opt_mapping_size() John Garry <john.garry(a)huawei.com> dma-mapping: add dma_opt_mapping_size() Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Geert Uytterhoeven <geert+renesas(a)glider.be> net: ravb: Add R-Car Gen4 support Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for certain Intel Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited Bjorn Helgaas <bhelgaas(a)google.com> PCI: Work around Intel I210 ROM BAR overlap defect Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Petr Mladek <pmladek(a)suse.com> printk/console: Split out code that enables default console Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Peter Collingbourne <pcc(a)google.com> kasan: test: add memcpy test that avoids out-of-bounds write Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + .../admin-guide/filesystem-monitoring.rst | 74 ++ Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++ Documentation/admin-guide/hw-vuln/spectre.rst | 66 +- Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt | 39 +- Documentation/core-api/dma-api.rst | 14 + Documentation/filesystems/locking.rst | 10 +- Documentation/filesystems/nfs/exporting.rst | 33 + Documentation/x86/mds.rst | 34 +- MAINTAINERS | 7 + Makefile | 8 +- arch/Kconfig | 24 + arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/include/asm/kvm_pgtable.h | 18 +- arch/arm64/include/asm/stage2_pgtable.h | 20 - arch/arm64/kvm/mmu.c | 9 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/ia64/Kconfig | 1 + arch/ia64/Makefile | 2 +- arch/openrisc/kernel/dma.c | 16 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 38 + arch/x86/boot/compressed/head_64.S | 8 + arch/x86/entry/common.c | 6 +- arch/x86/entry/entry.S | 23 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 72 ++ arch/x86/entry/entry_64_compat.S | 4 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 5 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 18 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/linkage.h | 12 +- arch/x86/include/asm/msr-index.h | 19 +- arch/x86/include/asm/nospec-branch.h | 64 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/syscall.h | 10 +- arch/x86/include/asm/text-patching.h | 31 + arch/x86/kernel/alternative.c | 56 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 360 ++++-- arch/x86/kernel/cpu/common.c | 77 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/kprobes/core.c | 38 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kernel/static_call.c | 50 +- arch/x86/kvm/cpuid.c | 29 +- arch/x86/kvm/reverse_cpuid.h | 45 +- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 11 +- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/kvm/x86.c | 17 +- arch/x86/lib/retpoline.S | 5 +- arch/x86/mm/ident_map.c | 23 +- block/blk-settings.c | 4 + crypto/algboss.c | 4 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/acpi/cppc_acpi.c | 27 +- drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/cpu.c | 8 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hid/uhid.c | 20 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/infiniband/core/cm_trace.h | 2 +- drivers/infiniband/core/cma_trace.h | 2 +- drivers/iommu/dma-iommu.c | 15 + drivers/iommu/iova.c | 5 + drivers/md/dm-integrity.c | 2 +- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/realtek/r8169_main.c | 11 +- drivers/net/ethernet/renesas/ravb_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/usb/asix.h | 3 + drivers/net/usb/asix_devices.c | 20 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 12 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 6 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/of/dynamic.c | 12 + drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/pci-driver.c | 23 +- drivers/pci/pcie/dpc.c | 15 +- drivers/pci/pcie/err.c | 20 + drivers/pci/quirks.c | 100 ++ drivers/pci/setup-res.c | 8 +- drivers/phy/tegra/xusb.c | 13 + drivers/s390/crypto/zcrypt_api.c | 2 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/hosts.c | 7 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/sc16is7xx.c | 15 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 + drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 +- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/scsiglue.c | 1 - drivers/usb/storage/uas.c | 81 +- drivers/usb/storage/usb.c | 4 +- drivers/usb/typec/ucsi/ucsi.c | 42 +- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_intrs.c | 188 +-- drivers/vfio/platform/vfio_platform_irq.c | 106 +- drivers/vfio/virqfd.c | 21 + drivers/xen/events/events_base.c | 5 +- fs/Kconfig | 2 +- fs/aio.c | 8 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/cifs/connect.c | 2 +- fs/exec.c | 1 + fs/exportfs/expfs.c | 8 +- fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/ext4/super.c | 10 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/ksmbd/smb2pdu.c | 10 +- fs/lockd/host.c | 2 +- fs/lockd/svc.c | 223 ++-- fs/lockd/svc4proc.c | 29 +- fs/lockd/svclock.c | 31 +- fs/lockd/svcproc.c | 30 +- fs/lockd/svcsubs.c | 4 +- fs/lockd/xdr.c | 152 ++- fs/lockd/xdr4.c | 153 ++- fs/locks.c | 85 +- fs/nfs/callback.c | 96 +- fs/nfs/callback_xdr.c | 5 +- fs/nfs/direct.c | 11 +- fs/nfs/export.c | 9 +- fs/nfs/nfs4state.c | 2 +- fs/nfs/nfs4trace.h | 477 +------- fs/nfs/nfstrace.h | 269 +---- fs/nfs/pnfs.h | 4 - fs/nfs/write.c | 2 +- fs/nfsd/Kconfig | 27 +- fs/nfsd/Makefile | 8 +- fs/nfsd/acl.h | 6 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/cache.h | 2 +- fs/nfsd/export.h | 1 - fs/nfsd/filecache.c | 1192 +++++++++++--------- fs/nfsd/filecache.h | 19 +- fs/nfsd/flexfilelayout.c | 3 +- fs/nfsd/lockd.c | 2 +- fs/nfsd/netns.h | 34 +- fs/nfsd/nfs2acl.c | 55 +- fs/nfsd/nfs3acl.c | 83 +- fs/nfsd/nfs3proc.c | 212 +++- fs/nfsd/nfs3xdr.c | 444 +++----- fs/nfsd/nfs4acl.c | 46 +- fs/nfsd/nfs4callback.c | 125 +- fs/nfsd/nfs4idmap.c | 9 +- fs/nfsd/nfs4layouts.c | 4 +- fs/nfsd/nfs4proc.c | 986 +++++++++------- fs/nfsd/nfs4recover.c | 12 +- fs/nfsd/nfs4state.c | 1049 +++++++++++++---- fs/nfsd/nfs4xdr.c | 1115 +++++++++--------- fs/nfsd/nfscache.c | 63 +- fs/nfsd/nfsctl.c | 146 ++- fs/nfsd/nfsd.h | 35 +- fs/nfsd/nfsfh.c | 264 ++--- fs/nfsd/nfsfh.h | 145 ++- fs/nfsd/nfsproc.c | 121 +- fs/nfsd/nfssvc.c | 263 ++--- fs/nfsd/nfsxdr.c | 178 ++- fs/nfsd/state.h | 59 +- fs/nfsd/stats.c | 16 +- fs/nfsd/stats.h | 4 +- fs/nfsd/trace.h | 692 ++++++++++-- fs/nfsd/vfs.c | 822 +++++++------- fs/nfsd/vfs.h | 56 +- fs/nfsd/xdr.h | 35 +- fs/nfsd/xdr3.h | 61 +- fs/nfsd/xdr4.h | 81 +- fs/nfsd/xdr4cb.h | 6 + fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/notify/dnotify/dnotify.c | 15 +- fs/notify/fanotify/fanotify.c | 363 ++++-- fs/notify/fanotify/fanotify.h | 212 +++- fs/notify/fanotify/fanotify_user.c | 441 ++++++-- fs/notify/fdinfo.c | 16 +- fs/notify/fsnotify.c | 177 +-- fs/notify/fsnotify.h | 4 - fs/notify/group.c | 36 +- fs/notify/inotify/inotify.h | 11 +- fs/notify/inotify/inotify_fsnotify.c | 7 +- fs/notify/inotify/inotify_user.c | 53 +- fs/notify/mark.c | 137 ++- fs/notify/notification.c | 14 +- fs/open.c | 42 + fs/pipe.c | 17 +- fs/ubifs/file.c | 13 +- fs/vboxsf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 4 +- include/linux/cpu.h | 2 + include/linux/device.h | 1 + include/linux/dma-map-ops.h | 1 + include/linux/dma-mapping.h | 5 + include/linux/dnotify.h | 2 +- include/linux/exportfs.h | 17 +- include/linux/fanotify.h | 31 +- include/linux/fs.h | 26 + include/linux/fsnotify.h | 70 +- include/linux/fsnotify_backend.h | 356 +++++- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/iova.h | 2 + include/linux/kthread.h | 1 + include/linux/linkage.h | 4 +- include/linux/lockd/lockd.h | 10 +- include/linux/lockd/xdr.h | 27 +- include/linux/lockd/xdr4.h | 29 +- include/linux/minmax.h | 17 + include/linux/module.h | 6 +- include/linux/nfs.h | 8 - include/linux/nfs4.h | 17 + include/linux/nfs_fs.h | 1 + include/linux/nfs_ssc.h | 4 +- include/linux/pci.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/secretmem.h | 4 +- include/linux/sunrpc/svc.h | 93 +- include/linux/sunrpc/svc_xprt.h | 11 +- include/linux/sunrpc/svcsock.h | 7 +- include/linux/sunrpc/xdr.h | 2 + include/linux/timer.h | 18 +- include/linux/udp.h | 28 + include/linux/vfio.h | 2 + include/net/cfg802154.h | 1 + include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 + include/soc/fsl/qman.h | 9 + include/trace/events/rpcgss.h | 18 +- include/trace/events/rpcrdma.h | 44 +- include/trace/events/sunrpc.h | 74 +- include/trace/misc/fs.h | 122 ++ include/trace/misc/nfs.h | 387 +++++++ include/trace/{events => misc}/rdma.h | 0 include/trace/misc/sunrpc.h | 18 + include/uapi/linux/fanotify.h | 29 + include/uapi/linux/nfsd/nfsfh.h | 115 -- init/initramfs.c | 2 +- io_uring/io_uring.c | 2 +- kernel/audit_fsnotify.c | 8 +- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 5 +- kernel/bounds.c | 2 +- kernel/bpf/verifier.c | 5 + kernel/dma/mapping.c | 12 + kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/events/core.c | 9 + kernel/kthread.c | 23 +- kernel/locking/rwsem.c | 14 +- kernel/module.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 63 +- kernel/time/timer.c | 160 +-- kernel/trace/ring_buffer.c | 233 ++-- kernel/trace/trace.c | 21 +- lib/Kconfig.debug | 1 + lib/pci_iomap.c | 2 +- lib/test_kasan.c | 21 +- mm/compaction.c | 7 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/bnep/core.c | 2 +- net/bluetooth/cmtp/core.c | 2 +- net/bluetooth/hci_debugfs.c | 64 +- net/bluetooth/hci_event.c | 25 + net/bluetooth/hidp/core.c | 2 +- net/bridge/netfilter/ebtables.c | 6 + net/core/skbuff.c | 6 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 14 + net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 20 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 3 + net/netfilter/nf_tables_api.c | 20 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sunrpc/svc.c | 227 ++-- net/sunrpc/svc_xprt.c | 68 +- net/sunrpc/svcsock.c | 24 +- net/sunrpc/xdr.c | 22 + net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/objtool/check.c | 3 +- tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- virt/kvm/async_pf.c | 31 +- 445 files changed, 11948 insertions(+), 6886 deletions(-)

1 year, 5 months

1
0
0 0

[tip: timers/urgent] selftests/timers/posix_timers: Reimplement check_timer_distribution()

by tip-bot2 for Oleg Nesterov

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 6d029c25b71f2de2838a6f093ce0fa0e69336154 Gitweb: https://git.kernel.org/tip/6d029c25b71f2de2838a6f093ce0fa0e69336154 Author: Oleg Nesterov <oleg(a)redhat.com> AuthorDate: Tue, 09 Apr 2024 15:38:03 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 09 Apr 2024 17:48:19 +02:00 selftests/timers/posix_timers: Reimplement check_timer_distribution() check_timer_distribution() runs ten threads in a busy loop and tries to test that the kernel distributes a process posix CPU timer signal to every thread over time. There is not guarantee that this is true even after commit bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") because that commit only avoids waking up the sleeping process leader thread, but that has nothing to do with the actual signal delivery. As the signal is process wide the first thread which observes sigpending and wins the race to lock sighand will deliver the signal. Testing shows that this hangs on a regular base because some threads never win the race. The comment "This primarily tests that the kernel does not favour any one." is wrong. The kernel does favour a thread which hits the timer interrupt when CLOCK_PROCESS_CPUTIME_ID expires. Rewrite the test so it only checks that the group leader sleeping in join() never receives SIGALRM and the thread which burns CPU cycles receives all signals. In older kernels which do not have commit bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") the test-case fails immediately, the very 1st tick wakes the leader up. Otherwise it quickly succeeds after 100 ticks. CI testing wants to use newer selftest versions on stable kernels. In this case the test is guaranteed to fail. So check in the failure case whether the kernel version is less than v6.3 and skip the test result in that case. [ tglx: Massaged change log, renamed the version check helper ] Fixes: e797203fb3ba ("selftests/timers/posix_timers: Test delivery of signals across threads") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240409133802.GD29396@redhat.com --- tools/testing/selftests/kselftest.h | 13 ++- tools/testing/selftests/timers/posix_timers.c | 103 +++++++---------- 2 files changed, 60 insertions(+), 56 deletions(-) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index 541bf19..973b18e 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -51,6 +51,7 @@ #include <stdarg.h> #include <string.h> #include <stdio.h> +#include <sys/utsname.h> #endif #ifndef ARRAY_SIZE @@ -388,4 +389,16 @@ static inline __printf(1, 2) int ksft_exit_skip(const char *msg, ...) exit(KSFT_SKIP); } +static inline int ksft_min_kernel_version(unsigned int min_major, + unsigned int min_minor) +{ + unsigned int major, minor; + struct utsname info; + + if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2) + ksft_exit_fail_msg("Can't parse kernel version\n"); + + return major > min_major || (major == min_major && minor >= min_minor); +} + #endif /* __KSELFTEST_H */ diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c index d49dd3f..d86a0e0 100644 --- a/tools/testing/selftests/timers/posix_timers.c +++ b/tools/testing/selftests/timers/posix_timers.c @@ -184,80 +184,71 @@ static int check_timer_create(int which) return 0; } -int remain; -__thread int got_signal; +static pthread_t ctd_thread; +static volatile int ctd_count, ctd_failed; -static void *distribution_thread(void *arg) +static void ctd_sighandler(int sig) { - while (__atomic_load_n(&remain, __ATOMIC_RELAXED)); - return NULL; + if (pthread_self() != ctd_thread) + ctd_failed = 1; + ctd_count--; } -static void distribution_handler(int nr) +static void *ctd_thread_func(void *arg) { - if (!__atomic_exchange_n(&got_signal, 1, __ATOMIC_RELAXED)) - __atomic_fetch_sub(&remain, 1, __ATOMIC_RELAXED); -} - -/* - * Test that all running threads _eventually_ receive CLOCK_PROCESS_CPUTIME_ID - * timer signals. This primarily tests that the kernel does not favour any one. - */ -static int check_timer_distribution(void) -{ - int err, i; - timer_t id; - const int nthreads = 10; - pthread_t threads[nthreads]; struct itimerspec val = { .it_value.tv_sec = 0, .it_value.tv_nsec = 1000 * 1000, .it_interval.tv_sec = 0, .it_interval.tv_nsec = 1000 * 1000, }; + timer_t id; - remain = nthreads + 1; /* worker threads + this thread */ - signal(SIGALRM, distribution_handler); - err = timer_create(CLOCK_PROCESS_CPUTIME_ID, NULL, &id); - if (err < 0) { - ksft_perror("Can't create timer"); - return -1; - } - err = timer_settime(id, 0, &val, NULL); - if (err < 0) { - ksft_perror("Can't set timer"); - return -1; - } + /* 1/10 seconds to ensure the leader sleeps */ + usleep(10000); - for (i = 0; i < nthreads; i++) { - err = pthread_create(&threads[i], NULL, distribution_thread, - NULL); - if (err) { - ksft_print_msg("Can't create thread: %s (%d)\n", - strerror(errno), errno); - return -1; - } - } + ctd_count = 100; + if (timer_create(CLOCK_PROCESS_CPUTIME_ID, NULL, &id)) + return "Can't create timer\n"; + if (timer_settime(id, 0, &val, NULL)) + return "Can't set timer\n"; - /* Wait for all threads to receive the signal. */ - while (__atomic_load_n(&remain, __ATOMIC_RELAXED)); + while (ctd_count > 0 && !ctd_failed) + ; - for (i = 0; i < nthreads; i++) { - err = pthread_join(threads[i], NULL); - if (err) { - ksft_print_msg("Can't join thread: %s (%d)\n", - strerror(errno), errno); - return -1; - } - } + if (timer_delete(id)) + return "Can't delete timer\n"; - if (timer_delete(id)) { - ksft_perror("Can't delete timer"); - return -1; - } + return NULL; +} + +/* + * Test that only the running thread receives the timer signal. + */ +static int check_timer_distribution(void) +{ + const char *errmsg; - ksft_test_result_pass("check_timer_distribution\n"); + signal(SIGALRM, ctd_sighandler); + + errmsg = "Can't create thread\n"; + if (pthread_create(&ctd_thread, NULL, ctd_thread_func, NULL)) + goto err; + + errmsg = "Can't join thread\n"; + if (pthread_join(ctd_thread, (void **)&errmsg) || errmsg) + goto err; + + if (!ctd_failed) + ksft_test_result_pass("check signal distribution\n"); + else if (ksft_min_kernel_version(6, 3)) + ksft_test_result_fail("check signal distribution\n"); + else + ksft_test_result_skip("check signal distribution (old kernel)\n"); return 0; +err: + ksft_print_msg(errmsg); + return -1; } int main(int argc, char **argv)

1 year, 5 months

1
0
0 0

[PATCH 3/5] drm/vmwgfx: Fix prime import/export

by Zack Rusin

vmwgfx never supported prime import of external buffers. Furthermore the driver exposes two different objects to userspace: vmw_surface's and gem buffers but prime import/export only worked with vmw_surfaces. Because gem buffers are used through the dumb_buffer interface this meant that the driver created buffers couldn't have been prime exported or imported. Fix prime import/export. Makes IGT's kms_prime pass. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM") Cc: <stable(a)vger.kernel.org> # v6.6+ --- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++++++++++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 ++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 ++ drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++++++++++++++ drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +++++++- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++++++++++++++------- 8 files changed, 117 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c index c52c7bf1485b..717d624e9a05 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c @@ -456,8 +456,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, .no_wait_gpu = false }; u32 j, initial_line = dst_offset / dst_stride; - struct vmw_bo_blit_line_data d; + struct vmw_bo_blit_line_data d = {0}; int ret = 0; + struct page **dst_pages = NULL; + struct page **src_pages = NULL; /* Buffer objects need to be either pinned or reserved: */ if (!(dst->pin_count)) @@ -477,12 +479,35 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, return ret; } + if (!src->ttm->pages && src->ttm->sg) { + src_pages = kvmalloc_array(src->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!src_pages) + return -ENOMEM; + ret = drm_prime_sg_to_page_array(src->ttm->sg, src_pages, + src->ttm->num_pages); + if (ret) + goto out; + } + if (!dst->ttm->pages && dst->ttm->sg) { + dst_pages = kvmalloc_array(dst->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!dst_pages) { + ret = -ENOMEM; + goto out; + } + ret = drm_prime_sg_to_page_array(dst->ttm->sg, dst_pages, + dst->ttm->num_pages); + if (ret) + goto out; + } + d.mapped_dst = 0; d.mapped_src = 0; d.dst_addr = NULL; d.src_addr = NULL; - d.dst_pages = dst->ttm->pages; - d.src_pages = src->ttm->pages; + d.dst_pages = dst->ttm->pages ? dst->ttm->pages : dst_pages; + d.src_pages = src->ttm->pages ? src->ttm->pages : src_pages; d.dst_num_pages = PFN_UP(dst->resource->size); d.src_num_pages = PFN_UP(src->resource->size); d.dst_prot = ttm_io_prot(dst, dst->resource, PAGE_KERNEL); @@ -504,6 +529,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, kunmap_atomic(d.src_addr); if (d.dst_addr) kunmap_atomic(d.dst_addr); + if (src_pages) + kvfree(src_pages); + if (dst_pages) + kvfree(dst_pages); return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index bfd41ce3c8f4..e5eb21a471a6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -377,7 +377,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, { struct ttm_operation_ctx ctx = { .interruptible = params->bo_type != ttm_bo_type_kernel, - .no_wait_gpu = false + .no_wait_gpu = false, + .resv = params->resv, }; struct ttm_device *bdev = &dev_priv->bdev; struct drm_device *vdev = &dev_priv->drm; @@ -394,8 +395,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, vmw_bo_placement_set(vmw_bo, params->domain, params->busy_domain); ret = ttm_bo_init_reserved(bdev, &vmw_bo->tbo, params->bo_type, - &vmw_bo->placement, 0, &ctx, NULL, - NULL, destroy); + &vmw_bo->placement, 0, &ctx, + params->sg, params->resv, destroy); if (unlikely(ret)) return ret; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index 0d496dc9c6af..f349642e6190 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -55,6 +55,8 @@ struct vmw_bo_params { enum ttm_bo_type bo_type; size_t size; bool pin; + struct dma_resv *resv; + struct sg_table *sg; }; /** diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 89d3679d2608..41ad13e45554 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1631,6 +1631,7 @@ static const struct drm_driver driver = { .prime_fd_to_handle = vmw_prime_fd_to_handle, .prime_handle_to_fd = vmw_prime_handle_to_fd, + .gem_prime_import_sg_table = vmw_prime_import_sg_table, .fops = &vmwgfx_driver_fops, .name = VMWGFX_DRIVER_NAME, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index ddbceaa31b59..4ecaea0026fc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1107,6 +1107,9 @@ extern int vmw_prime_handle_to_fd(struct drm_device *dev, struct drm_file *file_priv, uint32_t handle, uint32_t flags, int *prime_fd); +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table); /* * MemoryOBject management - vmwgfx_mob.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c index 186150f41fbc..2132a8ad8c0c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c @@ -136,6 +136,38 @@ int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv, return ret; } +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table) +{ + int ret; + struct vmw_private *dev_priv = vmw_priv(dev); + struct drm_gem_object *gem = NULL; + struct vmw_bo *vbo; + struct vmw_bo_params params = { + .domain = (dev_priv->has_mob) ? VMW_BO_DOMAIN_SYS : VMW_BO_DOMAIN_VRAM, + .busy_domain = VMW_BO_DOMAIN_SYS, + .bo_type = ttm_bo_type_sg, + .size = attach->dmabuf->size, + .pin = false, + .resv = attach->dmabuf->resv, + .sg = table, + + }; + + dma_resv_lock(params.resv, NULL); + + ret = vmw_bo_create(dev_priv, &params, &vbo); + if (ret != 0) + goto out_no_bo; + + vbo->tbo.base.funcs = &vmw_gem_object_funcs; + + gem = &vbo->tbo.base; +out_no_bo: + dma_resv_unlock(params.resv); + return gem; +} int vmw_gem_object_create_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index 2d72a5ee7c0c..c99cad444991 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -75,8 +75,12 @@ int vmw_prime_fd_to_handle(struct drm_device *dev, int fd, u32 *handle) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + int ret = ttm_prime_fd_to_handle(tfile, fd, handle); - return ttm_prime_fd_to_handle(tfile, fd, handle); + if (ret) + ret = drm_gem_prime_fd_to_handle(dev, file_priv, fd, handle); + + return ret; } int vmw_prime_handle_to_fd(struct drm_device *dev, @@ -85,5 +89,12 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, int *prime_fd) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - return ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + int ret; + + if (handle > VMWGFX_NUM_MOB) + ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c index 4d23d0a70bcb..621d98b376bb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c @@ -188,13 +188,18 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) switch (dev_priv->map_mode) { case vmw_dma_map_bind: case vmw_dma_map_populate: - vsgt->sgt = &vmw_tt->sgt; - ret = sg_alloc_table_from_pages_segment( - &vmw_tt->sgt, vsgt->pages, vsgt->num_pages, 0, - (unsigned long)vsgt->num_pages << PAGE_SHIFT, - dma_get_max_seg_size(dev_priv->drm.dev), GFP_KERNEL); - if (ret) - goto out_sg_alloc_fail; + if (vmw_tt->dma_ttm.page_flags & TTM_TT_FLAG_EXTERNAL) { + vsgt->sgt = vmw_tt->dma_ttm.sg; + } else { + vsgt->sgt = &vmw_tt->sgt; + ret = sg_alloc_table_from_pages_segment(&vmw_tt->sgt, + vsgt->pages, vsgt->num_pages, 0, + (unsigned long)vsgt->num_pages << PAGE_SHIFT, + dma_get_max_seg_size(dev_priv->drm.dev), + GFP_KERNEL); + if (ret) + goto out_sg_alloc_fail; + } ret = vmw_ttm_map_for_dma(vmw_tt); if (unlikely(ret != 0)) @@ -209,8 +214,9 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) return 0; out_map_fail: - sg_free_table(vmw_tt->vsgt.sgt); - vmw_tt->vsgt.sgt = NULL; + drm_warn(&dev_priv->drm, "VSG table map failed!"); + sg_free_table(vsgt->sgt); + vsgt->sgt = NULL; out_sg_alloc_fail: return ret; } @@ -356,15 +362,17 @@ static void vmw_ttm_destroy(struct ttm_device *bdev, struct ttm_tt *ttm) static int vmw_ttm_populate(struct ttm_device *bdev, struct ttm_tt *ttm, struct ttm_operation_ctx *ctx) { - int ret; + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; - /* TODO: maybe completely drop this ? */ if (ttm_tt_is_populated(ttm)) return 0; - ret = ttm_pool_alloc(&bdev->pool, ttm, ctx); + if (external && ttm->sg) + return drm_prime_sg_to_dma_addr_array(ttm->sg, + ttm->dma_address, + ttm->num_pages); - return ret; + return ttm_pool_alloc(&bdev->pool, ttm, ctx); } static void vmw_ttm_unpopulate(struct ttm_device *bdev, @@ -372,6 +380,10 @@ static void vmw_ttm_unpopulate(struct ttm_device *bdev, { struct vmw_ttm_tt *vmw_tt = container_of(ttm, struct vmw_ttm_tt, dma_ttm); + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; + + if (external) + return; vmw_ttm_unbind(bdev, ttm); @@ -390,6 +402,7 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, { struct vmw_ttm_tt *vmw_be; int ret; + bool external = bo->type == ttm_bo_type_sg; vmw_be = kzalloc(sizeof(*vmw_be), GFP_KERNEL); if (!vmw_be) @@ -398,7 +411,10 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, vmw_be->dev_priv = vmw_priv_from_ttm(bo->bdev); vmw_be->mob = NULL; - if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent) + if (external) + page_flags |= TTM_TT_FLAG_EXTERNAL | TTM_TT_FLAG_EXTERNAL_MAPPABLE; + + if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent || external) ret = ttm_sg_tt_init(&vmw_be->dma_ttm, bo, page_flags, ttm_cached); else -- 2.40.1

1 year, 5 months

2
1
0 0

[PATCH 4/5] drm/vmwgfx: Fix crtc's atomic check conditional

by Zack Rusin

The conditional was supposed to prevent enabling of a crtc state without a set primary plane. Accidently it also prevented disabling crtc state with a set primary plane. Neither is correct. Fix the conditional and just driver-warn when a crtc state has been enabled without a primary plane which will help debug broken userspace. Fixes IGT's kms_atomic_interruptible and kms_atomic_transition tests. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 06ec41909e31 ("drm/vmwgfx: Add and connect CRTC helper functions") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index e33e5993d8fc..13b2820cae51 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -931,6 +931,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state) { + struct vmw_private *vmw = vmw_priv(crtc->dev); struct drm_crtc_state *new_state = drm_atomic_get_new_crtc_state(state, crtc); struct vmw_display_unit *du = vmw_crtc_to_du(new_state->crtc); @@ -938,9 +939,13 @@ int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, bool has_primary = new_state->plane_mask & drm_plane_mask(crtc->primary); - /* We always want to have an active plane with an active CRTC */ - if (has_primary != new_state->enable) - return -EINVAL; + /* + * This is fine in general, but broken userspace might expect + * some actual rendering so give a clue as why it's blank. + */ + if (new_state->enable && !has_primary) + drm_dbg_driver(&vmw->drm, + "CRTC without a primary plane will be blank.\n"); if (new_state->connector_mask != connector_mask && -- 2.40.1

1 year, 5 months

3
2
0 0

[bug report] nvme not re-recognize when changed M.2 SSD in S3 mode

by Ricky WU

Hi All, Here is my PC info OS Name : Ubuntu 20.04.06 LTS OS Type : 64-bit Kernel version: 6.8.0 System sleep support: cat /sys/power/mem_sleep s2idle [deep] M.2 SSD1 : Kingston A2000 250GB M.2 SSD2 : Intel 760p 256GB I find some problem in S3 mode maybe S2idle has the same situation. The current situation is: Enter S3 mode I unplugged a correctly recognized Kingston A2000 250GB and switched it for a Intel 760p 256GB, when back to S0 there is also Kingston A2000 still installed. It did not call pciehp_ist(), pciehp_handle_presence_or_link_change() when back to S0, I don't know if this is the reason. Back to S3 lspci: ------------------------------------------------------------------------------------------------------------------------------------------- 00:00.0 Host bridge: Intel Corporation Device 3e0f (rev 07) 00:02.0 VGA compatible controller: Intel Corporation Device 3e90 00:12.0 Signal processing controller: Intel Corporation Cannon Lake PCH Thermal Controller (rev 10) 00:14.0 USB controller: Intel Corporation Cannon Lake PCH USB 3.1 xHCI Host Controller (rev 10) 00:14.2 RAM memory: Intel Corporation Cannon Lake PCH Shared SRAM (rev 10) 00:16.0 Communication controller: Intel Corporation Cannon Lake PCH HECI Controller (rev 10) 00:17.0 SATA controller: Intel Corporation Cannon Lake PCH SATA AHCI Controller (rev 10) 00:1b.0 PCI bridge: Intel Corporation Cannon Lake PCH PCI Express Root Port #21 (rev f0) 00:1c.0 PCI bridge: Intel Corporation Cannon Lake PCH PCI Express Root Port #5 (rev f0) 00:1d.0 PCI bridge: Intel Corporation Cannon Lake PCH PCI Express Root Port #9 (rev f0) 00:1d.3 PCI bridge: Intel Corporation Cannon Lake PCH PCI Express Root Port #12 (rev f0) 00:1f.0 ISA bridge: Intel Corporation H370 Chipset LPC/eSPI Controller (rev 10) 00:1f.3 Audio device: Intel Corporation Cannon Lake PCH cAVS (rev 10) 00:1f.4 SMBus: Intel Corporation Cannon Lake PCH SMBus Controller (rev 10) 00:1f.5 Serial bus controller [0c80]: Intel Corporation Cannon Lake PCH SPI Controller (rev 10) 00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (7) I219-V (rev 10) 04:00.0 Non-Volatile memory controller: Kingston Technology Company, Inc. Device 2263 (rev 03) ------------------------------------------------------------------------------------------------------------------------------------------- Dmesg Log as below(boot ->plug Kingston A2000->S3->change Kingston A2000 to Intel 760p->S0): [ 0.000000] Linux version 6.8.0 (root@cr-desktop) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #30 SMP PREEMPT_DYNAMIC Mon Apr 8 14:25:58 CST 2024 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.8.0 root=UUID=74fe52d0-e90f-4b0a-92f4-581b5fa98519 ro quiet splash resume=UUID=74fe52d0-e90f-4b0a-92f4-581b5fa98519 resume_offset=2172927 resumedelay=15 vt.handoff=7 [ 0.000000] KERNEL supported cpus: [ 0.000000] Intel GenuineIntel [ 0.000000] AMD AuthenticAMD [ 0.000000] Hygon HygonGenuine [ 0.000000] Centaur CentaurHauls [ 0.000000] zhaoxin Shanghai [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000005efff] usable [ 0.000000] BIOS-e820: [mem 0x000000000005f000-0x000000000005ffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000060000-0x000000000009ffff] usable [ 0.000000] BIOS-e820: [mem 0x00000000000a0000-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007c764fff] usable [ 0.000000] BIOS-e820: [mem 0x000000007c765000-0x000000007dfd0fff] reserved [ 0.000000] BIOS-e820: [mem 0x000000007dfd1000-0x000000007e04dfff] ACPI data [ 0.000000] BIOS-e820: [mem 0x000000007e04e000-0x000000007e526fff] ACPI NVS [ 0.000000] BIOS-e820: [mem 0x000000007e527000-0x000000007ed0dfff] reserved [ 0.000000] BIOS-e820: [mem 0x000000007ed0e000-0x000000007ed0efff] usable [ 0.000000] BIOS-e820: [mem 0x000000007ed0f000-0x000000008fffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000e0000000-0x00000000efffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fe000000-0x00000000fe010fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed00000-0x00000000fed03fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000016dffffff] usable [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] APIC: Static calls initialized [ 0.000000] e820: update [mem 0x67cec018-0x67cfc057] usable ==> usable [ 0.000000] e820: update [mem 0x67cec018-0x67cfc057] usable ==> usable [ 0.000000] e820: update [mem 0x67cdb018-0x67cebe57] usable ==> usable [ 0.000000] e820: update [mem 0x67cdb018-0x67cebe57] usable ==> usable [ 0.000000] extended physical RAM map: [ 0.000000] reserve setup_data: [mem 0x0000000000000000-0x000000000005efff] usable [ 0.000000] reserve setup_data: [mem 0x000000000005f000-0x000000000005ffff] reserved [ 0.000000] reserve setup_data: [mem 0x0000000000060000-0x000000000009ffff] usable [ 0.000000] reserve setup_data: [mem 0x00000000000a0000-0x00000000000fffff] reserved [ 0.000000] reserve setup_data: [mem 0x0000000000100000-0x0000000067cdb017] usable [ 0.000000] reserve setup_data: [mem 0x0000000067cdb018-0x0000000067cebe57] usable [ 0.000000] reserve setup_data: [mem 0x0000000067cebe58-0x0000000067cec017] usable [ 0.000000] reserve setup_data: [mem 0x0000000067cec018-0x0000000067cfc057] usable [ 0.000000] reserve setup_data: [mem 0x0000000067cfc058-0x000000007c764fff] usable [ 0.000000] reserve setup_data: [mem 0x000000007c765000-0x000000007dfd0fff] reserved [ 0.000000] reserve setup_data: [mem 0x000000007dfd1000-0x000000007e04dfff] ACPI data [ 0.000000] reserve setup_data: [mem 0x000000007e04e000-0x000000007e526fff] ACPI NVS [ 0.000000] reserve setup_data: [mem 0x000000007e527000-0x000000007ed0dfff] reserved [ 0.000000] reserve setup_data: [mem 0x000000007ed0e000-0x000000007ed0efff] usable [ 0.000000] reserve setup_data: [mem 0x000000007ed0f000-0x000000008fffffff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000e0000000-0x00000000efffffff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000fe000000-0x00000000fe010fff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000fec00000-0x00000000fec00fff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000fed00000-0x00000000fed03fff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000fee00000-0x00000000fee00fff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000ff000000-0x00000000ffffffff] reserved [ 0.000000] reserve setup_data: [mem 0x0000000100000000-0x000000016dffffff] usable [ 0.000000] efi: EFI v2.7 by American Megatrends [ 0.000000] efi: ACPI 2.0=0x7e468000 ACPI=0x7e468000 TPMFinalLog=0x7e4d1000 SMBIOS=0x7ea7a000 SMBIOS 3.0=0x7ea79000 MEMATTR=0x79559098 ESRT=0x7adddd18 MOKvar=0x7ea92000 RNG=0x7e04d018 TPMEventLog=0x67cfd018 [ 0.000000] random: crng init done [ 0.000000] efi: Remove mem44: MMIO range=[0xe0000000-0xefffffff] (256MB) from e820 map [ 0.000000] e820: remove [mem 0xe0000000-0xefffffff] reserved [ 0.000000] efi: Not removing mem45: MMIO range=[0xfe000000-0xfe010fff] (68KB) from e820 map [ 0.000000] efi: Not removing mem46: MMIO range=[0xfec00000-0xfec00fff] (4KB) from e820 map [ 0.000000] efi: Not removing mem47: MMIO range=[0xfed00000-0xfed03fff] (16KB) from e820 map [ 0.000000] efi: Not removing mem48: MMIO range=[0xfee00000-0xfee00fff] (4KB) from e820 map [ 0.000000] efi: Remove mem49: MMIO range=[0xff000000-0xffffffff] (16MB) from e820 map [ 0.000000] e820: remove [mem 0xff000000-0xffffffff] reserved [ 0.000000] SMBIOS 3.1.1 present. [ 0.000000] DMI: To Be Filled By O.E.M. To Be Filled By O.E.M./H370M Pro4, BIOS P3.40 10/25/2018 [ 0.000000] tsc: Detected 3700.000 MHz processor [ 0.000000] tsc: Detected 3699.850 MHz TSC [ 0.000569] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved [ 0.000572] e820: remove [mem 0x000a0000-0x000fffff] usable [ 0.000578] last_pfn = 0x16e000 max_arch_pfn = 0x400000000 [ 0.000582] MTRR map: 5 entries (3 fixed + 2 variable; max 23), built from 10 variable MTRRs [ 0.000584] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.000964] last_pfn = 0x7ed0f max_arch_pfn = 0x400000000 [ 0.006982] found SMP MP-table at [mem 0x000fcd40-0x000fcd4f] [ 0.006992] esrt: Reserving ESRT space from 0x000000007adddd18 to 0x000000007adddd50. [ 0.006997] e820: update [mem 0x7addd000-0x7adddfff] usable ==> reserved [ 0.007010] Using GB pages for direct mapping [ 0.007366] Secure boot disabled [ 0.007366] RAMDISK: [mem 0x67d08000-0x70f30fff] [ 0.007370] ACPI: Early table checksum verification disabled [ 0.007373] ACPI: RSDP 0x000000007E468000 000024 (v02 ALASKA) [ 0.007376] ACPI: XSDT 0x000000007E4680B0 0000DC (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007381] ACPI: FACP 0x000000007E4A7808 000114 (v06 ALASKA A M I 01072009 AMI 00010013) [ 0.007386] ACPI: DSDT 0x000000007E468220 03F5E6 (v02 ALASKA A M I 01072009 INTL 20160527) [ 0.007389] ACPI: FACS 0x000000007E526080 000040 [ 0.007391] ACPI: APIC 0x000000007E4A7920 000084 (v04 ALASKA A M I 01072009 AMI 00010013) [ 0.007394] ACPI: FPDT 0x000000007E4A79A8 000044 (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007397] ACPI: FIDT 0x000000007E4A79F0 00009C (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007399] ACPI: MCFG 0x000000007E4A7A90 00003C (v01 ALASKA A M I 01072009 MSFT 00000097) [ 0.007402] ACPI: SSDT 0x000000007E4A7AD0 000378 (v01 SataRe SataTabl 00001000 INTL 20160527) [ 0.007405] ACPI: SSDT 0x000000007E4A7E48 001B1C (v02 CpuRef CpuSsdt 00003000 INTL 20160527) [ 0.007407] ACPI: AAFT 0x000000007E4A9968 00023D (v01 ALASKA OEMAAFT 01072009 MSFT 00000097) [ 0.007410] ACPI: SSDT 0x000000007E4A9BA8 0031C6 (v02 SaSsdt SaSsdt 00003000 INTL 20160527) [ 0.007413] ACPI: HPET 0x000000007E4ACD70 000038 (v01 ALASKA A M I 00000002 01000013) [ 0.007416] ACPI: SSDT 0x000000007E4ACDA8 001C01 (v02 ALASKA CflS_Rvp 00001000 INTL 20160527) [ 0.007418] ACPI: SSDT 0x000000007E4AE9B0 002950 (v02 INTEL xh_cfsd4 00000000 INTL 20160527) [ 0.007421] ACPI: UEFI 0x000000007E4B1300 000042 (v01 ALASKA A M I 00000002 01000013) [ 0.007424] ACPI: LPIT 0x000000007E4B1348 00005C (v01 ALASKA A M I 00000002 01000013) [ 0.007426] ACPI: SSDT 0x000000007E4B13A8 0014E2 (v02 ALASKA TbtTypeC 00000000 INTL 20160527) [ 0.007429] ACPI: DBGP 0x000000007E4B2890 000034 (v01 ALASKA A M I 00000002 01000013) [ 0.007432] ACPI: DBG2 0x000000007E4B28C8 000054 (v00 ALASKA A M I 00000002 01000013) [ 0.007434] ACPI: SSDT 0x000000007E4B2920 001B67 (v02 ALASKA UsbCTabl 00001000 INTL 20160527) [ 0.007437] ACPI: SSDT 0x000000007E4B4488 000144 (v02 Intel ADebTabl 00001000 INTL 20160527) [ 0.007439] ACPI: DMAR 0x000000007E4B45D0 0000A8 (v01 INTEL EDK2 00000002 01000013) [ 0.007442] ACPI: BGRT 0x000000007E4B4678 000038 (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007445] ACPI: TPM2 0x000000007E4B46B0 000034 (v04 ALASKA A M I 00000001 AMI 00000000) [ 0.007447] ACPI: WSMT 0x000000007E4B46E8 000028 (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007450] ACPI: Reserving FACP table memory at [mem 0x7e4a7808-0x7e4a791b] [ 0.007451] ACPI: Reserving DSDT table memory at [mem 0x7e468220-0x7e4a7805] [ 0.007452] ACPI: Reserving FACS table memory at [mem 0x7e526080-0x7e5260bf] [ 0.007452] ACPI: Reserving APIC table memory at [mem 0x7e4a7920-0x7e4a79a3] [ 0.007453] ACPI: Reserving FPDT table memory at [mem 0x7e4a79a8-0x7e4a79eb] [ 0.007454] ACPI: Reserving FIDT table memory at [mem 0x7e4a79f0-0x7e4a7a8b] [ 0.007454] ACPI: Reserving MCFG table memory at [mem 0x7e4a7a90-0x7e4a7acb] [ 0.007455] ACPI: Reserving SSDT table memory at [mem 0x7e4a7ad0-0x7e4a7e47] [ 0.007456] ACPI: Reserving SSDT table memory at [mem 0x7e4a7e48-0x7e4a9963] [ 0.007456] ACPI: Reserving AAFT table memory at [mem 0x7e4a9968-0x7e4a9ba4] [ 0.007457] ACPI: Reserving SSDT table memory at [mem 0x7e4a9ba8-0x7e4acd6d] [ 0.007458] ACPI: Reserving HPET table memory at [mem 0x7e4acd70-0x7e4acda7] [ 0.007458] ACPI: Reserving SSDT table memory at [mem 0x7e4acda8-0x7e4ae9a8] [ 0.007459] ACPI: Reserving SSDT table memory at [mem 0x7e4ae9b0-0x7e4b12ff] [ 0.007460] ACPI: Reserving UEFI table memory at [mem 0x7e4b1300-0x7e4b1341] [ 0.007460] ACPI: Reserving LPIT table memory at [mem 0x7e4b1348-0x7e4b13a3] [ 0.007461] ACPI: Reserving SSDT table memory at [mem 0x7e4b13a8-0x7e4b2889] [ 0.007462] ACPI: Reserving DBGP table memory at [mem 0x7e4b2890-0x7e4b28c3] [ 0.007462] ACPI: Reserving DBG2 table memory at [mem 0x7e4b28c8-0x7e4b291b] [ 0.007463] ACPI: Reserving SSDT table memory at [mem 0x7e4b2920-0x7e4b4486] [ 0.007464] ACPI: Reserving SSDT table memory at [mem 0x7e4b4488-0x7e4b45cb] [ 0.007464] ACPI: Reserving DMAR table memory at [mem 0x7e4b45d0-0x7e4b4677] [ 0.007465] ACPI: Reserving BGRT table memory at [mem 0x7e4b4678-0x7e4b46af] [ 0.007466] ACPI: Reserving TPM2 table memory at [mem 0x7e4b46b0-0x7e4b46e3] [ 0.007466] ACPI: Reserving WSMT table memory at [mem 0x7e4b46e8-0x7e4b470f] [ 0.007743] No NUMA configuration found [ 0.007744] Faking a node at [mem 0x0000000000000000-0x000000016dffffff] [ 0.007751] NODE_DATA(0) allocated [mem 0x16dfd5000-0x16dffffff] [ 0.007886] Zone ranges: [ 0.007887] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.007888] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.007890] Normal [mem 0x0000000100000000-0x000000016dffffff] [ 0.007891] Device empty [ 0.007892] Movable zone start for each node [ 0.007894] Early memory node ranges [ 0.007894] node 0: [mem 0x0000000000001000-0x000000000005efff] [ 0.007896] node 0: [mem 0x0000000000060000-0x000000000009ffff] [ 0.007896] node 0: [mem 0x0000000000100000-0x000000007c764fff] [ 0.007897] node 0: [mem 0x000000007ed0e000-0x000000007ed0efff] [ 0.007898] node 0: [mem 0x0000000100000000-0x000000016dffffff] [ 0.007899] Initmem setup node 0 [mem 0x0000000000001000-0x000000016dffffff] [ 0.007902] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.007903] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.007923] On node 0, zone DMA: 96 pages in unavailable ranges [ 0.012542] On node 0, zone DMA32: 9641 pages in unavailable ranges [ 0.016729] On node 0, zone Normal: 4849 pages in unavailable ranges [ 0.016857] On node 0, zone Normal: 8192 pages in unavailable ranges [ 0.016875] Reserving Intel graphics memory at [mem 0x80000000-0x8fffffff] [ 0.017335] ACPI: PM-Timer IO Port: 0x1808 [ 0.017341] ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1]) [ 0.017342] ACPI: LAPIC_NMI (acpi_id[0x02] high edge lint[0x1]) [ 0.017343] ACPI: LAPIC_NMI (acpi_id[0x03] high edge lint[0x1]) [ 0.017344] ACPI: LAPIC_NMI (acpi_id[0x04] high edge lint[0x1]) [ 0.017405] IOAPIC[0]: apic_id 2, version 32, address 0xfec00000, GSI 0-119 [ 0.017407] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) [ 0.017409] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 0.017413] ACPI: Using ACPI (MADT) for SMP configuration information [ 0.017414] ACPI: HPET id: 0x8086a201 base: 0xfed00000 [ 0.017419] e820: update [mem 0x78a53000-0x78a93fff] usable ==> reserved [ 0.017429] TSC deadline timer available [ 0.017430] smpboot: Allowing 4 CPUs, 0 hotplug CPUs [ 0.017441] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.017443] PM: hibernation: Registered nosave memory: [mem 0x0005f000-0x0005ffff] [ 0.017444] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000fffff] [ 0.017445] PM: hibernation: Registered nosave memory: [mem 0x67cdb000-0x67cdbfff] [ 0.017447] PM: hibernation: Registered nosave memory: [mem 0x67ceb000-0x67cebfff] [ 0.017447] PM: hibernation: Registered nosave memory: [mem 0x67cec000-0x67cecfff] [ 0.017449] PM: hibernation: Registered nosave memory: [mem 0x67cfc000-0x67cfcfff] [ 0.017450] PM: hibernation: Registered nosave memory: [mem 0x78a53000-0x78a93fff] [ 0.017451] PM: hibernation: Registered nosave memory: [mem 0x7addd000-0x7adddfff] [ 0.017452] PM: hibernation: Registered nosave memory: [mem 0x7c765000-0x7dfd0fff] [ 0.017453] PM: hibernation: Registered nosave memory: [mem 0x7dfd1000-0x7e04dfff] [ 0.017454] PM: hibernation: Registered nosave memory: [mem 0x7e04e000-0x7e526fff] [ 0.017454] PM: hibernation: Registered nosave memory: [mem 0x7e527000-0x7ed0dfff] [ 0.017455] PM: hibernation: Registered nosave memory: [mem 0x7ed0f000-0x8fffffff] [ 0.017456] PM: hibernation: Registered nosave memory: [mem 0x90000000-0xfdffffff] [ 0.017457] PM: hibernation: Registered nosave memory: [mem 0xfe000000-0xfe010fff] [ 0.017457] PM: hibernation: Registered nosave memory: [mem 0xfe011000-0xfebfffff] [ 0.017458] PM: hibernation: Registered nosave memory: [mem 0xfec00000-0xfec00fff] [ 0.017458] PM: hibernation: Registered nosave memory: [mem 0xfec01000-0xfecfffff] [ 0.017459] PM: hibernation: Registered nosave memory: [mem 0xfed00000-0xfed03fff] [ 0.017459] PM: hibernation: Registered nosave memory: [mem 0xfed04000-0xfedfffff] [ 0.017460] PM: hibernation: Registered nosave memory: [mem 0xfee00000-0xfee00fff] [ 0.017460] PM: hibernation: Registered nosave memory: [mem 0xfee01000-0xffffffff] [ 0.017462] [mem 0x90000000-0xfdffffff] available for PCI devices [ 0.017463] Booting paravirtualized kernel on bare hardware [ 0.017465] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns [ 0.017470] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:4 nr_cpu_ids:4 nr_node_ids:1 [ 0.017929] percpu: Embedded 64 pages/cpu s225280 r8192 d28672 u524288 [ 0.017934] pcpu-alloc: s225280 r8192 d28672 u524288 alloc=1*2097152 [ 0.017936] pcpu-alloc: [0] 0 1 2 3 [ 0.017953] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.8.0 root=UUID=74fe52d0-e90f-4b0a-92f4-581b5fa98519 ro quiet splash resume=UUID=74fe52d0-e90f-4b0a-92f4-581b5fa98519 resume_offset=2172927 resumedelay=15 vt.handoff=7 [ 0.018044] Unknown kernel command line parameters "splash BOOT_IMAGE=/boot/vmlinuz-6.8.0", will be passed to user space. [ 0.018648] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear) [ 0.018930] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear) [ 0.018995] Fallback order for Node 0: 0 [ 0.018998] Built 1 zonelists, mobility grouping on. Total pages: 945096 [ 0.018999] Policy zone: Normal [ 0.019003] mem auto-init: stack:off, heap alloc:on, heap free:off [ 0.019010] software IO TLB: area num 4. [ 0.048669] Memory: 3464128K/3841040K available (18432K kernel code, 3225K rwdata, 7212K rodata, 4580K init, 4312K bss, 376652K reserved, 0K cma-reserved) [ 0.048874] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1 [ 0.048885] Kernel/User page tables isolation: enabled [ 0.048912] ftrace: allocating 53981 entries in 211 pages [ 0.056577] ftrace: allocated 211 pages with 5 groups [ 0.057207] Dynamic Preempt: voluntary [ 0.057236] rcu: Preemptible hierarchical RCU implementation. [ 0.057237] rcu: RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=4. [ 0.057238] Trampoline variant of Tasks RCU enabled. [ 0.057239] Rude variant of Tasks RCU enabled. [ 0.057239] Tracing variant of Tasks RCU enabled. [ 0.057239] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. [ 0.057240] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4 [ 0.059780] NR_IRQS: 524544, nr_irqs: 1024, preallocated irqs: 16 [ 0.060068] rcu: srcu_init: Setting srcu_struct sizes based on contention. [ 0.060424] Console: colour dummy device 80x25 [ 0.060426] printk: legacy console [tty0] enabled [ 0.060464] ACPI: Core revision 20230628 [ 0.060875] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 79635855245 ns [ 0.061032] APIC: Switch to symmetric I/O mode setup [ 0.061034] DMAR: Host address width 39 [ 0.061035] DMAR: DRHD base: 0x000000fed90000 flags: 0x0 [ 0.061040] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap 1c0000c40660462 ecap 19e2ff0505e [ 0.061042] DMAR: DRHD base: 0x000000fed91000 flags: 0x1 [ 0.061045] DMAR: dmar1: reg_base_addr fed91000 ver 1:0 cap d2008c40660462 ecap f050da [ 0.061047] DMAR: RMRR base: 0x0000007e809000 end: 0x0000007ea52fff [ 0.061048] DMAR: RMRR base: 0x0000007f800000 end: 0x0000008fffffff [ 0.061050] DMAR-IR: IOAPIC id 2 under DRHD base 0xfed91000 IOMMU 1 [ 0.061051] DMAR-IR: HPET id 0 under DRHD base 0xfed91000 [ 0.061051] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping. [ 0.064470] DMAR-IR: Enabled IRQ remapping in x2apic mode [ 0.064472] x2apic enabled [ 0.064535] APIC: Switched APIC routing to: cluster x2apic [ 0.073916] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1 [ 0.092939] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x6aa99074b1c, max_idle_ns: 881590506587 ns [ 0.092944] Calibrating delay loop (skipped), value calculated using timer frequency.. 7399.70 BogoMIPS (lpj=14799400) [ 0.092963] x86/cpu: SGX disabled by BIOS. [ 0.092969] CPU0: Thermal monitoring enabled (TM1) [ 0.093005] process: using mwait in idle threads [ 0.093007] Last level iTLB entries: 4KB 64, 2MB 8, 4MB 8 [ 0.093008] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0, 1GB 4 [ 0.093011] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 0.093013] Spectre V2 : Mitigation: IBRS [ 0.093014] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch [ 0.093015] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT [ 0.093015] RETBleed: Mitigation: IBRS [ 0.093017] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier [ 0.093018] Spectre V2 : User space: Mitigation: STIBP via prctl [ 0.093019] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl [ 0.093024] MDS: Mitigation: Clear CPU buffers [ 0.093025] MMIO Stale Data: Mitigation: Clear CPU buffers [ 0.093029] SRBDS: Mitigation: Microcode [ 0.093034] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.093035] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.093036] x86/fpu: Supporting XSAVE feature 0x008: 'MPX bounds registers' [ 0.093037] x86/fpu: Supporting XSAVE feature 0x010: 'MPX CSR' [ 0.093039] x86/fpu: xstate_offset[3]: 576, xstate_sizes[3]: 64 [ 0.093040] x86/fpu: xstate_offset[4]: 640, xstate_sizes[4]: 64 [ 0.093041] x86/fpu: Enabled xstate features 0x1b, context size is 704 bytes, using 'compacted' format. [ 0.121725] Freeing SMP alternatives memory: 44K [ 0.121729] pid_max: default: 32768 minimum: 301 [ 0.124293] LSM: initializing lsm=lockdown,capability,yama,apparmor,integrity [ 0.124307] Yama: becoming mindful. [ 0.124340] AppArmor: AppArmor initialized [ 0.124372] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 0.124378] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 0.124847] smpboot: CPU0: Intel(R) Pentium(R) Gold G5400 CPU @ 3.70GHz (family: 0x6, model: 0x9e, stepping: 0xa) [ 0.124941] RCU Tasks: Setting shift to 2 and lim to 1 rcu_task_cb_adjust=1. [ 0.124941] RCU Tasks Rude: Setting shift to 2 and lim to 1 rcu_task_cb_adjust=1. [ 0.124941] RCU Tasks Trace: Setting shift to 2 and lim to 1 rcu_task_cb_adjust=1. [ 0.124941] Performance Events: PEBS fmt3+, Skylake events, 32-deep LBR, full-width counters, Intel PMU driver. [ 0.124941] ... version: 4 [ 0.124941] ... bit width: 48 [ 0.124941] ... generic registers: 4 [ 0.124941] ... value mask: 0000ffffffffffff [ 0.124941] ... max period: 00007fffffffffff [ 0.124941] ... fixed-purpose events: 3 [ 0.124941] ... event mask: 000000070000000f [ 0.124941] signal: max sigframe size: 2032 [ 0.124941] Estimated ratio of average max frequency by base frequency (times 1024): 1024 [ 0.124941] rcu: Hierarchical SRCU implementation. [ 0.124941] rcu: Max phase no-delay instances is 1000. [ 0.124941] NMI watchdog: Enabled. Permanently consumes one hw-PMU counter. [ 0.124941] smp: Bringing up secondary CPUs ... [ 0.124941] smpboot: x86: Booting SMP configuration: [ 0.124941] .... node #0, CPUs: #1 #2 #3 [ 0.125036] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. [ 0.125036] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_s… for more details. [ 0.125036] smp: Brought up 1 node, 4 CPUs [ 0.125036] smpboot: Max logical packages: 1 [ 0.125036] smpboot: Total of 4 processors activated (29598.80 BogoMIPS) [ 0.126698] devtmpfs: initialized [ 0.126698] x86/mm: Memory block size: 128MB [ 0.126698] ACPI: PM: Registering ACPI NVS region [mem 0x7e04e000-0x7e526fff] (5083136 bytes) [ 0.126698] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns [ 0.126698] futex hash table entries: 1024 (order: 4, 65536 bytes, linear) [ 0.126698] pinctrl core: initialized pinctrl subsystem [ 0.126698] PM: RTC time: 20:41:21, date: 2024-04-08 [ 0.126698] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 0.126698] DMA: preallocated 512 KiB GFP_KERNEL pool for atomic allocations [ 0.126698] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations [ 0.128994] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations [ 0.129014] audit: initializing netlink subsys (disabled) [ 0.129023] audit: type=2000 audit(1712608881.060:1): state=initialized audit_enabled=0 res=1 [ 0.129066] thermal_sys: Registered thermal governor 'fair_share' [ 0.129067] thermal_sys: Registered thermal governor 'bang_bang' [ 0.129068] thermal_sys: Registered thermal governor 'step_wise' [ 0.129069] thermal_sys: Registered thermal governor 'user_space' [ 0.129070] thermal_sys: Registered thermal governor 'power_allocator' [ 0.129076] EISA bus registered [ 0.129085] cpuidle: using governor ladder [ 0.129089] cpuidle: using governor menu [ 0.129023] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5 [ 0.129121] PCI: ECAM [mem 0xe0000000-0xefffffff] (base 0xe0000000) for domain 0000 [bus 00-ff] [ 0.129125] PCI: not using ECAM ([mem 0xe0000000-0xefffffff] not reserved) [ 0.129127] PCI: Using configuration type 1 for base access [ 0.129243] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible. [ 0.129243] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages [ 0.129243] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page [ 0.129243] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages [ 0.129243] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page [ 0.129243] fbcon: Taking over console [ 0.129243] ACPI: Added _OSI(Module Device) [ 0.129243] ACPI: Added _OSI(Processor Device) [ 0.129243] ACPI: Added _OSI(3.0 _SCP Extensions) [ 0.129243] ACPI: Added _OSI(Processor Aggregator Device) [ 0.204834] ACPI: 9 ACPI AML tables successfully acquired and loaded [ 0.217305] ACPI: Dynamic OEM Table Load: [ 0.217312] ACPI: SSDT 0xFFFF8F8D802FD000 000400 (v02 PmRef Cpu0Cst 00003001 INTL 20160527) [ 0.219074] ACPI: Dynamic OEM Table Load: [ 0.219079] ACPI: SSDT 0xFFFF8F8D80CBB000 0006CB (v02 PmRef Cpu0Ist 00003000 INTL 20160527) [ 0.220930] ACPI: Dynamic OEM Table Load: [ 0.220934] ACPI: SSDT 0xFFFF8F8D80D51100 0000F4 (v02 PmRef Cpu0Psd 00003000 INTL 20160527) [ 0.222906] ACPI: Dynamic OEM Table Load: [ 0.222912] ACPI: SSDT 0xFFFF8F8D80CBD000 0005FC (v02 PmRef ApIst 00003000 INTL 20160527) [ 0.224911] ACPI: Dynamic OEM Table Load: [ 0.224918] ACPI: SSDT 0xFFFF8F8D80164000 000AB0 (v02 PmRef ApPsd 00003000 INTL 20160527) [ 0.227368] ACPI: Dynamic OEM Table Load: [ 0.227373] ACPI: SSDT 0xFFFF8F8D802FC400 00030A (v02 PmRef ApCst 00003000 INTL 20160527) [ 0.231078] ACPI: _OSC evaluated successfully for all CPUs [ 0.232407] ACPI: Interpreter enabled [ 0.232441] ACPI: PM: (supports S0 S3 S4 S5) [ 0.232443] ACPI: Using IOAPIC for interrupt routing [ 0.232557] PCI: ECAM [mem 0xe0000000-0xefffffff] (base 0xe0000000) for domain 0000 [bus 00-ff] [ 0.234390] PCI: ECAM [mem 0xe0000000-0xefffffff] reserved as ACPI motherboard resource [ 0.234401] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 0.234402] PCI: Using E820 reservations for host bridge windows [ 0.235868] ACPI: Enabled 9 GPEs in block 00 to 7F [ 0.253437] ACPI: \_SB_.PCI0.XDCI.USBC: New power resource [ 0.253626] ACPI: \_SB_.PCI0.PAUD: New power resource [ 0.257492] ACPI: \SPR2: New power resource [ 0.257844] ACPI: \_SB_.PCI0.SAT0.VOL0.V0PR: New power resource [ 0.258294] ACPI: \_SB_.PCI0.SAT0.VOL1.V1PR: New power resource [ 0.258734] ACPI: \_SB_.PCI0.SAT0.VOL2.V2PR: New power resource [ 0.265560] ACPI: \_SB_.PCI0.I2C1.PXTC: New power resource [ 0.273523] ACPI: \_SB_.PCI0.CNVW.WRST: New power resource [ 0.280011] ACPI: \PIN_: New power resource [ 0.280212] ACPI: \SPR0: New power resource [ 0.280276] ACPI: \SPR1: New power resource [ 0.280338] ACPI: \SPR3: New power resource [ 0.280403] ACPI: \SPR5: New power resource [ 0.280755] ACPI: \ZPDR: New power resource [ 0.281265] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-fe]) [ 0.281271] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3] [ 0.284463] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug SHPCHotplug PME AER PCIeCapability LTR] [ 0.285976] PCI host bridge to bus 0000:00 [ 0.285978] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] [ 0.285980] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 0.285981] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] [ 0.285983] pci_bus 0000:00: root bus resource [mem 0x90000000-0xdfffffff window] [ 0.285984] pci_bus 0000:00: root bus resource [mem 0xfc800000-0xfe7fffff window] [ 0.285986] pci_bus 0000:00: root bus resource [bus 00-fe] [ 0.286079] pci 0000:00:00.0: [8086:3e0f] type 00 class 0x060000 conventional PCI endpoint [ 0.286170] pci 0000:00:02.0: [8086:3e90] type 00 class 0x030000 PCIe Root Complex Integrated Endpoint [ 0.286178] pci 0000:00:02.0: BAR 0 [mem 0xa2000000-0xa2ffffff 64bit] [ 0.286183] pci 0000:00:02.0: BAR 2 [mem 0x90000000-0x9fffffff 64bit pref] [ 0.286187] pci 0000:00:02.0: BAR 4 [io 0x6000-0x603f] [ 0.286200] pci 0000:00:02.0: BAR 2: assigned to efifb [ 0.286203] pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] [ 0.286575] pci 0000:00:12.0: [8086:a379] type 00 class 0x118000 conventional PCI endpoint [ 0.286601] pci 0000:00:12.0: BAR 0 [mem 0xa4f3d000-0xa4f3dfff 64bit] [ 0.286830] pci 0000:00:14.0: [8086:a36d] type 00 class 0x0c0330 conventional PCI endpoint [ 0.286857] pci 0000:00:14.0: BAR 0 [mem 0xa4f20000-0xa4f2ffff 64bit] [ 0.286959] pci 0000:00:14.0: PME# supported from D3hot D3cold [ 0.288441] pci 0000:00:14.2: [8086:a36f] type 00 class 0x050000 conventional PCI endpoint [ 0.288464] pci 0000:00:14.2: BAR 0 [mem 0xa4f36000-0xa4f37fff 64bit] [ 0.288479] pci 0000:00:14.2: BAR 2 [mem 0xa4f3c000-0xa4f3cfff 64bit] [ 0.288655] pci 0000:00:16.0: [8086:a360] type 00 class 0x078000 conventional PCI endpoint [ 0.288679] pci 0000:00:16.0: BAR 0 [mem 0xa4f3b000-0xa4f3bfff 64bit] [ 0.288766] pci 0000:00:16.0: PME# supported from D3hot [ 0.289286] pci 0000:00:17.0: [8086:a352] type 00 class 0x010601 conventional PCI endpoint [ 0.289307] pci 0000:00:17.0: BAR 0 [mem 0xa4f34000-0xa4f35fff] [ 0.289319] pci 0000:00:17.0: BAR 1 [mem 0xa4f3a000-0xa4f3a0ff] [ 0.289330] pci 0000:00:17.0: BAR 2 [io 0x6090-0x6097] [ 0.289341] pci 0000:00:17.0: BAR 3 [io 0x6080-0x6083] [ 0.289353] pci 0000:00:17.0: BAR 4 [io 0x6060-0x607f] [ 0.289364] pci 0000:00:17.0: BAR 5 [mem 0xa4f39000-0xa4f397ff] [ 0.289427] pci 0000:00:17.0: PME# supported from D3hot [ 0.289970] pci 0000:00:1b.0: [8086:a32c] type 01 class 0x060400 PCIe Root Port [ 0.290013] pci 0000:00:1b.0: PCI bridge to [bus 01] [ 0.290019] pci 0000:00:1b.0: bridge window [io 0x5000-0x5fff] [ 0.290023] pci 0000:00:1b.0: bridge window [mem 0xa4500000-0xa4efffff] [ 0.290038] pci 0000:00:1b.0: bridge window [mem 0xa1400000-0xa1dfffff 64bit pref] [ 0.290141] pci 0000:00:1b.0: PME# supported from D0 D3hot D3cold [ 0.290178] pci 0000:00:1b.0: PTM enabled (root), 4ns granularity [ 0.290913] pci 0000:00:1c.0: [8086:a33c] type 01 class 0x060400 PCIe Root Port [ 0.290956] pci 0000:00:1c.0: PCI bridge to [bus 02] [ 0.290962] pci 0000:00:1c.0: bridge window [io 0x4000-0x4fff] [ 0.290966] pci 0000:00:1c.0: bridge window [mem 0xa3b00000-0xa44fffff] [ 0.290980] pci 0000:00:1c.0: bridge window [mem 0xa0a00000-0xa13fffff 64bit pref] [ 0.291084] pci 0000:00:1c.0: PME# supported from D0 D3hot D3cold [ 0.291127] pci 0000:00:1c.0: PTM enabled (root), 4ns granularity [ 0.291874] pci 0000:00:1d.0: [8086:a330] type 01 class 0x060400 PCIe Root Port [ 0.291915] pci 0000:00:1d.0: PCI bridge to [bus 03] [ 0.292021] pci 0000:00:1d.0: PME# supported from D0 D3hot D3cold [ 0.292724] pci 0000:00:1d.3: [8086:a333] type 01 class 0x060400 PCIe Root Port [ 0.292767] pci 0000:00:1d.3: PCI bridge to [bus 04] [ 0.292773] pci 0000:00:1d.3: bridge window [io 0x3000-0x3fff] [ 0.292777] pci 0000:00:1d.3: bridge window [mem 0xa3100000-0xa3afffff] [ 0.292791] pci 0000:00:1d.3: bridge window [mem 0xa0000000-0xa09fffff 64bit pref] [ 0.292902] pci 0000:00:1d.3: PME# supported from D0 D3hot D3cold [ 0.292950] pci 0000:00:1d.3: PTM enabled (root), 4ns granularity [ 0.293667] pci 0000:00:1f.0: [8086:a304] type 00 class 0x060100 conventional PCI endpoint [ 0.294210] pci 0000:00:1f.3: [8086:a348] type 00 class 0x040300 conventional PCI endpoint [ 0.294270] pci 0000:00:1f.3: BAR 0 [mem 0xa4f30000-0xa4f33fff 64bit] [ 0.294354] pci 0000:00:1f.3: BAR 4 [mem 0xa3000000-0xa30fffff 64bit] [ 0.294494] pci 0000:00:1f.3: PME# supported from D3hot D3cold [ 0.297344] pci 0000:00:1f.4: [8086:a323] type 00 class 0x0c0500 conventional PCI endpoint [ 0.297388] pci 0000:00:1f.4: BAR 0 [mem 0xa4f38000-0xa4f380ff 64bit] [ 0.297440] pci 0000:00:1f.4: BAR 4 [io 0xefa0-0xefbf] [ 0.297782] pci 0000:00:1f.5: [8086:a324] type 00 class 0x0c8000 conventional PCI endpoint [ 0.297802] pci 0000:00:1f.5: BAR 0 [mem 0xfe010000-0xfe010fff] [ 0.297972] pci 0000:00:1f.6: [8086:15bc] type 00 class 0x020000 conventional PCI endpoint [ 0.298017] pci 0000:00:1f.6: BAR 0 [mem 0xa4f00000-0xa4f1ffff] [ 0.298251] pci 0000:00:1f.6: PME# supported from D0 D3hot D3cold [ 0.298447] pci 0000:00:1b.0: PCI bridge to [bus 01] [ 0.298557] pci 0000:00:1c.0: PCI bridge to [bus 02] [ 0.298666] acpiphp: Slot [1] registered [ 0.298679] pci 0000:00:1d.0: PCI bridge to [bus 03] [ 0.298786] pci 0000:00:1d.3: PCI bridge to [bus 04] [ 0.300193] ACPI: PCI: Interrupt link LNKA configured for IRQ 0 [ 0.300279] ACPI: PCI: Interrupt link LNKB configured for IRQ 1 [ 0.300362] ACPI: PCI: Interrupt link LNKC configured for IRQ 0 [ 0.300445] ACPI: PCI: Interrupt link LNKD configured for IRQ 0 [ 0.300528] ACPI: PCI: Interrupt link LNKE configured for IRQ 0 [ 0.300610] ACPI: PCI: Interrupt link LNKF configured for IRQ 0 [ 0.300693] ACPI: PCI: Interrupt link LNKG configured for IRQ 0 [ 0.300775] ACPI: PCI: Interrupt link LNKH configured for IRQ 0 [ 0.307402] iommu: Default domain type: Translated [ 0.307402] iommu: DMA domain TLB invalidation policy: lazy mode [ 0.307402] SCSI subsystem initialized [ 0.307402] libata version 3.00 loaded. [ 0.307402] ACPI: bus type USB registered [ 0.307402] usbcore: registered new interface driver usbfs [ 0.307402] usbcore: registered new interface driver hub [ 0.307402] usbcore: registered new device driver usb [ 0.307402] pps_core: LinuxPPS API ver. 1 registered [ 0.307402] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti(a)linux.it> [ 0.307402] PTP clock support registered [ 0.307402] EDAC MC: Ver: 3.0.0 [ 0.307402] efivars: Registered efivars operations [ 0.307402] NetLabel: Initializing [ 0.307402] NetLabel: domain hash size = 128 [ 0.307402] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO [ 0.307402] NetLabel: unlabeled traffic allowed by default [ 0.307402] PCI: Using ACPI for IRQ routing [ 0.387885] PCI: pci_cache_line_size set to 64 bytes [ 0.387962] e820: reserve RAM buffer [mem 0x0005f000-0x0005ffff] [ 0.387964] e820: reserve RAM buffer [mem 0x67cdb018-0x67ffffff] [ 0.387965] e820: reserve RAM buffer [mem 0x67cec018-0x67ffffff] [ 0.387966] e820: reserve RAM buffer [mem 0x78a53000-0x7bffffff] [ 0.387967] e820: reserve RAM buffer [mem 0x7addd000-0x7bffffff] [ 0.387968] e820: reserve RAM buffer [mem 0x7c765000-0x7fffffff] [ 0.387969] e820: reserve RAM buffer [mem 0x7ed0f000-0x7fffffff] [ 0.387970] e820: reserve RAM buffer [mem 0x16e000000-0x16fffffff] [ 0.388946] pci 0000:00:02.0: vgaarb: setting as boot VGA device [ 0.388948] pci 0000:00:02.0: vgaarb: bridge control possible [ 0.388949] pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none [ 0.388953] vgaarb: loaded [ 0.389019] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0, 0, 0, 0, 0, 0 [ 0.389026] hpet0: 8 comparators, 64-bit 24.000000 MHz counter [ 0.392953] clocksource: Switched to clocksource tsc-early [ 0.392953] VFS: Disk quotas dquot_6.6.0 [ 0.392953] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 0.392953] AppArmor: AppArmor Filesystem Enabled [ 0.392953] pnp: PnP ACPI init [ 0.392953] system 00:00: [io 0x0280-0x028f] has been reserved [ 0.392953] system 00:00: [io 0x0290-0x029f] has been reserved [ 0.392953] system 00:00: [io 0x02a0-0x02af] has been reserved [ 0.392953] system 00:00: [io 0x02b0-0x02bf] has been reserved [ 0.392953] pnp 00:01: [dma 0 disabled] [ 0.392953] system 00:02: [io 0x0680-0x069f] has been reserved [ 0.392953] system 00:02: [io 0x164e-0x164f] has been reserved [ 0.392953] system 00:03: [io 0x1854-0x1857] has been reserved [ 0.392953] system 00:04: [mem 0xfed10000-0xfed17fff] has been reserved [ 0.392953] system 00:04: [mem 0xfed18000-0xfed18fff] has been reserved [ 0.392953] system 00:04: [mem 0xfed19000-0xfed19fff] has been reserved [ 0.392953] system 00:04: [mem 0xe0000000-0xefffffff] has been reserved [ 0.392953] system 00:04: [mem 0xfed20000-0xfed3ffff] has been reserved [ 0.392953] system 00:04: [mem 0xfed90000-0xfed93fff] could not be reserved [ 0.392953] system 00:04: [mem 0xfed45000-0xfed8ffff] has been reserved [ 0.392953] system 00:04: [mem 0xfee00000-0xfeefffff] could not be reserved [ 0.392953] system 00:05: [io 0x1800-0x18fe] could not be reserved [ 0.392953] system 00:05: [mem 0xfd000000-0xfd69ffff] has been reserved [ 0.392953] system 00:05: [mem 0xfd6c0000-0xfd6cffff] has been reserved [ 0.392953] system 00:05: [mem 0xfd6f0000-0xfdffffff] has been reserved [ 0.392953] system 00:05: [mem 0xfe000000-0xfe01ffff] could not be reserved [ 0.392953] system 00:05: [mem 0xfe200000-0xfe7fffff] has been reserved [ 0.392953] system 00:05: [mem 0xff000000-0xffffffff] has been reserved [ 0.392953] system 00:06: [io 0x2000-0x20fe] has been reserved [ 0.392953] system 00:07: [mem 0xfd6e0000-0xfd6effff] has been reserved [ 0.392953] system 00:07: [mem 0xfd6d0000-0xfd6dffff] has been reserved [ 0.392953] system 00:07: [mem 0xfd6b0000-0xfd6bffff] has been reserved [ 0.392953] system 00:07: [mem 0xfd6a0000-0xfd6affff] has been reserved [ 0.397330] pnp: PnP ACPI: found 9 devices [ 0.403152] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns [ 0.403263] NET: Registered PF_INET protocol family [ 0.403305] IP idents hash table entries: 65536 (order: 7, 524288 bytes, linear) [ 0.403921] tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes, linear) [ 0.403940] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear) [ 0.403965] TCP established hash table entries: 32768 (order: 6, 262144 bytes, linear) [ 0.404035] TCP bind hash table entries: 32768 (order: 8, 1048576 bytes, linear) [ 0.404127] TCP: Hash tables configured (established 32768 bind 32768) [ 0.404171] MPTCP token hash table entries: 4096 (order: 4, 98304 bytes, linear) [ 0.404187] UDP hash table entries: 2048 (order: 4, 65536 bytes, linear) [ 0.404196] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes, linear) [ 0.404226] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 0.404232] NET: Registered PF_XDP protocol family [ 0.404242] pci 0000:00:1b.0: PCI bridge to [bus 01] [ 0.404255] pci 0000:00:1b.0: bridge window [io 0x5000-0x5fff] [ 0.404261] pci 0000:00:1b.0: bridge window [mem 0xa4500000-0xa4efffff] [ 0.404265] pci 0000:00:1b.0: bridge window [mem 0xa1400000-0xa1dfffff 64bit pref] [ 0.404272] pci 0000:00:1c.0: PCI bridge to [bus 02] [ 0.404275] pci 0000:00:1c.0: bridge window [io 0x4000-0x4fff] [ 0.404280] pci 0000:00:1c.0: bridge window [mem 0xa3b00000-0xa44fffff] [ 0.404285] pci 0000:00:1c.0: bridge window [mem 0xa0a00000-0xa13fffff 64bit pref] [ 0.404292] pci 0000:00:1d.0: PCI bridge to [bus 03] [ 0.404306] pci 0000:00:1d.3: PCI bridge to [bus 04] [ 0.404309] pci 0000:00:1d.3: bridge window [io 0x3000-0x3fff] [ 0.404314] pci 0000:00:1d.3: bridge window [mem 0xa3100000-0xa3afffff] [ 0.404318] pci 0000:00:1d.3: bridge window [mem 0xa0000000-0xa09fffff 64bit pref] [ 0.404326] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window] [ 0.404328] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window] [ 0.404329] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window] [ 0.404330] pci_bus 0000:00: resource 7 [mem 0x90000000-0xdfffffff window] [ 0.404332] pci_bus 0000:00: resource 8 [mem 0xfc800000-0xfe7fffff window] [ 0.404333] pci_bus 0000:01: resource 0 [io 0x5000-0x5fff] [ 0.404334] pci_bus 0000:01: resource 1 [mem 0xa4500000-0xa4efffff] [ 0.404336] pci_bus 0000:01: resource 2 [mem 0xa1400000-0xa1dfffff 64bit pref] [ 0.404337] pci_bus 0000:02: resource 0 [io 0x4000-0x4fff] [ 0.404338] pci_bus 0000:02: resource 1 [mem 0xa3b00000-0xa44fffff] [ 0.404339] pci_bus 0000:02: resource 2 [mem 0xa0a00000-0xa13fffff 64bit pref] [ 0.404341] pci_bus 0000:04: resource 0 [io 0x3000-0x3fff] [ 0.404342] pci_bus 0000:04: resource 1 [mem 0xa3100000-0xa3afffff] [ 0.404343] pci_bus 0000:04: resource 2 [mem 0xa0000000-0xa09fffff 64bit pref] [ 0.405350] PCI: CLS 64 bytes, default 64 [ 0.405367] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 0.405368] software IO TLB: mapped [mem 0x0000000074a53000-0x0000000078a53000] (64MB) [ 0.405402] Trying to unpack rootfs image as initramfs... [ 0.408717] platform rtc_cmos: registered platform RTC device (no PNP device found) [ 0.409329] Initialise system trusted keyrings [ 0.409340] Key type blacklist registered [ 0.409414] workingset: timestamp_bits=36 max_order=20 bucket_order=0 [ 0.409425] zbud: loaded [ 0.409724] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.409829] fuse: init (API version 7.39) [ 0.409966] integrity: Platform Keyring initialized [ 0.424763] Key type asymmetric registered [ 0.424767] Asymmetric key parser 'x509' registered [ 0.424793] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 243) [ 0.424858] io scheduler mq-deadline registered [ 0.425417] pcieport 0000:00:1b.0: PME: Signaling with IRQ 122 [ 0.425472] pcieport 0000:00:1b.0: pciehp: Slot #24 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 0.425920] pcieport 0000:00:1c.0: PME: Signaling with IRQ 123 [ 0.425968] pcieport 0000:00:1c.0: pciehp: Slot #8 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 0.426240] pcieport 0000:00:1d.0: PME: Signaling with IRQ 124 [ 0.426604] pcieport 0000:00:1d.3: PME: Signaling with IRQ 125 [ 0.426651] pcieport 0000:00:1d.3: pciehp: Slot #15 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 0.426889] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4 [ 0.428539] input: Sleep Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0E:00/input/input0 [ 0.428580] ACPI: button: Sleep Button [SLPB] [ 0.428623] input: Power Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input1 [ 0.428658] ACPI: button: Power Button [PWRB] [ 0.428704] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2 [ 0.428758] ACPI: button: Power Button [PWRF] [ 0.429339] Serial: 8250/16550 driver, 32 ports, IRQ sharing enabled [ 0.451391] 00:01: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A [ 0.457017] Linux agpgart interface v0.103 [ 0.467644] loop: module loaded [ 0.468054] tun: Universal TUN/TAP device driver, 1.6 [ 0.468123] PPP generic driver version 2.4.2 [ 0.468343] VFIO - User Level meta-driver version: 0.3 [ 0.468474] i8042: PNP: No PS/2 controller found. [ 0.468556] mousedev: PS/2 mouse device common for all mice [ 0.468715] rtc_cmos rtc_cmos: RTC can wake from S4 [ 0.470316] rtc_cmos rtc_cmos: registered as rtc0 [ 0.470633] rtc_cmos rtc_cmos: setting system clock to 2024-04-08T20:41:22 UTC (1712608882) [ 0.470675] rtc_cmos rtc_cmos: alarms up to one month, y3k, 114 bytes nvram [ 0.470686] i2c_dev: i2c /dev entries driver [ 0.470759] device-mapper: core: CONFIG_IMA_DISABLE_HTABLE is disabled. Duplicate IMA measurements will not be recorded in the IMA log. [ 0.470773] device-mapper: uevent: version 1.0.3 [ 0.470817] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: dm-devel(a)redhat.com [ 0.470848] platform eisa.0: Probing EISA bus 0 [ 0.470851] platform eisa.0: EISA: Cannot allocate resource for mainboard [ 0.470853] platform eisa.0: Cannot allocate resource for EISA slot 1 [ 0.470854] platform eisa.0: Cannot allocate resource for EISA slot 2 [ 0.470856] platform eisa.0: Cannot allocate resource for EISA slot 3 [ 0.470858] platform eisa.0: Cannot allocate resource for EISA slot 4 [ 0.470859] platform eisa.0: Cannot allocate resource for EISA slot 5 [ 0.470861] platform eisa.0: Cannot allocate resource for EISA slot 6 [ 0.470862] platform eisa.0: Cannot allocate resource for EISA slot 7 [ 0.470864] platform eisa.0: Cannot allocate resource for EISA slot 8 [ 0.470865] platform eisa.0: EISA: Detected 0 cards [ 0.470868] intel_pstate: Intel P-state driver initializing [ 0.471134] intel_pstate: Disabling energy efficiency optimization [ 0.471135] intel_pstate: HWP enabled [ 0.471231] ledtrig-cpu: registered to indicate activity on CPUs [ 0.471261] efifb: probing for efifb [ 0.471282] efifb: showing boot graphics [ 0.472356] efifb: framebuffer at 0x90000000, using 8100k, total 8100k [ 0.472359] efifb: mode is 1920x1080x32, linelength=7680, pages=1 [ 0.472361] efifb: scrolling: redraw [ 0.472362] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0 [ 0.472508] Console: switching to colour frame buffer device 240x67 [ 0.474661] fb0: EFI VGA frame buffer device [ 0.474815] drop_monitor: Initializing network drop monitor service [ 0.474926] NET: Registered PF_INET6 protocol family [ 0.782617] Freeing initrd memory: 149668K [ 0.789019] Segment Routing with IPv6 [ 0.789032] In-situ OAM (IOAM) with IPv6 [ 0.789070] NET: Registered PF_PACKET protocol family [ 0.789161] Key type dns_resolver registered [ 0.789588] ENERGY_PERF_BIAS: Set to 'normal', was 'performance' [ 0.789686] microcode: Current revision: 0x000000f4 [ 0.789687] microcode: Updated early from: 0x00000096 [ 0.789830] IPI shorthand broadcast: enabled [ 0.791749] sched_clock: Marking stable (781258941, 8557784)->(794638026, -4821301) [ 0.791916] registered taskstats version 1 [ 0.792047] Loading compiled-in X.509 certificates [ 0.792520] Loaded X.509 cert 'Build time autogenerated kernel key: 8b7471cc9a0f57660f75ca5499023b7650454f8d' [ 0.794869] Key type .fscrypt registered [ 0.794870] Key type fscrypt-provisioning registered [ 0.794918] Key type trusted registered [ 0.809365] Key type encrypted registered [ 0.809370] AppArmor: AppArmor sha256 policy hashing enabled [ 0.810322] integrity: Loading X.509 certificate: UEFI:db [ 0.810350] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' [ 0.810351] integrity: Loading X.509 certificate: UEFI:db [ 0.810366] integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' [ 0.811113] Loading compiled-in module X.509 certificates [ 0.811556] Loaded X.509 cert 'Build time autogenerated kernel key: 8b7471cc9a0f57660f75ca5499023b7650454f8d' [ 0.811558] ima: Allocated hash algorithm: sha1 [ 0.840837] ima: No architecture policies found [ 0.840878] evm: Initialising EVM extended attributes: [ 0.840880] evm: security.selinux [ 0.840885] evm: security.SMACK64 [ 0.840888] evm: security.SMACK64EXEC [ 0.840891] evm: security.SMACK64TRANSMUTE [ 0.840894] evm: security.SMACK64MMAP [ 0.840897] evm: security.apparmor [ 0.840900] evm: security.ima [ 0.840903] evm: security.capability [ 0.840906] evm: HMAC attrs: 0x1 [ 0.841814] PM: Magic number: 4:842:699 [ 0.841898] acpi LNXCPU:0d: hash matches [ 0.842475] RAS: Correctable Errors collector initialized. [ 0.842498] PM: hibernation: Waiting 15sec before reading resume device ... [ 1.412662] tsc: Refined TSC clocksource calibration: 3696.002 MHz [ 1.412682] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x6a8d2ad56ed, max_idle_ns: 881591064802 ns [ 1.412758] clocksource: Switched to clocksource tsc [ 15.908715] clk: Disabling unused clocks [ 15.912586] Freeing unused decrypted memory: 2028K [ 15.914552] Freeing unused kernel image (initmem) memory: 4580K [ 15.924674] Write protecting the kernel read-only data: 26624k [ 15.925123] Freeing unused kernel image (rodata/data gap) memory: 980K [ 15.977580] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 15.977582] x86/mm: Checking user space page tables [ 16.017472] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 16.017477] Run /init as init process [ 16.017478] with arguments: [ 16.017479] /init [ 16.017480] splash [ 16.017481] with environment: [ 16.017482] HOME=/ [ 16.017482] TERM=linux [ 16.017483] BOOT_IMAGE=/boot/vmlinuz-6.8.0 [ 16.170300] xhci_hcd 0000:00:14.0: xHCI Host Controller [ 16.171573] xhci_hcd 0000:00:14.0: new USB bus registered, assigned bus number 1 [ 16.172727] xhci_hcd 0000:00:14.0: hcc params 0x200077c1 hci version 0x110 quirks 0x0000000000009810 [ 16.173265] xhci_hcd 0000:00:14.0: xHCI Host Controller [ 16.173271] xhci_hcd 0000:00:14.0: new USB bus registered, assigned bus number 2 [ 16.173275] xhci_hcd 0000:00:14.0: Host supports USB 3.1 Enhanced SuperSpeed [ 16.173339] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.08 [ 16.173343] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 16.173345] usb usb1: Product: xHCI Host Controller [ 16.173347] usb usb1: Manufacturer: Linux 6.8.0 xhci-hcd [ 16.173349] usb usb1: SerialNumber: 0000:00:14.0 [ 16.173641] hub 1-0:1.0: USB hub found [ 16.173679] hub 1-0:1.0: 16 ports detected [ 16.178278] e1000e: Intel(R) PRO/1000 Network Driver [ 16.178280] e1000e: Copyright(c) 1999 - 2015 Intel Corporation. [ 16.179081] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.08 [ 16.179085] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 16.179087] usb usb2: Product: xHCI Host Controller [ 16.179089] usb usb2: Manufacturer: Linux 6.8.0 xhci-hcd [ 16.179091] usb usb2: SerialNumber: 0000:00:14.0 [ 16.179385] ahci 0000:00:17.0: version 3.0 [ 16.179740] e1000e 0000:00:1f.6: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode [ 16.179899] ahci 0000:00:17.0: AHCI 0001.0301 32 slots 6 ports 6 Gbps 0x3f impl SATA mode [ 16.179904] ahci 0000:00:17.0: flags: 64bit ncq sntf clo only pio slum part ems deso sadm sds apst [ 16.182014] i801_smbus 0000:00:1f.4: SMBus using PCI interrupt [ 16.191840] hub 2-0:1.0: USB hub found [ 16.192490] i2c i2c-0: 1/4 memory slots populated (from DMI) [ 16.192585] hub 2-0:1.0: 8 ports detected [ 16.193275] i2c i2c-0: Successfully instantiated SPD at 0x51 [ 16.237227] scsi host0: ahci [ 16.237441] scsi host1: ahci [ 16.237612] scsi host2: ahci [ 16.237795] scsi host3: ahci [ 16.237927] scsi host4: ahci [ 16.238094] scsi host5: ahci [ 16.238148] ata1: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39100 irq 131 lpm-pol 0 [ 16.238151] ata2: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39180 irq 131 lpm-pol 0 [ 16.238154] ata3: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39200 irq 131 lpm-pol 0 [ 16.238157] ata4: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39280 irq 131 lpm-pol 0 [ 16.238160] ata5: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39300 irq 131 lpm-pol 0 [ 16.238162] ata6: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39380 irq 131 lpm-pol 0 [ 16.392898] e1000e 0000:00:1f.6 0000:00:1f.6 (uninitialized): registered PHC clock [ 16.432643] usb 1-7: new low-speed USB device number 2 using xhci_hcd [ 16.463479] e1000e 0000:00:1f.6 eth0: (PCI Express:2.5GT/s:Width x1) 70:85:c2:a4:19:95 [ 16.463497] e1000e 0000:00:1f.6 eth0: Intel(R) PRO/1000 Network Connection [ 16.463712] e1000e 0000:00:1f.6 eth0: MAC: 13, PHY: 12, PBA No: FFFFFF-0FF [ 16.552119] ata5: SATA link down (SStatus 4 SControl 300) [ 16.552171] ata6: SATA link down (SStatus 4 SControl 300) [ 16.552224] ata2: SATA link down (SStatus 4 SControl 300) [ 16.552274] ata1: SATA link down (SStatus 4 SControl 300) [ 16.552330] ata3: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [ 16.552377] ata4: SATA link down (SStatus 4 SControl 300) [ 16.558591] ata3.00: ACPI cmd f5/00:00:00:00:00:00(SECURITY FREEZE LOCK) filtered out [ 16.558607] ata3.00: ACPI cmd b1/c1:00:00:00:00:00(DEVICE CONFIGURATION OVERLAY) filtered out [ 16.561746] ata3.00: ATA-11: WDC WDS250G2B0A-00SM50, 401020WD, max UDMA/133 [ 16.564786] ata3.00: 488397168 sectors, multi 1: LBA48 NCQ (depth 32), AA [ 16.566382] ata3.00: Features: Dev-Sleep [ 16.572793] ata3.00: ACPI cmd f5/00:00:00:00:00:00(SECURITY FREEZE LOCK) filtered out [ 16.572809] ata3.00: ACPI cmd b1/c1:00:00:00:00:00(DEVICE CONFIGURATION OVERLAY) filtered out [ 16.581110] ata3.00: configured for UDMA/133 [ 16.581423] scsi 2:0:0:0: Direct-Access ATA WDC WDS250G2B0A 20WD PQ: 0 ANSI: 5 [ 16.582938] sd 2:0:0:0: Attached scsi generic sg0 type 0 [ 16.583063] sd 2:0:0:0: [sda] 488397168 512-byte logical blocks: (250 GB/233 GiB) [ 16.583096] sd 2:0:0:0: [sda] Write Protect is off [ 16.583106] sd 2:0:0:0: [sda] Mode Sense: 00 3a 00 00 [ 16.583164] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 16.583244] sd 2:0:0:0: [sda] Preferred minimum I/O size 512 bytes [ 16.585312] usb 1-7: New USB device found, idVendor=17ef, idProduct=6044, bcdDevice= 0.08 [ 16.585327] usb 1-7: New USB device strings: Mfr=0, Product=2, SerialNumber=0 [ 16.585335] usb 1-7: Product: ThinkPad USB Laser Mouse [ 16.586761] sda: sda1 sda2 [ 16.587436] sd 2:0:0:0: [sda] Attached SCSI disk [ 16.648704] e1000e 0000:00:1f.6 eno1: renamed from eth0 [ 16.736642] usb 1-8: new low-speed USB device number 3 using xhci_hcd [ 16.890225] usb 1-8: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice=64.00 [ 16.890239] usb 1-8: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 16.890247] usb 1-8: Product: USB Keyboard [ 16.890254] usb 1-8: Manufacturer: Logitech [ 16.922543] hid: raw HID events driver (C) Jiri Kosina [ 16.942368] usbcore: registered new interface driver usbhid [ 16.942372] usbhid: USB HID core driver [ 16.948215] input: ThinkPad USB Laser Mouse as /devices/pci0000:00/0000:00:14.0/usb1/1-7/1-7:1.0/0003:17EF:6044.0001/input/input3 [ 16.948488] hid-generic 0003:17EF:6044.0001: input,hidraw0: USB HID v1.11 Mouse [ThinkPad USB Laser Mouse] on usb-0000:00:14.0-7/input0 [ 16.948965] input: Logitech USB Keyboard as /devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8:1.0/0003:046D:C31C.0002/input/input4 [ 17.009119] hid-generic 0003:046D:C31C.0002: input,hidraw1: USB HID v1.10 Keyboard [Logitech USB Keyboard] on usb-0000:00:14.0-8/input0 [ 17.009907] input: Logitech USB Keyboard Consumer Control as /devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8:1.1/0003:046D:C31C.0003/input/input5 [ 17.069095] input: Logitech USB Keyboard System Control as /devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8:1.1/0003:046D:C31C.0003/input/input6 [ 17.069584] hid-generic 0003:046D:C31C.0003: input,hidraw2: USB HID v1.10 Device [Logitech USB Keyboard] on usb-0000:00:14.0-8/input1 [ 17.124193] random: crng reseeded on system resumption [ 17.124511] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff] [ 17.124523] PM: hibernation: Marking nosave pages: [mem 0x0005f000-0x0005ffff] [ 17.124529] PM: hibernation: Marking nosave pages: [mem 0x000a0000-0x000fffff] [ 17.124544] PM: hibernation: Marking nosave pages: [mem 0x67cdb000-0x67cdbfff] [ 17.124550] PM: hibernation: Marking nosave pages: [mem 0x67ceb000-0x67cecfff] [ 17.124555] PM: hibernation: Marking nosave pages: [mem 0x67cfc000-0x67cfcfff] [ 17.124605] PM: hibernation: Marking nosave pages: [mem 0x78a53000-0x78a93fff] [ 17.124617] PM: hibernation: Marking nosave pages: [mem 0x7addd000-0x7adddfff] [ 17.124622] PM: hibernation: Marking nosave pages: [mem 0x7c765000-0x7ed0dfff] [ 17.125677] PM: hibernation: Marking nosave pages: [mem 0x7ed0f000-0xffffffff] [ 17.153575] PM: hibernation: Basic memory bitmaps created [ 17.154248] PM: hibernation: Basic memory bitmaps freed [ 17.206422] EXT4-fs (sda2): mounted filesystem 74fe52d0-e90f-4b0a-92f4-581b5fa98519 ro with ordered data mode. Quota mode: none. [ 17.489082] systemd[1]: Inserted module 'autofs4' [ 17.574371] systemd[1]: systemd 245.4-4ubuntu3.22 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid) [ 17.574485] systemd[1]: Detected architecture x86-64. [ 17.605098] systemd[1]: Set hostname to <cr-desktop>. [ 17.828325] systemd[1]: Created slice system-modprobe.slice. [ 17.828586] systemd[1]: Created slice system-postfix.slice. [ 17.828805] systemd[1]: Created slice system-systemd\x2dfsck.slice. [ 17.829003] systemd[1]: Created slice User and Session Slice. [ 17.829068] systemd[1]: Started Forward Password Requests to Wall Directory Watch. [ 17.829235] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point. [ 17.829305] systemd[1]: Reached target User and Group Name Lookups. [ 17.829320] systemd[1]: Reached target Remote File Systems. [ 17.829333] systemd[1]: Reached target Slices. [ 17.829353] systemd[1]: Reached target Mounting snaps. [ 17.829373] systemd[1]: Reached target System Time Set. [ 17.829490] systemd[1]: Listening on Syslog Socket. [ 17.829580] systemd[1]: Listening on fsck to fsckd communication Socket. [ 17.829630] systemd[1]: Listening on initctl Compatibility Named Pipe. [ 17.829828] systemd[1]: Listening on Journal Audit Socket. [ 17.829910] systemd[1]: Listening on Journal Socket (/dev/log). [ 17.830011] systemd[1]: Listening on Journal Socket. [ 17.830118] systemd[1]: Listening on udev Control Socket. [ 17.830185] systemd[1]: Listening on udev Kernel Socket. [ 17.861047] systemd[1]: Mounting Huge Pages File System... [ 17.864870] systemd[1]: Mounting POSIX Message Queue File System... [ 17.870881] systemd[1]: Mounting Kernel Debug File System... [ 17.875994] systemd[1]: Mounting Kernel Trace File System... [ 17.881259] systemd[1]: Starting Journal Service... [ 17.885476] systemd[1]: Starting Set the console keyboard layout... [ 17.888676] systemd[1]: Starting Create list of static device nodes for the current kernel... [ 17.892091] systemd[1]: Starting Load Kernel Module chromeos_pstore... [ 17.895452] systemd[1]: Starting Load Kernel Module drm... [ 17.897820] systemd[1]: Starting Load Kernel Module efi_pstore... [ 17.900366] systemd[1]: Starting Load Kernel Module pstore_blk... [ 17.902535] systemd[1]: Starting Load Kernel Module pstore_zone... [ 17.904397] systemd[1]: Starting Load Kernel Module ramoops... [ 17.905785] systemd[1]: Condition check resulted in Set Up Additional Binary Formats being skipped. [ 17.905847] systemd[1]: Condition check resulted in File System Check on Root Device being skipped. [ 17.907472] pstore: Using crash dump compression: deflate [ 17.917262] systemd[1]: Starting Load Kernel Modules... [ 17.921146] systemd[1]: Starting Remount Root and Kernel File Systems... [ 17.926852] systemd[1]: Starting udev Coldplug all Devices... [ 17.934312] systemd[1]: Starting Uncomplicated firewall... [ 17.936122] pstore: Registered efi_pstore as persistent store backend [ 17.941335] systemd[1]: Mounted Huge Pages File System. [ 17.941511] systemd[1]: Mounted POSIX Message Queue File System. [ 17.941673] systemd[1]: Mounted Kernel Debug File System. [ 17.941827] systemd[1]: Mounted Kernel Trace File System. [ 17.942505] systemd[1]: Finished Create list of static device nodes for the current kernel. [ 17.942862] systemd[1]: modprobe(a)pstore_blk.service: Succeeded. [ 17.943298] systemd[1]: Finished Load Kernel Module pstore_blk. [ 17.943751] systemd[1]: modprobe(a)pstore_zone.service: Succeeded. [ 17.944803] systemd[1]: Finished Load Kernel Module pstore_zone. [ 17.950639] systemd[1]: Finished Uncomplicated firewall. [ 17.968943] systemd[1]: modprobe(a)chromeos_pstore.service: Succeeded. [ 17.969471] systemd[1]: Finished Load Kernel Module chromeos_pstore. [ 17.969941] systemd[1]: modprobe(a)efi_pstore.service: Succeeded. [ 17.971520] systemd[1]: Finished Load Kernel Module efi_pstore. [ 17.984578] EXT4-fs (sda2): re-mounted 74fe52d0-e90f-4b0a-92f4-581b5fa98519 r/w. Quota mode: none. [ 17.999187] ACPI: bus type drm_connector registered [ 17.999774] systemd[1]: Finished Remount Root and Kernel File Systems. [ 18.004947] systemd[1]: Activating swap /swapfile... [ 18.005395] systemd[1]: Condition check resulted in Rebuild Hardware Database being skipped. [ 18.007550] systemd[1]: Starting Load/Save Random Seed... [ 18.008920] lp: driver loaded but no devices found [ 18.010652] systemd[1]: Starting Create System Users... [ 18.011023] systemd[1]: Started Journal Service. [ 18.016817] Adding 4194300k swap on /swapfile. Priority:-2 extents:59 across:78897152k SS [ 18.023271] ppdev: user-space parallel port driver [ 18.028678] systemd-journald[243]: Received client request to flush runtime journal. [ 18.078395] loop0: detected capacity change from 0 to 8 [ 18.101076] loop1: detected capacity change from 0 to 114000 [ 18.101166] loop2: detected capacity change from 0 to 113992 [ 18.101335] loop3: detected capacity change from 0 to 129944 [ 18.128700] loop4: detected capacity change from 0 to 448512 [ 18.128790] loop5: detected capacity change from 0 to 994336 [ 18.128840] loop6: detected capacity change from 0 to 994336 [ 18.128915] loop7: detected capacity change from 0 to 133320 [ 18.129506] loop9: detected capacity change from 0 to 25240 [ 18.129584] loop8: detected capacity change from 0 to 104360 [ 18.129721] loop11: detected capacity change from 0 to 130848 [ 18.129747] loop12: detected capacity change from 0 to 657576 [ 18.129860] loop13: detected capacity change from 0 to 109072 [ 18.129929] loop10: detected capacity change from 0 to 133424 [ 18.145144] loop15: detected capacity change from 0 to 447264 [ 18.145144] loop14: detected capacity change from 0 to 187776 [ 18.148957] loop16: detected capacity change from 0 to 151296 [ 18.477424] EDAC ie31200: No ECC support [ 18.543387] mei_me 0000:00:16.0: enabling device (0000 -> 0002) [ 18.562874] ee1004 0-0051: 512 byte EE1004-compliant SPD EEPROM, read-only [ 18.637726] RAPL PMU: API unit is 2^-32 Joules, 4 fixed counters, 655360 ms ovfl timer [ 18.637730] RAPL PMU: hw unit of domain pp0-core 2^-14 Joules [ 18.637732] RAPL PMU: hw unit of domain package 2^-14 Joules [ 18.637733] RAPL PMU: hw unit of domain dram 2^-14 Joules [ 18.637734] RAPL PMU: hw unit of domain pp1-gpu 2^-14 Joules [ 18.674453] cryptd: max_cpu_qlen set to 1000 [ 18.712485] SSE version of gcm_enc/dec engaged. [ 19.311225] Console: switching to colour dummy device 80x25 [ 19.311299] i915 0000:00:02.0: vgaarb: deactivate vga console [ 19.320389] i915 0000:00:02.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 19.324206] mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915]) [ 19.327998] i915 0000:00:02.0: [drm] Finished loading DMC firmware i915/kbl_dmc_ver1_04.bin (v1.4) [ 19.357712] intel_rapl_common: Found RAPL domain package [ 19.357716] intel_rapl_common: Found RAPL domain core [ 19.357717] intel_rapl_common: Found RAPL domain uncore [ 19.357718] intel_rapl_common: Found RAPL domain dram [ 19.727131] i915 0000:00:02.0: [drm] [ENCODER:94:DDI A/PHY A] failed to retrieve link info, disabling eDP [ 19.727389] i915 0000:00:02.0: [drm] [ENCODER:94:DDI B/PHY B] is disabled/in DSI mode with an ungated DDI clock, gate it [ 19.727393] i915 0000:00:02.0: [drm] [ENCODER:108:DDI D/PHY D] is disabled/in DSI mode with an ungated DDI clock, gate it [ 19.727397] i915 0000:00:02.0: [drm] [ENCODER:119:DDI E/PHY E] is disabled/in DSI mode with an ungated DDI clock, gate it [ 19.753023] [drm] Initialized i915 1.6.0 20230929 for 0000:00:02.0 on minor 0 [ 19.764038] ACPI: video: Video Device [GFX0] (multi-head: yes rom: no post: no) [ 19.765874] input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input7 [ 19.766756] i915 display info: display version: 9 [ 19.766769] i915 display info: cursor_needs_physical: no [ 19.766780] i915 display info: has_cdclk_crawl: no [ 19.766787] i915 display info: has_cdclk_squash: no [ 19.766793] i915 display info: has_ddi: yes [ 19.766800] i915 display info: has_dp_mst: yes [ 19.766806] i915 display info: has_dsb: no [ 19.766812] i915 display info: has_fpga_dbg: yes [ 19.766818] i915 display info: has_gmch: no [ 19.766824] i915 display info: has_hotplug: yes [ 19.766830] i915 display info: has_hti: no [ 19.766836] i915 display info: has_ipc: yes [ 19.766842] i915 display info: has_overlay: no [ 19.766848] i915 display info: has_psr: yes [ 19.766854] i915 display info: has_psr_hw_tracking: yes [ 19.766860] i915 display info: overlay_needs_physical: no [ 19.766866] i915 display info: supports_tv: no [ 19.766872] i915 display info: has_hdcp: yes [ 19.766877] i915 display info: has_dmc: yes [ 19.766881] i915 display info: has_dsc: no [ 19.767058] snd_hda_intel 0000:00:1f.3: bound 0000:00:02.0 (ops i915_audio_component_bind_ops [i915]) [ 19.840416] audit: type=1400 audit(1712608901.862:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-senddoc" pid=470 comm="apparmor_parser" [ 19.840424] audit: type=1400 audit(1712608901.862:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-xpdfimport" pid=469 comm="apparmor_parser" [ 19.849674] audit: type=1400 audit(1712608901.874:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/snapd/snap-confine" pid=473 comm="apparmor_parser" [ 19.849681] audit: type=1400 audit(1712608901.874:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=473 comm="apparmor_parser" [ 19.851702] audit: type=1400 audit(1712608901.874:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=468 comm="apparmor_parser" [ 19.851708] audit: type=1400 audit(1712608901.874:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=468 comm="apparmor_parser" [ 19.851713] audit: type=1400 audit(1712608901.874:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=468 comm="apparmor_parser" [ 19.851717] audit: type=1400 audit(1712608901.874:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/{,usr/}sbin/dhclient" pid=468 comm="apparmor_parser" [ 19.857123] audit: type=1400 audit(1712608901.882:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cups-browsed" pid=474 comm="apparmor_parser" [ 19.864174] audit: type=1400 audit(1712608901.886:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=476 comm="apparmor_parser" [ 19.901794] fbcon: i915drmfb (fb0) is primary device [ 19.950198] Console: switching to colour frame buffer device 240x67 [ 19.969279] i915 0000:00:02.0: [drm] fb0: i915drmfb frame buffer device [ 20.006017] snd_hda_codec_realtek hdaudioC0D0: autoconfig for ALC892: line_outs=1 (0x14/0x0/0x0/0x0/0x0) type:line [ 20.006024] snd_hda_codec_realtek hdaudioC0D0: speaker_outs=0 (0x0/0x0/0x0/0x0/0x0) [ 20.006026] snd_hda_codec_realtek hdaudioC0D0: hp_outs=1 (0x1b/0x0/0x0/0x0/0x0) [ 20.006028] snd_hda_codec_realtek hdaudioC0D0: mono: mono_out=0x0 [ 20.006030] snd_hda_codec_realtek hdaudioC0D0: inputs: [ 20.006031] snd_hda_codec_realtek hdaudioC0D0: Front Mic=0x19 [ 20.006033] snd_hda_codec_realtek hdaudioC0D0: Rear Mic=0x18 [ 20.006034] snd_hda_codec_realtek hdaudioC0D0: Line=0x1a [ 20.072462] input: HDA Intel PCH Front Mic as /devices/pci0000:00/0000:00:1f.3/sound/card0/input8 [ 20.074752] input: HDA Intel PCH Rear Mic as /devices/pci0000:00/0000:00:1f.3/sound/card0/input9 [ 20.079934] input: HDA Intel PCH Line as /devices/pci0000:00/0000:00:1f.3/sound/card0/input10 [ 20.085472] input: HDA Intel PCH Line Out as /devices/pci0000:00/0000:00:1f.3/sound/card0/input11 [ 20.086707] input: HDA Intel PCH Front Headphone as /devices/pci0000:00/0000:00:1f.3/sound/card0/input12 [ 20.089926] input: HDA Intel PCH HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input13 [ 20.097574] input: HDA Intel PCH HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input14 [ 20.098247] input: HDA Intel PCH HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input15 [ 21.899828] loop17: detected capacity change from 0 to 8 [ 25.812150] rfkill: input handler disabled [ 26.329380] kauditd_printk_skb: 29 callbacks suppressed [ 26.329383] audit: type=1400 audit(1712608908.342:41): apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/19457/usr/lib/snapd/snap-confine" pid=1346 comm="snap-confine" capability=4 capname="fsetid" [ 29.327836] fwupd[2147]: segfault at 8 ip 00005577414a410d sp 00007ffdd5e5f700 error 4 in fwupd[55774149f000+26000] likely on CPU 2 (core 0, socket 0) [ 29.327849] Code: ff 85 c0 0f 85 97 02 00 00 48 8b 7c 24 30 e8 5a d5 ff ff e9 67 01 00 00 48 8b 44 24 28 48 8d 3d d9 14 02 00 41 be 01 00 00 00 <48> 8b 70 08 31 c0 e8 08 f4 ff ff 4d 85 e4 74 08 4c 89 e7 e8 2b db [ 42.363911] pcieport 0000:00:1d.3: pciehp: Slot(15): Card present [ 42.363915] pcieport 0000:00:1d.3: pciehp: Slot(15): Link Up [ 42.496936] pci 0000:04:00.0: [2646:2263] type 00 class 0x010802 PCIe Endpoint [ 42.497041] pci 0000:04:00.0: BAR 0 [mem 0x00000000-0x00003fff 64bit] [ 42.497435] pci 0000:04:00.0: 7.876 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x1 link at 0000:00:1d.3 (capable of 31.504 Gb/s with 8.0 GT/s PCIe x4 link) [ 42.498278] pci 0000:04:00.0: BAR 0 [mem 0xa3100000-0xa3103fff 64bit]: assigned [ 42.498368] pcieport 0000:00:1d.3: PCI bridge to [bus 04] [ 42.498385] pcieport 0000:00:1d.3: bridge window [io 0x3000-0x3fff] [ 42.498411] pcieport 0000:00:1d.3: bridge window [mem 0xa3100000-0xa3afffff] [ 42.498435] pcieport 0000:00:1d.3: bridge window [mem 0xa0000000-0xa09fffff 64bit pref] [ 42.560689] nvme nvme0: pci function 0000:04:00.0 [ 42.560756] nvme 0000:04:00.0: enabling device (0000 -> 0002) [ 42.593330] nvme nvme0: missing or invalid SUBNQN field. [ 42.599528] nvme nvme0: 4/0/0 default/read/poll queues [ 42.604972] nvme0n1: p1 p2 p3 p4 p5 [ 47.843145] PM: suspend entry (deep) [ 47.911562] Filesystems sync: 0.068 seconds [ 47.912244] Freezing user space processes [ 47.916421] Freezing user space processes completed (elapsed 0.004 seconds) [ 47.916435] OOM killer disabled. [ 47.916438] Freezing remaining freezable tasks [ 47.917787] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [ 47.917881] printk: Suspending console(s) (use no_console_suspend to debug) [ 47.933715] serial 00:01: disabled [ 47.933852] e1000e: EEE TX LPI TIMER: 00000011 [ 47.944891] sd 2:0:0:0: [sda] Synchronizing SCSI cache [ 47.950919] ata3.00: Entering standby power mode [ 48.318069] ACPI: PM: Preparing to enter system sleep state S3 [ 48.685977] ACPI: PM: Saving platform NVS memory [ 48.686137] Disabling non-boot CPUs ... [ 48.688277] smpboot: CPU 1 is now offline [ 48.691594] smpboot: CPU 2 is now offline [ 48.693971] smpboot: CPU 3 is now offline [ 48.698985] ACPI: PM: Low-level resume complete [ 48.699055] ACPI: PM: Restoring platform NVS memory [ 48.700054] Enabling non-boot CPUs ... [ 48.700078] smpboot: Booting Node 0 Processor 1 APIC 0x2 [ 48.703570] CPU1 is up [ 48.703590] smpboot: Booting Node 0 Processor 2 APIC 0x1 [ 48.704280] CPU2 is up [ 48.704297] smpboot: Booting Node 0 Processor 3 APIC 0x3 [ 48.704895] CPU3 is up [ 48.706559] ACPI: PM: Waking up from system sleep state S3 [ 49.799631] i915 0000:00:02.0: [drm] [ENCODER:94:DDI B/PHY B] is disabled/in DSI mode with an ungated DDI clock, gate it [ 49.799636] i915 0000:00:02.0: [drm] [ENCODER:104:DDI C/PHY C] is disabled/in DSI mode with an ungated DDI clock, gate it [ 49.799639] i915 0000:00:02.0: [drm] [ENCODER:108:DDI D/PHY D] is disabled/in DSI mode with an ungated DDI clock, gate it [ 49.799643] i915 0000:00:02.0: [drm] [ENCODER:119:DDI E/PHY E] is disabled/in DSI mode with an ungated DDI clock, gate it [ 49.802306] serial 00:01: activated [ 49.883191] nvme nvme0: 4/0/0 default/read/poll queues [ 49.883323] nvme nvme0: identifiers changed for nsid 1 [ 50.176065] ata4: SATA link down (SStatus 4 SControl 300) [ 50.176095] ata1: SATA link down (SStatus 4 SControl 300) [ 50.176116] ata5: SATA link down (SStatus 4 SControl 300) [ 50.176133] ata2: SATA link down (SStatus 4 SControl 300) [ 50.176152] ata6: SATA link down (SStatus 4 SControl 300) [ 50.176176] ata3: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [ 50.177333] ata3.00: ACPI cmd f5/00:00:00:00:00:00(SECURITY FREEZE LOCK) filtered out [ 50.177337] ata3.00: ACPI cmd b1/c1:00:00:00:00:00(DEVICE CONFIGURATION OVERLAY) filtered out [ 50.181374] ata3.00: ACPI cmd f5/00:00:00:00:00:00(SECURITY FREEZE LOCK) filtered out [ 50.181377] ata3.00: ACPI cmd b1/c1:00:00:00:00:00(DEVICE CONFIGURATION OVERLAY) filtered out [ 50.184293] ata3.00: configured for UDMA/133 [ 50.908446] mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915]) [ 50.914602] OOM killer enabled. [ 50.914609] Restarting tasks ... done. [ 50.922689] random: crng reseeded on system resumption [ 50.922724] PM: suspend exit [ 51.166103] e1000e 0000:00:1f.6 eno1: NIC Link is Down [ 54.743511] audit: type=1400 audit(1712608955.040:42): apparmor="DENIED" operation="open" class="file" profile="snap.snap-store.ubuntu-software" name="/etc/appstream.conf" pid=1346 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 54.802553] fwupd[2428]: segfault at 8 ip 000056021e74a10d sp 00007ffcb0d24140 error 4 in fwupd[56021e745000+26000] likely on CPU 0 (core 0, socket 0) [ 54.802569] Code: ff 85 c0 0f 85 97 02 00 00 48 8b 7c 24 30 e8 5a d5 ff ff e9 67 01 00 00 48 8b 44 24 28 48 8d 3d d9 14 02 00 41 be 01 00 00 00 <48> 8b 70 08 31 c0 e8 08 f4 ff ff 4d 85 e4 74 08 4c 89 e7 e8 2b db

1 year, 5 months

2
1
0 0

[RESEND PATCH v2] ASoC: tegra: Fix DSPK 16-bit playback

by Sameer Pujar

DSPK configuration is wrong for 16-bit playback and this happens because the client config is always fixed at 24-bit in hw_params(). Fix this by updating the client config to 16-bit for the respective playback. Fixes: 327ef6470266 ("ASoC: tegra: Add Tegra186 based DSPK driver") Cc: stable(a)vger.kernel.org Signed-off-by: Sameer Pujar <spujar(a)nvidia.com> --- changes in v2: * moved common setting to S32_LE switch case. sound/soc/tegra/tegra186_dspk.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sound/soc/tegra/tegra186_dspk.c b/sound/soc/tegra/tegra186_dspk.c index aa37c4ab0adb..21cd41fec7a9 100644 --- a/sound/soc/tegra/tegra186_dspk.c +++ b/sound/soc/tegra/tegra186_dspk.c @@ -1,8 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only +// SPDX-FileCopyrightText: Copyright (c) 2020-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. // // tegra186_dspk.c - Tegra186 DSPK driver -// -// Copyright (c) 2020 NVIDIA CORPORATION. All rights reserved. #include <linux/clk.h> #include <linux/device.h> @@ -241,14 +240,14 @@ static int tegra186_dspk_hw_params(struct snd_pcm_substream *substream, return -EINVAL; } - cif_conf.client_bits = TEGRA_ACIF_BITS_24; - switch (params_format(params)) { case SNDRV_PCM_FORMAT_S16_LE: cif_conf.audio_bits = TEGRA_ACIF_BITS_16; + cif_conf.client_bits = TEGRA_ACIF_BITS_16; break; case SNDRV_PCM_FORMAT_S32_LE: cif_conf.audio_bits = TEGRA_ACIF_BITS_32; + cif_conf.client_bits = TEGRA_ACIF_BITS_24; break; default: dev_err(dev, "unsupported format!\n"); -- 2.25.1

1 year, 5 months

3
2
0 0

[PATCH] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()

by Qu Wenruo

[BUG] During my extent_map cleanup/refactor, with more than too strict sanity checks, extent-map-tests::test_case_7() would crash my extent_map sanity checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr along with correct @offset. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. And unfortunately this is going to cause data corruption, as the splitted em is pointing an incorrect location, can cause either unexpected read error or wild writes. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. CC: stable(a)vger.kernel.org # 6.7+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_map.c | 2 +- fs/btrfs/tests/extent-map-tests.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 471654cb65b0..955ce300e5a1 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -799,7 +799,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..80e71c5cb7ab 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -818,7 +818,6 @@ static int test_case_7(struct btrfs_fs_info *fs_info) test_err("em->len is %llu, expected 16K", em->len); goto out; } - free_extent_map(em); read_lock(&em_tree->lock); @@ -847,6 +846,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock); -- 2.44.0

1 year, 5 months

6
5
0 0

[PATCH] drm/vmwgfx: Enable DMA mappings with SEV

by Zack Rusin

Enable DMA mappings in vmwgfx after TTM has been fixed in commit 3bf3710e3718 ("drm/ttm: Add a generic TTM memcpy move for page-based iomem") This enables full guest-backed memory support and in particular allows usage of screen targets as the presentation mechanism. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Reported-by: Ye Li <ye.li(a)broadcom.com> Tested-by: Ye Li <ye.li(a)broadcom.com> Fixes: 3b0d6458c705 ("drm/vmwgfx: Refuse DMA operation when SEV encryption is active") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.6+ --- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 41ad13e45554..bdad93864b98 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -667,11 +667,12 @@ static int vmw_dma_select_mode(struct vmw_private *dev_priv) [vmw_dma_map_populate] = "Caching DMA mappings.", [vmw_dma_map_bind] = "Giving up DMA mappings early."}; - /* TTM currently doesn't fully support SEV encryption. */ - if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) - return -EINVAL; - - if (vmw_force_coherent) + /* + * When running with SEV we always want dma mappings, because + * otherwise ttm tt pool pages will bounce through swiotlb running + * out of available space. + */ + if (vmw_force_coherent || cc_platform_has(CC_ATTR_MEM_ENCRYPT)) dev_priv->map_mode = vmw_dma_alloc_coherent; else if (vmw_restrict_iommu) dev_priv->map_mode = vmw_dma_map_bind; -- 2.40.1

1 year, 5 months

2
1
0 0

[PATCH v3] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()

by Qu Wenruo

[BUG] During my extent_map cleanup/refactor, with extra sanity checks, extent-map-tests::test_case_7() would not pass the checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr/@offset combination. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. This is a regression caused by commit c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"), which removed the @len update for pinned extents. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. Thankfully this is not going to lead to any data corruption, as IO path does not utilize btrfs_drop_extent_map_range() with @skip_pinned set. So this fix is only here for the sake of consistency/correctness. CC: stable(a)vger.kernel.org # 6.5+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- Changelog: v2: - Remove the mention of possible corruption Thankfully this bug does not affect IO path thus it's fine. - Explain why c962098ca4af is the cause v3: - Fix an accidental removal of a newline --- fs/btrfs/extent_map.c | 2 +- fs/btrfs/tests/extent-map-tests.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 471654cb65b0..955ce300e5a1 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -799,7 +799,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..47b5d301038e 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -847,6 +847,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock); -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH v2] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()

by Qu Wenruo

[BUG] During my extent_map cleanup/refactor, with extra sanity checks, extent-map-tests::test_case_7() would not pass the checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr/@offset combination. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. This is a regression caused by commit c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"), which removed the @len update for pinned extents. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. Thankfully this is not going to lead to any data corruption, as IO path does not utilize btrfs_drop_extent_map_range() with @skip_pinned set. So this fix is only here for the sake of consistency/correctness. CC: stable(a)vger.kernel.org # 6.5+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- Changelog: v2: - Remove the mention of possible corruption Thankfully this bug does not affect IO path thus it's fine. - Explain why c962098ca4af is the cause --- fs/btrfs/extent_map.c | 2 +- fs/btrfs/tests/extent-map-tests.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 471654cb65b0..955ce300e5a1 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -799,7 +799,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..80e71c5cb7ab 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -818,7 +818,6 @@ static int test_case_7(struct btrfs_fs_info *fs_info) test_err("em->len is %llu, expected 16K", em->len); goto out; } - free_extent_map(em); read_lock(&em_tree->lock); @@ -847,6 +846,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock); -- 2.44.0

1 year, 5 months

2
1
0 0

[PATCH net 0/2] Add check for usbnet_get_endpoints and cleanup

by Yi Yang

I split before patch to two patch. one for bugfix, anorther one for cleanup Yi Yang (2): net: usb: asix: Add check for usbnet_get_endpoints net: usb: asix: Replace the direct return with goto statement drivers/net/usb/asix_devices.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) -- 2.25.1

1 year, 5 months

3
4
0 0

[PATCH v4] mtd: rawnand: qcom: Fix broken OP_RESET_DEVICE command in qcom_misc_cmd_type_exec()

by Christian Marangi

While migrating to exec_ops in commit a82990c8a409 ("mtd: rawnand: qcom: Add read/read_start ops in exec_op path"), OP_RESET_DEVICE command handling got broken unintentionally. Right now for the OP_RESET_DEVICE command, qcom_misc_cmd_type_exec() will simply return 0 without handling it. Even, if that gets fixed, an unnecessary FLASH_STATUS read descriptor command is being added in the middle and that seems to be causing the command to fail on IPQ806x devices. So let's fix the above two issues to make OP_RESET_DEVICE command working again. Fixes: a82990c8a409 ("mtd: rawnand: qcom: Add read/read_start ops in exec_op path") Cc: stable(a)vger.kernel.org Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- Changes v4: - Rework commit title and description as suggested. - Add Reviewed-by tag Changes v3: - Merge patches - Rework commit description Changes v2: - Split patches drivers/mtd/nand/raw/qcom_nandc.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index b079605c84d3..b8cff9240b28 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -2815,7 +2815,7 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub host->cfg0_raw & ~(7 << CW_PER_PAGE)); nandc_set_reg(chip, NAND_DEV0_CFG1, host->cfg1_raw); instrs = 3; - } else { + } else if (q_op.cmd_reg != OP_RESET_DEVICE) { return 0; } @@ -2830,9 +2830,8 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub nandc_set_reg(chip, NAND_EXEC_CMD, 1); write_reg_dma(nandc, NAND_FLASH_CMD, instrs, NAND_BAM_NEXT_SGL); - (q_op.cmd_reg == OP_BLOCK_ERASE) ? write_reg_dma(nandc, NAND_DEV0_CFG0, - 2, NAND_BAM_NEXT_SGL) : read_reg_dma(nandc, - NAND_FLASH_STATUS, 1, NAND_BAM_NEXT_SGL); + if (q_op.cmd_reg == OP_BLOCK_ERASE) + write_reg_dma(nandc, NAND_DEV0_CFG0, 2, NAND_BAM_NEXT_SGL); write_reg_dma(nandc, NAND_EXEC_CMD, 1, NAND_BAM_NEXT_SGL); read_reg_dma(nandc, NAND_FLASH_STATUS, 1, NAND_BAM_NEXT_SGL); -- 2.43.0

1 year, 5 months

2
1
0 0

[PATCH] mtd: diskonchip: work around ubsan link failure

by Arnd Bergmann

From: Arnd Bergmann <arnd(a)arndb.de> I ran into a randconfig build failure with UBSAN using gcc-13.2: arm-linux-gnueabi-ld: error: unplaced orphan section `.bss..Lubsan_data31' from `drivers/mtd/nand/raw/diskonchip.o' I'm not entirely sure what is going on here, but I suspect this has something to do with the check for the end of the doc_locations[] array that contains an (unsigned long)0xffffffff element, which is compared against the signed (int)0xffffffff. If this is the case, we should get a runtime check for undefined behavior, but we instead get an unexpected build-time error. I would have expected this to work fine on 32-bit architectures despite the signed integer overflow, though on 64-bit architectures this likely won't ever work. Changing the contition to instead check for the size of the array makes the code safe everywhere and avoids the ubsan check that leads to the link error. The loop code goes back to before 2.6.12. Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- drivers/mtd/nand/raw/diskonchip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/raw/diskonchip.c b/drivers/mtd/nand/raw/diskonchip.c index 5243fab9face..8db7fc424571 100644 --- a/drivers/mtd/nand/raw/diskonchip.c +++ b/drivers/mtd/nand/raw/diskonchip.c @@ -53,7 +53,7 @@ static unsigned long doc_locations[] __initdata = { 0xe8000, 0xea000, 0xec000, 0xee000, #endif #endif - 0xffffffff }; +}; static struct mtd_info *doclist = NULL; @@ -1554,7 +1554,7 @@ static int __init init_nanddoc(void) if (ret < 0) return ret; } else { - for (i = 0; (doc_locations[i] != 0xffffffff); i++) { + for (i = 0; i < ARRAY_SIZE(doc_locations); i++) { doc_probe(doc_locations[i]); } } -- 2.39.2

1 year, 5 months

2
1
0 0

[PATCH 5.4.y] drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()

by Guo Mengqi

commit 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") introduced drm_dev_get/put() to drm_atomic_helper_shutdown(). And this cause problem in vkms driver exit process. vkms_exit() drm_dev_put() vkms_release() drm_atomic_helper_shutdown() drm_dev_get() drm_dev_put() vkms_release() ------ use after free Using 5.4 stable x86 image on qemu, below stacktrace can be triggered by load and unload vkms.ko. root:~ # insmod vkms.ko [ 76.957802] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 76.961490] [drm] Driver supports precise vblank timestamp query. [ 76.964416] [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 0 root:~ # rmmod vkms.ko [ 79.650202] refcount_t: addition on 0; use-after-free. [ 79.650249] WARNING: CPU: 2 PID: 3533 at ../lib/refcount.c:25 refcount_warn_saturate+0xcf/0xf0 [ 79.654241] Modules linked in: vkms(-) [ 79.654249] CPU: 2 PID: 3533 Comm: rmmod Not tainted 5.4.273 #4 [ 79.654251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 79.654262] RIP: 0010:refcount_warn_saturate+0xcf/0xf0 ... [ 79.654296] Call Trace: [ 79.654462] ? __warn+0x80/0xd0 [ 79.654473] ? refcount_warn_saturate+0xcf/0xf0 [ 79.654481] ? report_bug+0xb6/0x130 [ 79.654484] ? refcount_warn_saturate+0xcf/0xf0 [ 79.654489] ? fixup_bug.part.12+0x13/0x30 [ 79.654492] ? do_error_trap+0x90/0xb0 [ 79.654495] ? do_invalid_op+0x31/0x40 [ 79.654497] ? refcount_warn_saturate+0xcf/0xf0 [ 79.654504] ? invalid_op+0x1e/0x30 [ 79.654508] ? refcount_warn_saturate+0xcf/0xf0 [ 79.654516] drm_atomic_state_init+0x68/0xb0 [ 79.654543] drm_atomic_state_alloc+0x43/0x60 [ 79.654551] drm_atomic_helper_disable_all+0x13/0x180 [ 79.654562] drm_atomic_helper_shutdown+0x5f/0xb0 [ 79.654571] vkms_release+0x18/0x40 [vkms] [ 79.654575] vkms_exit+0x29/0xc00 [vkms] [ 79.654582] __x64_sys_delete_module+0x155/0x220 [ 79.654592] do_syscall_64+0x43/0x120 [ 79.654603] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 79.654619] ---[ end trace ce0c02f57ea6bf73 ]--- It seems that the proper unload sequence is: drm_atomic_helper_shutdown(); drm_dev_put(); Just put drm_atomic_helper_shutdown() before drm_dev_put() should solve the problem. Note that vkms exit code is refactored by commit 53d77aaa3f76 ("drm/vkms: Use devm_drm_dev_alloc") in tags/v5.10-rc1. So this bug only exists on 4.19 and 5.4. Fixes: 380c7ceabdde ("drm/atomic: Fix potential use-after-free in nonblocking commits") Fixes: 2ead1be54b22 ("drm/vkms: Fix connector leak at the module removal") Signed-off-by: Guo Mengqi <guomengqi3(a)huawei.com> --- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c index 44ab9f8ef8be..86043d7c0e4b 100644 --- a/drivers/gpu/drm/vkms/vkms_drv.c +++ b/drivers/gpu/drm/vkms/vkms_drv.c @@ -60,7 +60,6 @@ static void vkms_release(struct drm_device *dev) struct vkms_device *vkms = container_of(dev, struct vkms_device, drm); platform_device_unregister(vkms->platform); - drm_atomic_helper_shutdown(&vkms->drm); drm_mode_config_cleanup(&vkms->drm); drm_dev_fini(&vkms->drm); destroy_workqueue(vkms->output.composer_workq); @@ -194,6 +193,7 @@ static void __exit vkms_exit(void) } drm_dev_unregister(&vkms_device->drm); + drm_atomic_helper_shutdown(&vkms_device->drm); drm_dev_put(&vkms_device->drm); kfree(vkms_device); -- 2.17.1

1 year, 5 months

1
0
0 0

[PATCH] bpf: dereference of null in __cgroup_bpf_query() function

by Mikhail Lobanov

In the __cgroup_bpf_query() function, it is possible to dereference the null pointer in the line id = prog->aux->id; since there is no check for a non-zero value of the variable prog. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: af6eea57437a ("bpf: Implement bpf_link-based cgroup BPF program attachment") Cc: stable(a)vger.kernel.org Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosalinux.ru> --- kernel/bpf/cgroup.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index 491d20038cbe..7f2db96f0c6a 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -1092,6 +1092,8 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr, i = 0; hlist_for_each_entry(pl, progs, node) { prog = prog_list_prog(pl); + if (!prog_list_prog(pl)) + continue; id = prog->aux->id; if (copy_to_user(prog_ids + i, &id, sizeof(id))) return -EFAULT; -- 2.43.0

1 year, 5 months

2
1
0 0

[PATCH 2/2] of: property: fw_devlink: Fix links to supplier when created from phandles

by Herve Codina

Since commit 1a50d9403fb9 ("treewide: Fix probing of devices in DT overlays"), when using device-tree overlays, the FWNODE_FLAG_NOT_DEVICE is set on each overlay nodes. This flag is cleared when a struct device is actually created for the DT node. Also, when a device is created, the device DT node is parsed for known phandle and devlinks consumer/supplier links are created between the device (consumer) and the devices referenced by phandles (suppliers). As these supplier device can have a struct device not already created, the FWNODE_FLAG_NOT_DEVICE can be set for suppliers and leads the devlink supplier point to the device's parent instead of the device itself. Avoid this situation clearing the supplier FWNODE_FLAG_NOT_DEVICE just before the devlink creation if a device is supposed to be created and handled later in the process. Fixes: 1a50d9403fb9 ("treewide: Fix probing of devices in DT overlays") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/of/property.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/of/property.c b/drivers/of/property.c index 641a40cf5cf3..ff5cac477dbe 100644 --- a/drivers/of/property.c +++ b/drivers/of/property.c @@ -1097,6 +1097,7 @@ static void of_link_to_phandle(struct device_node *con_np, struct device_node *sup_np) { struct device_node *tmp_np = of_node_get(sup_np); + struct fwnode_handle *sup_fwnode; /* Check that sup_np and its ancestors are available. */ while (tmp_np) { @@ -1113,7 +1114,20 @@ static void of_link_to_phandle(struct device_node *con_np, tmp_np = of_get_next_parent(tmp_np); } - fwnode_link_add(of_fwnode_handle(con_np), of_fwnode_handle(sup_np)); + /* + * In case of overlays, the fwnode are added with FWNODE_FLAG_NOT_DEVICE + * flag set. A node can have a phandle that references an other node + * added by the overlay. + * Clear the supplier's FWNODE_FLAG_NOT_DEVICE so that fw_devlink links + * to this supplier instead of linking to its parent. + */ + sup_fwnode = of_fwnode_handle(sup_np); + if (sup_fwnode->flags & FWNODE_FLAG_NOT_DEVICE) { + if (of_property_present(sup_np, "compatible") && + of_device_is_available(sup_np)) + sup_fwnode->flags &= ~FWNODE_FLAG_NOT_DEVICE; + } + fwnode_link_add(of_fwnode_handle(con_np), sup_fwnode); } /** -- 2.43.0

1 year, 5 months

2
7
0 0

[PATCH AUTOSEL 6.8 01/98] drm/vc4: don't check if plane->state->fb == state->fb

by Sasha Levin

From: Maíra Canal <mcanal(a)igalia.com> [ Upstream commit 5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 ] Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32 [ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0 [ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0 [ 110.909170] sp : ffffffc00913b9c0 [ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60 [ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480 [ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78 [ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000 [ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004 [ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003 [ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00 [ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572 [ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000 [ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001 [ 110.909434] Call trace: [ 110.909441] refcount_dec_not_one+0xb8/0xc0 [ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4] [ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4] [ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper] [ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4] [ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper] [ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper] [ 110.911716] drm_atomic_commit+0xb0/0xdc [drm] [ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm] [ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm] [ 110.914091] drm_ioctl+0x24c/0x3b0 [drm] [ 110.914850] __arm64_sys_ioctl+0x9c/0xd4 [ 110.914873] invoke_syscall+0x4c/0x114 [ 110.914897] el0_svc_common+0xd0/0x118 [ 110.914917] do_el0_svc+0x38/0xd0 [ 110.914936] el0_svc+0x30/0x8c [ 110.914958] el0t_64_sync_handler+0x84/0xf0 [ 110.914979] el0t_64_sync+0x18c/0x190 [ 110.914996] ---[ end trace 0000000000000000 ]--- This happens because, although `prepare_fb` and `cleanup_fb` are perfectly balanced, we cannot guarantee consistency in the check plane->state->fb == state->fb. This means that sometimes we can increase the refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The opposite can also be true. In fact, the struct drm_plane .state shouldn't be accessed directly but instead, the `drm_atomic_get_new_plane_state()` helper function should be used. So, we could stick to this check, but using `drm_atomic_get_new_plane_state()`. But actually, this check is not really needed. We can increase and decrease the refcount symmetrically without problems. This is going to make the code more simple and consistent. Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Acked-by: Maxime Ripard <mripard(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240105175908.242000-1-mcana… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/vc4/vc4_plane.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index 00e713faecd5a..5948e34f7f813 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -1505,9 +1505,6 @@ static int vc4_prepare_fb(struct drm_plane *plane, drm_gem_plane_helper_prepare_fb(plane, state); - if (plane->state->fb == state->fb) - return 0; - return vc4_bo_inc_usecnt(bo); } @@ -1516,7 +1513,7 @@ static void vc4_cleanup_fb(struct drm_plane *plane, { struct vc4_bo *bo; - if (plane->state->fb == state->fb || !state->fb) + if (!state->fb) return; bo = to_vc4_bo(&drm_fb_dma_get_gem_obj(state->fb, 0)->base); -- 2.43.0

1 year, 5 months

5
106
0 0

[PATCH -stable,5.10.x 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 5.10.x, to add them on top of your enqueued patches: 994209ddf4f4 ("netfilter: nf_tables: reject new basechain after table flag update") 24cea9677025 ("netfilter: nf_tables: flush pending destroy work before exit_net release") a45e6889575c ("netfilter: nf_tables: release batch on table validation from abort path") 0d459e2ffb54 ("netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path") 1bc83a019bbe ("netfilter: nf_tables: discard table flag update with pending basechain deletion") Please, apply, thanks. Pablo Neira Ayuso (5): netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion net/netfilter/nf_tables_api.c | 51 ++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 10 deletions(-) -- 2.30.2

1 year, 5 months

1
6
0 0

[PATCH -stable,5.4.x 0/5] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 5.10.x, to add them on top of your enqueued patches: 994209ddf4f4 ("netfilter: nf_tables: reject new basechain after table flag update") 24cea9677025 ("netfilter: nf_tables: flush pending destroy work before exit_net release") a45e6889575c ("netfilter: nf_tables: release batch on table validation from abort path") 0d459e2ffb54 ("netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path") 1bc83a019bbe ("netfilter: nf_tables: discard table flag update with pending basechain deletion") Please, apply, thanks. Pablo Neira Ayuso (5): netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion net/netfilter/nf_tables_api.c | 51 ++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 10 deletions(-) -- 2.30.2

1 year, 5 months

1
5
0 0

[PATCH -stable,5.15.x 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 6.1.x, to add them on top of your enqueued patches: a45e6889575c ("netfilter: nf_tables: release batch on table validation from abort path") 0d459e2ffb54 ("netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path") 1bc83a019bbe ("netfilter: nf_tables: discard table flag update with pending basechain deletion") Please, apply, thanks. Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion net/netfilter/nf_tables_api.c | 47 +++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 11 deletions(-) -- 2.30.2

1 year, 5 months

1
3
0 0

[PATCH] mm/userfaultfd: Allow hugetlb change protection upon poison entry

by peterx＠redhat.com

From: Peter Xu <peterx(a)redhat.com> After UFFDIO_POISON, there can be two kinds of hugetlb pte markers, either the POISON one or UFFD_WP one. Allow change protection to run on a poisoned marker just like !hugetlb cases, ignoring the marker irrelevant of the permission. Here the two bits are mutual exclusive. For example, when install a poisoned entry it must not be UFFD_WP already (by checking pte_none() before such install). And it also means if UFFD_WP is set there must have no POISON bit set. It makes sense because UFFD_WP is a bit to reflect permission, and permissions do not apply if the pte is poisoned and destined to sigbus. So here we simply check uffd_wp bit set first, do nothing otherwise. Attach the Fixes to UFFDIO_POISON work, as before that it should not be possible to have poison entry for hugetlb (e.g., hugetlb doesn't do swap, so no chance of swapin errors). Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: linux-stable <stable(a)vger.kernel.org> # 6.6+ Link: https://lore.kernel.org/r/000000000000920d5e0615602dd1@google.com Reported-by: syzbot+b07c8ac8eee3d4d8440f(a)syzkaller.appspotmail.com Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Signed-off-by: Peter Xu <peterx(a)redhat.com> --- mm/hugetlb.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 8267e221ca5d..ba7162441adf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -6960,9 +6960,13 @@ long hugetlb_change_protection(struct vm_area_struct *vma, if (!pte_same(pte, newpte)) set_huge_pte_at(mm, address, ptep, newpte, psize); } else if (unlikely(is_pte_marker(pte))) { - /* No other markers apply for now. */ - WARN_ON_ONCE(!pte_marker_uffd_wp(pte)); - if (uffd_wp_resolve) + /* + * Do nothing on a poison marker; page is + * corrupted, permissons do not apply. Here + * pte_marker_uffd_wp()==true implies !poison + * because they're mutual exclusive. + */ + if (pte_marker_uffd_wp(pte) && uffd_wp_resolve) /* Safe to modify directly (non-present->none). */ huge_pte_clear(mm, address, ptep, psize); } else if (!huge_pte_none(pte)) { -- 2.44.0

1 year, 5 months

3
2
0 0

+ ocfs2-use-coarse-time-for-new-created-files.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: use coarse time for new created files has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-use-coarse-time-for-new-created-files.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: use coarse time for new created files Date: Mon, 8 Apr 2024 16:20:41 +0800 The default atime related mount option is '-o realtime' which means file atime should be updated if atime <= ctime or atime <= mtime. atime should be updated in the following scenario, but it is not: ========================================================== $ rm /mnt/testfile; $ echo test > /mnt/testfile $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 $ sleep 5 $ cat /mnt/testfile > /dev/null $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 ========================================================== And the reason the atime in the test is not updated is that ocfs2 calls ktime_get_real_ts64() in __ocfs2_mknod_locked during file creation. Then inode_set_ctime_current() is called in inode_set_ctime_current() calls ktime_get_coarse_real_ts64() to get current time. ktime_get_real_ts64() is more accurate than ktime_get_coarse_real_ts64(). In my test box, I saw ctime set by ktime_get_coarse_real_ts64() is less than ktime_get_real_ts64() even ctime is set later. The ctime of the new inode is smaller than atime. The call trace is like: ocfs2_create ocfs2_mknod __ocfs2_mknod_locked .... ktime_get_real_ts64 <------- set atime,ctime,mtime, more accurate ocfs2_populate_inode ... ocfs2_init_acl ocfs2_acl_set_mode inode_set_ctime_current current_time ktime_get_coarse_real_ts64 <-------less accurate ocfs2_file_read_iter ocfs2_inode_lock_atime ocfs2_should_update_atime atime <= ctime ? <-------- false, ctime < atime due to accuracy So here call ktime_get_coarse_real_ts64 to set inode time coarser while creating new files. It may lower the accuracy of file times. But it's not a big deal since we already use coarse time in other places like ocfs2_update_inode_atime and inode_set_ctime_current. Link: https://lkml.kernel.org/r/20240408082041.20925-5-glass.su@suse.com Fixes: c62c38f6b91b ("ocfs2: replace CURRENT_TIME macro") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/ocfs2/namei.c~ocfs2-use-coarse-time-for-new-created-files +++ a/fs/ocfs2/namei.c @@ -566,7 +566,7 @@ static int __ocfs2_mknod_locked(struct i fe->i_last_eb_blk = 0; strcpy(fe->i_signature, OCFS2_INODE_SIGNATURE); fe->i_flags |= cpu_to_le32(OCFS2_VALID_FL); - ktime_get_real_ts64(&ts); + ktime_get_coarse_real_ts64(&ts); fe->i_atime = fe->i_ctime = fe->i_mtime = cpu_to_le64(ts.tv_sec); fe->i_mtime_nsec = fe->i_ctime_nsec = fe->i_atime_nsec = _ Patches currently in -mm which might be from glass.su(a)suse.com are ocfs2-update-inode-ctime-in-ocfs2_fileattr_set.patch ocfs2-return-real-error-code-in-ocfs2_dio_wr_get_block.patch ocfs2-fix-races-between-hole-punching-and-aiodio.patch ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch ocfs2-use-coarse-time-for-new-created-files.patch

1 year, 5 months

1
0
0 0

+ ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link Date: Mon, 8 Apr 2024 16:20:40 +0800 transaction id should be updated in ocfs2_unlink and ocfs2_link. Otherwise, inode link will be wrong after journal replay even fsync was called before power failure: ======================================================================= $ touch testdir/bar $ ln testdir/bar testdir/bar_link $ fsync testdir/bar $ stat -c %h $SCRATCH_MNT/testdir/bar 1 $ stat -c %h $SCRATCH_MNT/testdir/bar 1 ======================================================================= Link: https://lkml.kernel.org/r/20240408082041.20925-4-glass.su@suse.com Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ocfs2/namei.c~ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link +++ a/fs/ocfs2/namei.c @@ -797,6 +797,7 @@ static int ocfs2_link(struct dentry *old ocfs2_set_links_count(fe, inode->i_nlink); fe->i_ctime = cpu_to_le64(inode_get_ctime_sec(inode)); fe->i_ctime_nsec = cpu_to_le32(inode_get_ctime_nsec(inode)); + ocfs2_update_inode_fsync_trans(handle, inode, 0); ocfs2_journal_dirty(handle, fe_bh); err = ocfs2_add_entry(handle, dentry, inode, @@ -993,6 +994,7 @@ static int ocfs2_unlink(struct inode *di drop_nlink(inode); drop_nlink(inode); ocfs2_set_links_count(fe, inode->i_nlink); + ocfs2_update_inode_fsync_trans(handle, inode, 0); ocfs2_journal_dirty(handle, fe_bh); inode_set_mtime_to_ts(dir, inode_set_ctime_current(dir)); _ Patches currently in -mm which might be from glass.su(a)suse.com are ocfs2-update-inode-ctime-in-ocfs2_fileattr_set.patch ocfs2-return-real-error-code-in-ocfs2_dio_wr_get_block.patch ocfs2-fix-races-between-hole-punching-and-aiodio.patch ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch ocfs2-use-coarse-time-for-new-created-files.patch

1 year, 5 months

1
0
0 0

+ ocfs2-fix-races-between-hole-punching-and-aiodio.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix races between hole punching and AIO+DIO has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-fix-races-between-hole-punching-and-aiodio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: fix races between hole punching and AIO+DIO Date: Mon, 8 Apr 2024 16:20:39 +0800 After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block", fstests/generic/300 become from always failed to sometimes failed: ======================================================================== [ 473.293420 ] run fstests generic/300 [ 475.296983 ] JBD2: Ignoring recovery information on journal [ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode. [ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found [ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 494.292018 ] OCFS2: File system is now read-only. [ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30 [ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3 fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072 ========================================================================= In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten extents to a list. extents are also inserted into extent tree in ocfs2_write_begin_nolock. Then another thread call fallocate to puch a hole at one of the unwritten extent. The extent at cpos was removed by ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list found there is no such extent at the cpos. T1 T2 T3 inode lock ... insert extents ... inode unlock ocfs2_fallocate __ocfs2_change_file_space inode lock lock ip_alloc_sem ocfs2_remove_inode_range inode ocfs2_remove_btree_range ocfs2_remove_extent ^---remove the extent at cpos 78723 ... unlock ip_alloc_sem inode unlock ocfs2_dio_end_io ocfs2_dio_end_io_write lock ip_alloc_sem ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_search_extent_list ^---failed to find extent ... unlock ip_alloc_sem In most filesystems, fallocate is not compatible with racing with AIO+DIO, so fix it by adding to wait for all dio before fallocate/punch_hole like ext4. Link: https://lkml.kernel.org/r/20240408082041.20925-3-glass.su@suse.com Fixes: b25801038da5 ("ocfs2: Support xfs style space reservation ioctls") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/file.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ocfs2/file.c~ocfs2-fix-races-between-hole-punching-and-aiodio +++ a/fs/ocfs2/file.c @@ -1936,6 +1936,8 @@ static int __ocfs2_change_file_space(str inode_lock(inode); + /* Wait all existing dio workers, newcomers will block on i_rwsem */ + inode_dio_wait(inode); /* * This prevents concurrent writes on other nodes */ _ Patches currently in -mm which might be from glass.su(a)suse.com are ocfs2-update-inode-ctime-in-ocfs2_fileattr_set.patch ocfs2-return-real-error-code-in-ocfs2_dio_wr_get_block.patch ocfs2-fix-races-between-hole-punching-and-aiodio.patch ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch ocfs2-use-coarse-time-for-new-created-files.patch

1 year, 5 months

1
0
0 0

+ mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm,swapops: update check in is_pfn_swap_entry for hwpoison entries has been added to the -mm mm-hotfixes-unstable branch. Its filename is mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Oscar Salvador <osalvador(a)suse.de> Subject: mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Date: Sun, 7 Apr 2024 15:05:37 +0200 Tony reported that the Machine check recovery was broken in v6.9-rc1, as he was hitting a VM_BUG_ON when injecting uncorrectable memory errors to DRAM. After some more digging and debugging on his side, he realized that this went back to v6.1, with the introduction of 'commit 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")'. That commit, among other things, introduced swp_offset_pfn(), replacing hwpoison_entry_to_pfn() in its favour. The patch also introduced a VM_BUG_ON() check for is_pfn_swap_entry(), but is_pfn_swap_entry() never got updated to cover hwpoison entries, which means that we would hit the VM_BUG_ON whenever we would call swp_offset_pfn() for such entries on environments with CONFIG_DEBUG_VM set. Fix this by updating the check to cover hwpoison entries as well, and update the comment while we are it. Link: https://lkml.kernel.org/r/20240407130537.16977-1-osalvador@suse.de Fixes: 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry") Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reported-by: Tony Luck <tony.luck(a)intel.com> Closes: https://lore.kernel.org/all/Zg8kLSl2yAlA3o5D@agluck-desk3/ Tested-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.1.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/swapops.h | 65 +++++++++++++++++++------------------- 1 file changed, 33 insertions(+), 32 deletions(-) --- a/include/linux/swapops.h~mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries +++ a/include/linux/swapops.h @@ -390,6 +390,35 @@ static inline bool is_migration_entry_di } #endif /* CONFIG_MIGRATION */ +#ifdef CONFIG_MEMORY_FAILURE + +/* + * Support for hardware poisoned pages + */ +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + BUG_ON(!PageLocked(page)); + return swp_entry(SWP_HWPOISON, page_to_pfn(page)); +} + +static inline int is_hwpoison_entry(swp_entry_t entry) +{ + return swp_type(entry) == SWP_HWPOISON; +} + +#else + +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + return swp_entry(0, 0); +} + +static inline int is_hwpoison_entry(swp_entry_t swp) +{ + return 0; +} +#endif + typedef unsigned long pte_marker; #define PTE_MARKER_UFFD_WP BIT(0) @@ -483,8 +512,9 @@ static inline struct folio *pfn_swap_ent /* * A pfn swap entry is a special type of swap entry that always has a pfn stored - * in the swap offset. They are used to represent unaddressable device memory - * and to restrict access to a page undergoing migration. + * in the swap offset. They can either be used to represent unaddressable device + * memory, to restrict access to a page undergoing migration or to represent a + * pfn which has been hwpoisoned and unmapped. */ static inline bool is_pfn_swap_entry(swp_entry_t entry) { @@ -492,7 +522,7 @@ static inline bool is_pfn_swap_entry(swp BUILD_BUG_ON(SWP_TYPE_SHIFT < SWP_PFN_BITS); return is_migration_entry(entry) || is_device_private_entry(entry) || - is_device_exclusive_entry(entry); + is_device_exclusive_entry(entry) || is_hwpoison_entry(entry); } struct page_vma_mapped_walk; @@ -561,35 +591,6 @@ static inline int is_pmd_migration_entry } #endif /* CONFIG_ARCH_ENABLE_THP_MIGRATION */ -#ifdef CONFIG_MEMORY_FAILURE - -/* - * Support for hardware poisoned pages - */ -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - BUG_ON(!PageLocked(page)); - return swp_entry(SWP_HWPOISON, page_to_pfn(page)); -} - -static inline int is_hwpoison_entry(swp_entry_t entry) -{ - return swp_type(entry) == SWP_HWPOISON; -} - -#else - -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - return swp_entry(0, 0); -} - -static inline int is_hwpoison_entry(swp_entry_t swp) -{ - return 0; -} -#endif - static inline int non_swap_entry(swp_entry_t entry) { return swp_type(entry) >= MAX_SWAPFILES; _ Patches currently in -mm which might be from osalvador(a)suse.de are mmpage_owner-update-metadata-for-tail-pages.patch mmpage_owner-fix-refcount-imbalance.patch mmpage_owner-fix-accounting-of-pages-when-migrating.patch mmpage_owner-fix-printing-of-stack-records.patch mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch

1 year, 5 months

1
0
0 0

+ mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Sun, 7 Apr 2024 16:54:56 +0800 When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mutex_lock+0x6c/0x770 page_alloc_cpu_online+0x3c/0x70 cpuhp_invoke_callback+0x397/0x5f0 __cpuhp_invoke_callback_range+0x71/0xe0 _cpu_up+0xeb/0x210 cpu_up+0x91/0xe0 cpuhp_bringup_mask+0x49/0xb0 bringup_nonboot_cpus+0xb7/0xe0 smp_init+0x25/0xa0 kernel_init_freeable+0x15f/0x3e0 kernel_init+0x15/0x1b0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 -> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pcp_batch_high_lock); lock(cpu_hotplug_lock); lock(pcp_batch_high_lock); rlock(cpu_hotplug_lock); *** DEADLOCK *** 5 locks held by bash/46904: #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70 #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 stack backtrace: CPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 check_noncircular+0x129/0x140 __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fc862314887 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887 RDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001 RBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00 In short, below scene breaks the lock dependency chain: memory_failure __page_handle_poison zone_pcp_disable -- lock(pcp_batch_high_lock) dissolve_free_huge_page __hugetlb_vmemmap_restore_folio static_key_slow_dec cpus_read_lock -- rlock(cpu_hotplug_lock) Fix this by calling drain_all_pages() instead. Link: https://lkml.kernel.org/r/20240407085456.2798193-1-linmiaohe@huawei.com Fixes: 510d25c92ec4a ("mm/hwpoison: disable pcp for page_handle_poison()") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled +++ a/mm/memory-failure.c @@ -154,11 +154,17 @@ static int __page_handle_poison(struct p { int ret; - zone_pcp_disable(page_zone(page)); + /* + * zone_pcp_disable() can't be used here. It will hold pcp_batch_high_lock and + * dissolve_free_huge_page() might hold cpu_hotplug_lock via static_key_slow_dec() + * when hugetlb vmemmap optimization is enabled. This will break current lock + * dependency chain and leads to deadlock. + */ ret = dissolve_free_huge_page(page); - if (!ret) + if (!ret) { + drain_all_pages(page_zone(page)); ret = take_page_off_buddy(page); - zone_pcp_enable(page_zone(page)); + } return ret; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch

1 year, 5 months

1
0
0 0

+ mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/userfaultfd: Allow hugetlb change protection upon poison entry has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/userfaultfd: Allow hugetlb change protection upon poison entry Date: Fri, 5 Apr 2024 19:19:20 -0400 After UFFDIO_POISON, there can be two kinds of hugetlb pte markers, either the POISON one or UFFD_WP one. Allow change protection to run on a poisoned marker just like !hugetlb cases, ignoring the marker irrelevant of the permission. Here the two bits are mutual exclusive. For example, when install a poisoned entry it must not be UFFD_WP already (by checking pte_none() before such install). And it also means if UFFD_WP is set there must have no POISON bit set. It makes sense because UFFD_WP is a bit to reflect permission, and permissions do not apply if the pte is poisoned and destined to sigbus. So here we simply check uffd_wp bit set first, do nothing otherwise. Attach the Fixes to UFFDIO_POISON work, as before that it should not be possible to have poison entry for hugetlb (e.g., hugetlb doesn't do swap, so no chance of swapin errors). Link: https://lkml.kernel.org/r/20240405231920.1772199-1-peterx@redhat.com Link: https://lore.kernel.org/r/000000000000920d5e0615602dd1@google.com Reported-by: syzbot+b07c8ac8eee3d4d8440f(a)syzkaller.appspotmail.com Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Signed-off-by: Peter Xu <peterx(a)redhat.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/hugetlb.c~mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry +++ a/mm/hugetlb.c @@ -7044,9 +7044,13 @@ long hugetlb_change_protection(struct vm if (!pte_same(pte, newpte)) set_huge_pte_at(mm, address, ptep, newpte, psize); } else if (unlikely(is_pte_marker(pte))) { - /* No other markers apply for now. */ - WARN_ON_ONCE(!pte_marker_uffd_wp(pte)); - if (uffd_wp_resolve) + /* + * Do nothing on a poison marker; page is + * corrupted, permissons do not apply. Here + * pte_marker_uffd_wp()==true implies !poison + * because they're mutual exclusive. + */ + if (pte_marker_uffd_wp(pte) && uffd_wp_resolve) /* Safe to modify directly (non-present->none). */ huge_pte_clear(mm, address, ptep, psize); } else if (!huge_pte_none(pte)) { _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch mm-hmm-process-pud-swap-entry-without-pud_huge.patch mm-gup-cache-p4d-in-follow_p4d_mask.patch mm-gup-check-p4d-presence-before-going-on.patch mm-x86-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-sparc-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-arm-use-macros-to-define-pmd-pud-helpers.patch mm-arm-redefine-pmd_huge-with-pmd_leaf.patch mm-arm64-merge-pxd_huge-and-pxd_leaf-definitions.patch mm-powerpc-redefine-pxd_huge-with-pxd_leaf.patch mm-gup-merge-pxd-huge-mapping-checks.patch mm-treewide-replace-pxd_huge-with-pxd_leaf.patch mm-treewide-remove-pxd_huge.patch mm-arm-remove-pmd_thp_or_huge.patch mm-document-pxd_leaf-api.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation-fix.patch mm-kconfig-config_pgtable_has_huge_leaves.patch mm-hugetlb-declare-hugetlbfs_pagecache_present-non-static.patch mm-make-hpage_pxd_-macros-even-if-thp.patch mm-introduce-vma_pgtable_walk_beginend.patch mm-arch-provide-pud_pfn-fallback.patch mm-arch-provide-pud_pfn-fallback-fix.patch mm-gup-drop-folio_fast_pin_allowed-in-hugepd-processing.patch mm-gup-refactor-record_subpages-to-find-1st-small-page.patch mm-gup-handle-hugetlb-for-no_page_table.patch mm-gup-cache-pudp-in-follow_pud_mask.patch mm-gup-handle-huge-pud-for-follow_pud_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask-fix.patch mm-gup-handle-hugepd-for-follow_page.patch mm-gup-handle-hugetlb-in-the-generic-follow_page_mask-code.patch mm-allow-anon-exclusive-check-over-hugetlb-tail-pages.patch

1 year, 5 months

1
0
0 0

[PATCH] drm/ttm: Print the memory decryption status just once

by Zack Rusin

Stop printing the TT memory decryption status info each time tt is created and instead print it just once. Reduces the spam in the system logs when running guests with SEV enabled. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 71ce046327cf ("drm/ttm: Make sure the mapped tt pages are decrypted when needed") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v5.14+ --- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ttm/ttm_tt.c b/drivers/gpu/drm/ttm/ttm_tt.c index 578a7c37f00b..d776e3f87064 100644 --- a/drivers/gpu/drm/ttm/ttm_tt.c +++ b/drivers/gpu/drm/ttm/ttm_tt.c @@ -92,7 +92,7 @@ int ttm_tt_create(struct ttm_buffer_object *bo, bool zero_alloc) */ if (bdev->pool.use_dma_alloc && cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) { page_flags |= TTM_TT_FLAG_DECRYPTED; - drm_info(ddev, "TT memory decryption enabled."); + drm_info_once(ddev, "TT memory decryption enabled."); } bo->ttm = bdev->funcs->ttm_tt_create(bo, page_flags); -- 2.40.1

1 year, 5 months

2
1
0 0

[REGRESSION] ax88179_178a assigns the same MAC address to all USB network interfaces

by Jarkko Palviainen

Hi, Starting from kernel version 6.7.4 I hit the following problem: when I connect two or more USB-to-ethernet adapters to the computer they get assigned the same MAC address. Furthermore, the address is not the one specified in any of the device labels but is selected seemingly at random on boot. This becomes a blocking issue when trying to use SYSTEMD.LINK(5) to match the interfaces. 6.7.3 is OK, 6.7.4 introduces this behavior in the following upstream commit: d2689b6a86b9 net: usb: ax88179_178a: avoid two consecutive device resets Reverting this commit in 6.7.4 fixes the issue. The behavior is also present in LTS 6.6.23. The commit has been backported in 6.6.16. Example system log when connecting two adapters. Both interfaces are assigned address 02:a5:ab:80:e6:94. kernel: usb 2-5.4: new SuperSpeed USB device number 3 using xhci_hcd kernel: usb 2-5.4: New USB device found, idVendor=2001, idProduct=4a00, bcdDevice= 1.00 kernel: usb 2-5.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 kernel: usb 2-5.4: Product: D-Link DUB-1312 kernel: usb 2-5.4: Manufacturer: D-Link Elec. Corp. kernel: usb 2-5.4: SerialNumber: 00000000001D4D mtp-probe[2431]: checking bus 2, device 3: "/sys/devices/pci0000:00/0000:00:14.0/usb2/2-5/2-5.4" mtp-probe[2431]: bus: 2, device: 3 was not an MTP device kernel: ax88179_178a 2-5.4:1.0 eth0: register 'ax88179_178a' at usb-0000:00:14.0-5.4, D-Link DUB-1312 USB 3.0 to Gigabit Ethernet Adapter, 02:a5:ab:80:e6:94 kernel: usbcore: registered new interface driver ax88179_178a mtp-probe[2436]: checking bus 2, device 3: "/sys/devices/pci0000:00/0000:00:14.0/usb2/2-5/2-5.4" mtp-probe[2436]: bus: 2, device: 3 was not an MTP device kernel: ax88179_178a 2-5.4:1.0 enp0s20f0u5u4: renamed from eth0 systemd-networkd[469]: eth0: Interface name change detected, renamed to enp0s20f0u5u4. kernel: usb 1-5.3: new high-speed USB device number 8 using xhci_hcd kernel: usb 1-5.3: New USB device found, idVendor=0b95, idProduct=1790, bcdDevice= 1.00 kernel: usb 1-5.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 kernel: usb 1-5.3: Product: AX88179 kernel: usb 1-5.3: Manufacturer: ASIX Elec. Corp. kernel: usb 1-5.3: SerialNumber: 0000249B2BAEC8 kernel: ax88179_178a 1-5.3:1.0 eth0: register 'ax88179_178a' at usb-0000:00:14.0-5.3, ASIX AX88179 USB 3.0 Gigabit Ethernet, 02:a5:ab:80:e6:94 mtp-probe[2440]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-5/1-5.3" mtp-probe[2440]: bus: 1, device: 8 was not an MTP device kernel: ax88179_178a 1-5.3:1.0 enp0s20f0u5u3: renamed from eth0 systemd-networkd[469]: eth0: Interface name change detected, renamed to enp0s20f0u5u3. mtp-probe[2444]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-5/1-5.3" mtp-probe[2444]: bus: 1, device: 8 was not an MTP device

1 year, 5 months

2
1
0 0

Re: [PATCH 6.8 000/273] 6.8.5-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 5 months

1
0
0 0

[tip: timers/urgent] irqflags: Explicitly ignore lockdep_hrtimer_exit() argument

by tip-bot2 for Arnd Bergmann

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: c1d11fc2c8320871b40730991071dd0a0b405bc8 Gitweb: https://git.kernel.org/tip/c1d11fc2c8320871b40730991071dd0a0b405bc8 Author: Arnd Bergmann <arnd(a)arndb.de> AuthorDate: Mon, 08 Apr 2024 09:46:01 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 08 Apr 2024 16:34:18 +02:00 irqflags: Explicitly ignore lockdep_hrtimer_exit() argument When building with 'make W=1' but CONFIG_TRACE_IRQFLAGS=n, the unused argument to lockdep_hrtimer_exit() causes a warning: kernel/time/hrtimer.c:1655:14: error: variable 'expires_in_hardirq' set but not used [-Werror=unused-but-set-variable] This is intentional behavior, so add a cast to void to shut up the warning. Fixes: 73d20564e0dc ("hrtimer: Don't dereference the hrtimer pointer after the callback") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240408074609.3170807-1-arnd@kernel.org Closes: https://lore.kernel.org/oe-kbuild-all/202311191229.55QXHVc6-lkp@intel.com/ --- include/linux/irqflags.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/irqflags.h b/include/linux/irqflags.h index 147feeb..3f003d5 100644 --- a/include/linux/irqflags.h +++ b/include/linux/irqflags.h @@ -114,7 +114,7 @@ do { \ # define lockdep_softirq_enter() do { } while (0) # define lockdep_softirq_exit() do { } while (0) # define lockdep_hrtimer_enter(__hrtimer) false -# define lockdep_hrtimer_exit(__context) do { } while (0) +# define lockdep_hrtimer_exit(__context) do { (void)(__context); } while (0) # define lockdep_posixtimer_enter() do { } while (0) # define lockdep_posixtimer_exit() do { } while (0) # define lockdep_irq_work_enter(__work) do { } while (0)

1 year, 5 months

1
0
0 0

[PATCH 6.1] wifi: mac80211: avoid lockdep checking when removing deflink

by Alexander Ofitserov

From: Benjamin Berg <benjamin.berg(a)intel.com> [ Upstream commit b8b80770b26c4591f20f1cde3328e5f1489c4488 ] struct sta_info may be removed without holding sta_mtx if it has not yet been inserted. To support this, only assert that the lock is held for links other than the deflink. This fixes lockdep issues that may be triggered in error cases. Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com> Signed-off-by: Gregory Greenman <gregory.greenman(a)intel.com> Link: https://lore.kernel.org/r/20230619161906.cdd81377dea0.If5a6734b4b85608a2275… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- net/mac80211/sta_info.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index bd56015b29258..edec857edbd25 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -357,8 +357,9 @@ static void sta_remove_link(struct sta_info *sta, unsigned int link_id, struct sta_link_alloc *alloc = NULL; struct link_sta_info *link_sta; - link_sta = rcu_dereference_protected(sta->link[link_id], - lockdep_is_held(&sta->local->sta_mtx)); + link_sta = rcu_access_pointer(sta->link[link_id]); + if (link_sta != &sta->deflink) + lockdep_assert_held(&sta->local->sta_mtx); if (WARN_ON(!link_sta)) return; -- 2.42.1

1 year, 5 months

1
0
0 0

[PATCH v4] x86/asm: Force native_apic_mem_read() to use the MOV instruction

by Adam Dunlap

When done from a virtual machine, instructions that touch APIC memory must be emulated. By convention, MMIO access are typically performed via io.h helpers such as 'readl()' or 'writeq()' to simplify instruction emulation/decoding (ex: in KVM hosts and SEV guests) [0]. Currently, native_apic_mem_read() does not follow this convention, allowing the compiler to emit instructions other than the MOV instruction generated by readl(). In particular, when compiled with clang and run as a SEV-ES or SEV-SNP guest, the compiler would emit a TESTL instruction which is not supported by the SEV-ES emulator, causing a boot failure in that environment. It is likely the same problem would happen in a TDX guest as that uses the same instruction emulator as SEV-ES. To make sure all emulators can emulate APIC memory reads via MOV, use the readl() function in native_apic_mem_read(). It is expected that any emulator would support MOV in any addressing mode it is the most generic and is what is ususally emitted currently. The TESTL instruction is emitted when native_apic_mem_read() is inlined into apic_mem_wait_icr_idle(). The emulator comes from insn_decode_mmio in arch/x86/lib/insn-eval.c. It's not worth it to extend insn_decode_mmio to support more instructions since, in theory, the compiler could choose to output nearly any instruction for such reads which would bloat the emulator beyond reason. [0] https://lore.kernel.org/all/20220405232939.73860-12-kirill.shutemov@linux.i… Signed-off-by: Adam Dunlap <acdunlap(a)google.com> Tested-by: Kevin Loughlin <kevinloughlin(a)google.com> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org --- An alterative to this approach would be to use inline assembly instead of the readl() helper, as that is what native_apic_mem_write() does. I consider using readl() to be cleaner since it is documented to be a simple wrapper and inline assembly is less readable. native_apic_mem_write() cannot be trivially updated to use writel since it appears to use custom asm to workaround for a processor-specific bug. Patch changelog: V1 -> V2: Replaced asm with readl function which does the same thing V2 -> V3: Updated commit message to show more motivation and justification V3 -> V4: Fixed nits in commit message Link to v2 discussion: https://lore.kernel.org/all/20220908170456.3177635-1-acdunlap@google.com/ arch/x86/include/asm/apic.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 9d159b771dc8..dddd3fc195ef 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -13,6 +13,7 @@ #include <asm/mpspec.h> #include <asm/msr.h> #include <asm/hardirq.h> +#include <asm/io.h> #define ARCH_APICTIMER_STOPS_ON_C3 1 @@ -96,7 +97,7 @@ static inline void native_apic_mem_write(u32 reg, u32 v) static inline u32 native_apic_mem_read(u32 reg) { - return *((volatile u32 *)(APIC_BASE + reg)); + return readl((void __iomem *)(APIC_BASE + reg)); } static inline void native_apic_mem_eoi(void) -- 2.43.0.594.gd9cf4e227d-goog

1 year, 5 months

3
2
0 0

[PATCH 5.15] x86/mm/pat: clear VM_PAT if copy_p4d_range failed

by Alexander Ofitserov

From: Ma Wupeng <mawupeng1(a)huawei.com> [ Upstream commit d155df53f31068c3340733d586eb9b3ddfd70fc5 ] Syzbot reports a warning in untrack_pfn(). Digging into the root we found that this is due to memory allocation failure in pmd_alloc_one. And this failure is produced due to failslab. In copy_page_range(), memory alloaction for pmd failed. During the error handling process in copy_page_range(), mmput() is called to remove all vmas. While untrack_pfn this empty pfn, warning happens. Here's a simplified flow: dup_mm dup_mmap copy_page_range copy_p4d_range copy_pud_range copy_pmd_range pmd_alloc __pmd_alloc pmd_alloc_one page = alloc_pages(gfp, 0); if (!page) return NULL; mmput exit_mmap unmap_vmas unmap_single_vma untrack_pfn follow_phys WARN_ON_ONCE(1); Since this vma is not generate successfully, we can clear flag VM_PAT. In this case, untrack_pfn() will not be called while cleaning this vma. Function untrack_pfn_moved() has also been renamed to fit the new logic. Link: https://lkml.kernel.org/r/20230217025615.1595558-1-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Reported-by: <syzbot+5f488e922d047d8f00cc(a)syzkaller.appspotmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- arch/x86/mm/pat/memtype.c | 12 ++++++++---- include/linux/pgtable.h | 7 ++++--- mm/memory.c | 1 + mm/mremap.c | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index d5ef64ddd35e9..fd819f112a7a7 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -1108,11 +1108,15 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, } /* - * untrack_pfn_moved is called, while mremapping a pfnmap for a new region, - * with the old vma after its pfnmap page table has been removed. The new - * vma has a new pfnmap to the same pfn & cache type with VM_PAT set. + * untrack_pfn_clear is called if the following situation fits: + * + * 1) while mremapping a pfnmap for a new region, with the old vma after + * its pfnmap page table has been removed. The new vma has a new pfnmap + * to the same pfn & cache type with VM_PAT set. + * 2) while duplicating vm area, the new vma fails to copy the pgtable from + * old vma. */ -void untrack_pfn_moved(struct vm_area_struct *vma) +void untrack_pfn_clear(struct vm_area_struct *vma) { vma->vm_flags &= ~VM_PAT; } diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index d468efcf48f45..734d5e707fe6d 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1121,9 +1121,10 @@ static inline void untrack_pfn(struct vm_area_struct *vma, } /* - * untrack_pfn_moved is called while mremapping a pfnmap for a new region. + * untrack_pfn_clear is called while mremapping a pfnmap for a new region + * or fails to copy pgtable during duplicate vm area. */ -static inline void untrack_pfn_moved(struct vm_area_struct *vma) +static inline void untrack_pfn_clear(struct vm_area_struct *vma) { } #else @@ -1135,7 +1136,7 @@ extern void track_pfn_insert(struct vm_area_struct *vma, pgprot_t *prot, extern int track_pfn_copy(struct vm_area_struct *vma); extern void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size); -extern void untrack_pfn_moved(struct vm_area_struct *vma); +extern void untrack_pfn_clear(struct vm_area_struct *vma); #endif #ifdef CONFIG_MMU diff --git a/mm/memory.c b/mm/memory.c index 8d71a82462dd5..95db1df5fd03a 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1289,6 +1289,7 @@ copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma) continue; if (unlikely(copy_p4d_range(dst_vma, src_vma, dst_pgd, src_pgd, addr, next))) { + untrack_pfn_clear(dst_vma); ret = -ENOMEM; break; } diff --git a/mm/mremap.c b/mm/mremap.c index 3a3cf4cc2c632..9457a1e06b5ae 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -668,7 +668,7 @@ static unsigned long move_vma(struct vm_area_struct *vma, /* Tell pfnmap has moved from this vma */ if (unlikely(vma->vm_flags & VM_PFNMAP)) - untrack_pfn_moved(vma); + untrack_pfn_clear(vma); if (unlikely(!err && (flags & MREMAP_DONTUNMAP))) { /* We always clear VM_LOCKED[ONFAULT] on the old vma */ -- 2.42.1

1 year, 5 months

1
0
0 0

[PATCH -for-stable-v6.6+ 0/6] EFI/x86 updates for secure boot

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> Please merge the attached series into stable branches v6.6 and v6.8. They backport changes that are part of the work to harden the EFI stub and make it compatible with MS requirements on EFI memory protections on secure boot enabled systems. Note that the first patch by Hou Wenlong is already in v6.8. The remaining ones should apply equally to v6.6 and v6.8. Only patch #5 was tweaked for context changes due to backports that overtook this one. Thanks. Ard Biesheuvel (5): efi/libstub: Add generic support for parsing mem_encrypt= x86/boot: Move mem_encrypt= parsing to the decompressor x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute Hou Wenlong (1): x86/head/64: Move the __head definition to <asm/init.h> arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 +++++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +-- arch/x86/include/asm/sev.h | 10 +-- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/sev-shared.c | 23 +++--- arch/x86/kernel/sev.c | 14 ++-- arch/x86/lib/Makefile | 13 ---- arch/x86/mm/mem_encrypt_identity.c | 74 ++++++-------------- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 +++ drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +++- 16 files changed, 94 insertions(+), 100 deletions(-) -- 2.44.0.478.gd926399ef9-goog

1 year, 5 months

3
9
0 0

[PATCH 5.10] x86/mm/pat: clear VM_PAT if copy_p4d_range failed

by Alexander Ofitserov

From: Ma Wupeng <mawupeng1(a)huawei.com> [ Upstream commit d155df53f31068c3340733d586eb9b3ddfd70fc5 ] Syzbot reports a warning in untrack_pfn(). Digging into the root we found that this is due to memory allocation failure in pmd_alloc_one. And this failure is produced due to failslab. In copy_page_range(), memory alloaction for pmd failed. During the error handling process in copy_page_range(), mmput() is called to remove all vmas. While untrack_pfn this empty pfn, warning happens. Here's a simplified flow: dup_mm dup_mmap copy_page_range copy_p4d_range copy_pud_range copy_pmd_range pmd_alloc __pmd_alloc pmd_alloc_one page = alloc_pages(gfp, 0); if (!page) return NULL; mmput exit_mmap unmap_vmas unmap_single_vma untrack_pfn follow_phys WARN_ON_ONCE(1); Since this vma is not generate successfully, we can clear flag VM_PAT. In this case, untrack_pfn() will not be called while cleaning this vma. Function untrack_pfn_moved() has also been renamed to fit the new logic. Link: https://lkml.kernel.org/r/20230217025615.1595558-1-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Reported-by: <syzbot+5f488e922d047d8f00cc(a)syzkaller.appspotmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- arch/x86/mm/pat/memtype.c | 12 ++++++++---- include/linux/pgtable.h | 7 ++++--- mm/memory.c | 1 + mm/mremap.c | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index f9c53a7107407..7c57001f79b83 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -1106,11 +1106,15 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, } /* - * untrack_pfn_moved is called, while mremapping a pfnmap for a new region, - * with the old vma after its pfnmap page table has been removed. The new - * vma has a new pfnmap to the same pfn & cache type with VM_PAT set. + * untrack_pfn_clear is called if the following situation fits: + * + * 1) while mremapping a pfnmap for a new region, with the old vma after + * its pfnmap page table has been removed. The new vma has a new pfnmap + * to the same pfn & cache type with VM_PAT set. + * 2) while duplicating vm area, the new vma fails to copy the pgtable from + * old vma. */ -void untrack_pfn_moved(struct vm_area_struct *vma) +void untrack_pfn_clear(struct vm_area_struct *vma) { vma->vm_flags &= ~VM_PAT; } diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index f924468d84ec4..b04a675fa320e 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1048,9 +1048,10 @@ static inline void untrack_pfn(struct vm_area_struct *vma, } /* - * untrack_pfn_moved is called while mremapping a pfnmap for a new region. + * untrack_pfn_clear is called while mremapping a pfnmap for a new region + * or fails to copy pgtable during duplicate vm area. */ -static inline void untrack_pfn_moved(struct vm_area_struct *vma) +static inline void untrack_pfn_clear(struct vm_area_struct *vma) { } #else @@ -1062,7 +1063,7 @@ extern void track_pfn_insert(struct vm_area_struct *vma, pgprot_t *prot, extern int track_pfn_copy(struct vm_area_struct *vma); extern void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size); -extern void untrack_pfn_moved(struct vm_area_struct *vma); +extern void untrack_pfn_clear(struct vm_area_struct *vma); #endif #ifdef __HAVE_COLOR_ZERO_PAGE diff --git a/mm/memory.c b/mm/memory.c index fddd2e9aff245..cbd62138dfff0 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1204,6 +1204,7 @@ copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma) continue; if (unlikely(copy_p4d_range(dst_vma, src_vma, dst_pgd, src_pgd, addr, next))) { + untrack_pfn_clear(dst_vma); ret = -ENOMEM; break; } diff --git a/mm/mremap.c b/mm/mremap.c index 3334c40222101..af4398387b49e 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -421,7 +421,7 @@ static unsigned long move_vma(struct vm_area_struct *vma, /* Tell pfnmap has moved from this vma */ if (unlikely(vma->vm_flags & VM_PFNMAP)) - untrack_pfn_moved(vma); + untrack_pfn_clear(vma); if (unlikely(!err && (flags & MREMAP_DONTUNMAP))) { if (vm_flags & VM_ACCOUNT) { -- 2.42.1

1 year, 5 months

1
0
0 0

[PATCH 6.1] x86/mm/pat: clear VM_PAT if copy_p4d_range failed

by Alexander Ofitserov

From: Ma Wupeng <mawupeng1(a)huawei.com> [ Upstream commit d155df53f31068c3340733d586eb9b3ddfd70fc5 ] Syzbot reports a warning in untrack_pfn(). Digging into the root we found that this is due to memory allocation failure in pmd_alloc_one. And this failure is produced due to failslab. In copy_page_range(), memory alloaction for pmd failed. During the error handling process in copy_page_range(), mmput() is called to remove all vmas. While untrack_pfn this empty pfn, warning happens. Here's a simplified flow: dup_mm dup_mmap copy_page_range copy_p4d_range copy_pud_range copy_pmd_range pmd_alloc __pmd_alloc pmd_alloc_one page = alloc_pages(gfp, 0); if (!page) return NULL; mmput exit_mmap unmap_vmas unmap_single_vma untrack_pfn follow_phys WARN_ON_ONCE(1); Since this vma is not generate successfully, we can clear flag VM_PAT. In this case, untrack_pfn() will not be called while cleaning this vma. Function untrack_pfn_moved() has also been renamed to fit the new logic. Link: https://lkml.kernel.org/r/20230217025615.1595558-1-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Reported-by: <syzbot+5f488e922d047d8f00cc(a)syzkaller.appspotmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- arch/x86/mm/pat/memtype.c | 12 ++++++++---- include/linux/pgtable.h | 7 ++++--- mm/memory.c | 1 + mm/mremap.c | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 66a209f7eb86d..ed07807845ab0 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -1116,11 +1116,15 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, } /* - * untrack_pfn_moved is called, while mremapping a pfnmap for a new region, - * with the old vma after its pfnmap page table has been removed. The new - * vma has a new pfnmap to the same pfn & cache type with VM_PAT set. + * untrack_pfn_clear is called if the following situation fits: + * + * 1) while mremapping a pfnmap for a new region, with the old vma after + * its pfnmap page table has been removed. The new vma has a new pfnmap + * to the same pfn & cache type with VM_PAT set. + * 2) while duplicating vm area, the new vma fails to copy the pgtable from + * old vma. */ -void untrack_pfn_moved(struct vm_area_struct *vma) +void untrack_pfn_clear(struct vm_area_struct *vma) { vma->vm_flags &= ~VM_PAT; } diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index 5f0d7d0b9471b..cce5f8ab461c6 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1214,9 +1214,10 @@ static inline void untrack_pfn(struct vm_area_struct *vma, } /* - * untrack_pfn_moved is called while mremapping a pfnmap for a new region. + * untrack_pfn_clear is called while mremapping a pfnmap for a new region + * or fails to copy pgtable during duplicate vm area. */ -static inline void untrack_pfn_moved(struct vm_area_struct *vma) +static inline void untrack_pfn_clear(struct vm_area_struct *vma) { } #else @@ -1228,7 +1229,7 @@ extern void track_pfn_insert(struct vm_area_struct *vma, pgprot_t *prot, extern int track_pfn_copy(struct vm_area_struct *vma); extern void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size); -extern void untrack_pfn_moved(struct vm_area_struct *vma); +extern void untrack_pfn_clear(struct vm_area_struct *vma); #endif #ifdef CONFIG_MMU diff --git a/mm/memory.c b/mm/memory.c index fb83cf56377ab..91e2d4520e4d4 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1335,6 +1335,7 @@ copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma) continue; if (unlikely(copy_p4d_range(dst_vma, src_vma, dst_pgd, src_pgd, addr, next))) { + untrack_pfn_clear(dst_vma); ret = -ENOMEM; break; } diff --git a/mm/mremap.c b/mm/mremap.c index 930f65c315c02..6ed28eeae5a84 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -682,7 +682,7 @@ static unsigned long move_vma(struct vm_area_struct *vma, /* Tell pfnmap has moved from this vma */ if (unlikely(vma->vm_flags & VM_PFNMAP)) - untrack_pfn_moved(vma); + untrack_pfn_clear(vma); if (unlikely(!err && (flags & MREMAP_DONTUNMAP))) { /* We always clear VM_LOCKED[ONFAULT] on the old vma */ -- 2.42.1

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] bpf: support deferring bpf_link dealloc to after RCU grace" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040548-lid-mahogany-fd86@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce Mon Sep 17 00:00:00 2001 From: Andrii Nakryiko <andrii(a)kernel.org> Date: Wed, 27 Mar 2024 22:24:26 -0700 Subject: [PATCH] bpf: support deferring bpf_link dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and multi-uprobes, link is used to fetch BPF cookie values. Because of this runtime dependency, when bpf_link refcnt drops to zero there could still be active BPF programs running accessing link data. This patch adds generic support to defer bpf_link dealloc callback to after RCU GP, if requested. This is done by exposing two different deallocation callbacks, one synchronous and one deferred. If deferred one is provided, bpf_link_free() will schedule dealloc_deferred() callback to happen after RCU GP. BPF is using two flavors of RCU: "classic" non-sleepable one and RCU tasks trace one. The latter is used when sleepable BPF programs are used. bpf_link_free() accommodates that by checking underlying BPF program's sleepable flag, and goes either through normal RCU GP only for non-sleepable, or through RCU tasks trace GP *and* then normal RCU GP (taking into account rcu_trace_implies_rcu_gp() optimization), if BPF program is sleepable. We use this for multi-kprobe and multi-uprobe links, which dereference link during program run. We also preventively switch raw_tp link to use deferred dealloc callback, as upcoming changes in bpf-next tree expose raw_tp link data (specifically, cookie value) to BPF program at runtime as well. Fixes: 0dcac2725406 ("bpf: Add multi kprobe link") Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Reported-by: syzbot+981935d9485a560bfbcb(a)syzkaller.appspotmail.com Reported-by: syzbot+2cb5a6c573e98db598cc(a)syzkaller.appspotmail.com Reported-by: syzbot+62d8b26793e8a2bd0516(a)syzkaller.appspotmail.com Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/r/20240328052426.3042617-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 4f20f62f9d63..890e152d553e 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1574,12 +1574,26 @@ struct bpf_link { enum bpf_link_type type; const struct bpf_link_ops *ops; struct bpf_prog *prog; - struct work_struct work; + /* rcu is used before freeing, work can be used to schedule that + * RCU-based freeing before that, so they never overlap + */ + union { + struct rcu_head rcu; + struct work_struct work; + }; }; struct bpf_link_ops { void (*release)(struct bpf_link *link); + /* deallocate link resources callback, called without RCU grace period + * waiting + */ void (*dealloc)(struct bpf_link *link); + /* deallocate link resources callback, called after RCU grace period; + * if underlying BPF program is sleepable we go through tasks trace + * RCU GP and then "classic" RCU GP + */ + void (*dealloc_deferred)(struct bpf_link *link); int (*detach)(struct bpf_link *link); int (*update_prog)(struct bpf_link *link, struct bpf_prog *new_prog, struct bpf_prog *old_prog); diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index ae2ff73bde7e..c287925471f6 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -3024,17 +3024,46 @@ void bpf_link_inc(struct bpf_link *link) atomic64_inc(&link->refcnt); } +static void bpf_link_defer_dealloc_rcu_gp(struct rcu_head *rcu) +{ + struct bpf_link *link = container_of(rcu, struct bpf_link, rcu); + + /* free bpf_link and its containing memory */ + link->ops->dealloc_deferred(link); +} + +static void bpf_link_defer_dealloc_mult_rcu_gp(struct rcu_head *rcu) +{ + if (rcu_trace_implies_rcu_gp()) + bpf_link_defer_dealloc_rcu_gp(rcu); + else + call_rcu(rcu, bpf_link_defer_dealloc_rcu_gp); +} + /* bpf_link_free is guaranteed to be called from process context */ static void bpf_link_free(struct bpf_link *link) { + bool sleepable = false; + bpf_link_free_id(link->id); if (link->prog) { + sleepable = link->prog->sleepable; /* detach BPF program, clean up used resources */ link->ops->release(link); bpf_prog_put(link->prog); } - /* free bpf_link and its containing memory */ - link->ops->dealloc(link); + if (link->ops->dealloc_deferred) { + /* schedule BPF link deallocation; if underlying BPF program + * is sleepable, we need to first wait for RCU tasks trace + * sync, then go through "classic" RCU grace period + */ + if (sleepable) + call_rcu_tasks_trace(&link->rcu, bpf_link_defer_dealloc_mult_rcu_gp); + else + call_rcu(&link->rcu, bpf_link_defer_dealloc_rcu_gp); + } + if (link->ops->dealloc) + link->ops->dealloc(link); } static void bpf_link_put_deferred(struct work_struct *work) @@ -3544,7 +3573,7 @@ static int bpf_raw_tp_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_raw_tp_link_lops = { .release = bpf_raw_tp_link_release, - .dealloc = bpf_raw_tp_link_dealloc, + .dealloc_deferred = bpf_raw_tp_link_dealloc, .show_fdinfo = bpf_raw_tp_link_show_fdinfo, .fill_link_info = bpf_raw_tp_link_fill_link_info, }; diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 0b73fe5f7206..9dc605f08a23 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2728,7 +2728,7 @@ static int bpf_kprobe_multi_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_kprobe_multi_link_lops = { .release = bpf_kprobe_multi_link_release, - .dealloc = bpf_kprobe_multi_link_dealloc, + .dealloc_deferred = bpf_kprobe_multi_link_dealloc, .fill_link_info = bpf_kprobe_multi_link_fill_link_info, }; @@ -3242,7 +3242,7 @@ static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_uprobe_multi_link_lops = { .release = bpf_uprobe_multi_link_release, - .dealloc = bpf_uprobe_multi_link_dealloc, + .dealloc_deferred = bpf_uprobe_multi_link_dealloc, .fill_link_info = bpf_uprobe_multi_link_fill_link_info, };

1 year, 5 months

3
3
0 0

[PATCH for 5.15.y] nvme: fix miss command type check

by Tokunori Ikegami

From: "min15.li" <min15.li(a)samsung.com> commit 31a5978243d24d77be4bacca56c78a0fbc43b00d upstream. In the function nvme_passthru_end(), only the value of the command opcode is checked, without checking the command type (IO command or Admin command). When we send a Dataset Management command (The opcode of the Dataset Management command is the same as the Set Feature command), kernel thinks it is a set feature command, then sets the controller's keep alive interval, and calls nvme_keep_alive_work(). Signed-off-by: min15.li <min15.li(a)samsung.com> Reviewed-by: Kanchan Joshi <joshi.k(a)samsung.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Fixes: b58da2d270db ("nvme: update keep alive interval when kato is modified") Signed-off-by: Tokunori Ikegami <ikegami.t(a)gmail.com> --- drivers/nvme/host/core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 8f06e5c1706b..960a31e3307a 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1185,7 +1185,7 @@ static u32 nvme_passthru_start(struct nvme_ctrl *ctrl, struct nvme_ns *ns, return effects; } -static void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, +static void nvme_passthru_end(struct nvme_ctrl *ctrl, struct nvme_ns *ns, u32 effects, struct nvme_command *cmd, int status) { if (effects & NVME_CMD_EFFECTS_CSE_MASK) { @@ -1201,6 +1201,8 @@ static void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, nvme_queue_scan(ctrl); flush_work(&ctrl->scan_work); } + if (ns) + return; switch (cmd->common.opcode) { case nvme_admin_set_features: @@ -1235,7 +1237,7 @@ int nvme_execute_passthru_rq(struct request *rq) effects = nvme_passthru_start(ctrl, ns, cmd->common.opcode); ret = nvme_execute_rq(disk, rq, false); if (effects) /* nothing to be done for zero cmd effects */ - nvme_passthru_end(ctrl, effects, cmd, ret); + nvme_passthru_end(ctrl, ns, effects, cmd, ret); return ret; } -- 2.40.1

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] gro: fix ownership transfer" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ed4cccef64c1d0d5b91e69f7a8a6697c3a865486 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040543-backdrop-sequester-2458@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed4cccef64c1d0d5b91e69f7a8a6697c3a865486 Mon Sep 17 00:00:00 2001 From: Antoine Tenart <atenart(a)kernel.org> Date: Tue, 26 Mar 2024 12:33:59 +0100 Subject: [PATCH] gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skb_segment_list those skbs can be reused as-is. This is an issue as their destructor was removed in skb_gro_receive_list but not the reference to their socket, and then they can't be orphaned. Fix this by also removing the reference to the socket. For example this could be observed, kernel BUG at include/linux/skbuff.h:3131! (skb_orphan) RIP: 0010:ip6_rcv_core+0x11bc/0x19a0 Call Trace: ipv6_list_rcv+0x250/0x3f0 __netif_receive_skb_list_core+0x49d/0x8f0 netif_receive_skb_list_internal+0x634/0xd40 napi_complete_done+0x1d2/0x7d0 gro_cell_poll+0x118/0x1f0 A similar construction is found in skb_gro_receive, apply the same change there. Fixes: 5e10da5385d2 ("skbuff: allow 'slow_gro' for skb carring sock reference") Signed-off-by: Antoine Tenart <atenart(a)kernel.org> Reviewed-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/core/gro.c b/net/core/gro.c index ee30d4f0c038..83f35d99a682 100644 --- a/net/core/gro.c +++ b/net/core/gro.c @@ -192,8 +192,9 @@ int skb_gro_receive(struct sk_buff *p, struct sk_buff *skb) } merge: - /* sk owenrship - if any - completely transferred to the aggregated packet */ + /* sk ownership - if any - completely transferred to the aggregated packet */ skb->destructor = NULL; + skb->sk = NULL; delta_truesize = skb->truesize; if (offset > headlen) { unsigned int eat = offset - headlen; diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index e9719afe91cf..3bb69464930b 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -449,8 +449,9 @@ static int skb_gro_receive_list(struct sk_buff *p, struct sk_buff *skb) NAPI_GRO_CB(p)->count++; p->data_len += skb->len; - /* sk owenrship - if any - completely transferred to the aggregated packet */ + /* sk ownership - if any - completely transferred to the aggregated packet */ skb->destructor = NULL; + skb->sk = NULL; p->truesize += skb->truesize; p->len += skb->len;

1 year, 5 months

3
2
0 0

FAILED: patch "[PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040819-elf-bamboo-00f6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 65291dcfcf89 ("mm/secretmem: fix GUP-fast succeeding on secretmem folios") 8f9ff2deb8b9 ("secretmem: convert page_is_secretmem() to folio_is_secretmem()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 26 Mar 2024 15:32:08 +0100 Subject: [PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios folio_is_secretmem() currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or temporarily have their LRU flag cleared. Consequently, the LRU flag is unreliable for this purpose. In particular, this is the case when secretmem_fault() allocates a fresh page and calls filemap_add_folio()->folio_add_lru(). The folio might be added to the per-cpu folio batch and won't get the LRU flag set until the batch was drained using e.g., lru_add_drain(). Consequently, folio_is_secretmem() might not detect secretmem folios and GUP-fast can succeed in grabbing a secretmem folio, crashing the kernel when we would later try reading/writing to the folio, because the folio has been unmapped from the directmap. Fix it by removing that unreliable check. Link: https://lkml.kernel.org/r/20240326143210.291116-2-david@redhat.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h index 35f3a4a8ceb1..acf7e1a3f3de 100644 --- a/include/linux/secretmem.h +++ b/include/linux/secretmem.h @@ -13,10 +13,10 @@ static inline bool folio_is_secretmem(struct folio *folio) /* * Using folio_mapping() is quite slow because of the actual call * instruction. - * We know that secretmem pages are not compound and LRU so we can + * We know that secretmem pages are not compound, so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio)) return false; mapping = (struct address_space *)

1 year, 5 months

3
4
0 0

FAILED: patch "[PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4535e1a4174c4111d92c5a9a21e542d232e0fcaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033031-efficient-gallows-6872@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4535e1a4174c4111d92c5a9a21e542d232e0fcaa Mon Sep 17 00:00:00 2001 From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Date: Thu, 28 Mar 2024 13:59:05 +0100 Subject: [PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4 The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly. However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro- architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now. Reshuffle the alternative macros to accomplish that. Fixes: e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 076bf8dee702..25466c4d2134 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -14,6 +14,7 @@ #include <asm/asm.h> #include <asm/fred.h> #include <asm/gsseg.h> +#include <asm/nospec-branch.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index fc3a8a3c7ffe..170c89ed22fc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -262,11 +262,20 @@ .Lskip_rsb_\@: .endm +/* + * The CALL to srso_alias_untrain_ret() must be patched in directly at + * the spot where untraining must be done, ie., srso_alias_untrain_ret() + * must be the target of a CALL instruction instead of indirectly + * jumping to a wrapper which then calls it. Therefore, this macro is + * called outside of __UNTRAIN_RET below, for the time being, before the + * kernel can support nested alternatives with arbitrary nesting. + */ +.macro CALL_UNTRAIN_RET #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) -#define CALL_UNTRAIN_RET "call entry_untrain_ret" -#else -#define CALL_UNTRAIN_RET "" + ALTERNATIVE_2 "", "call entry_untrain_ret", X86_FEATURE_UNRET, \ + "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS #endif +.endm /* * Mitigate RETBleed for AMD/Hygon Zen uarch. Requires KERNEL CR3 because the @@ -282,8 +291,8 @@ .macro __UNTRAIN_RET ibpb_feature, call_depth_insns #if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY) VALIDATE_UNRET_END - ALTERNATIVE_3 "", \ - CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \ + CALL_UNTRAIN_RET + ALTERNATIVE_2 "", \ "call entry_ibpb", \ibpb_feature, \ __stringify(\call_depth_insns), X86_FEATURE_CALL_DEPTH #endif @@ -342,6 +351,8 @@ extern void retbleed_return_thunk(void); static inline void retbleed_return_thunk(void) {} #endif +extern void srso_alias_untrain_ret(void); + #ifdef CONFIG_MITIGATION_SRSO extern void srso_return_thunk(void); extern void srso_alias_return_thunk(void); diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 721b528da9ac..02cde194a99e 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -163,6 +163,7 @@ SYM_CODE_START_NOALIGN(srso_alias_untrain_ret) lfence jmp srso_alias_return_thunk SYM_FUNC_END(srso_alias_untrain_ret) +__EXPORT_THUNK(srso_alias_untrain_ret) .popsection .pushsection .text..__x86.rethunk_safe @@ -224,10 +225,12 @@ SYM_CODE_START(srso_return_thunk) SYM_CODE_END(srso_return_thunk) #define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret" #else /* !CONFIG_MITIGATION_SRSO */ +/* Dummy for the alternative in CALL_UNTRAIN_RET. */ +SYM_CODE_START(srso_alias_untrain_ret) + RET +SYM_FUNC_END(srso_alias_untrain_ret) #define JMP_SRSO_UNTRAIN_RET "ud2" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2" #endif /* CONFIG_MITIGATION_SRSO */ #ifdef CONFIG_MITIGATION_UNRET_ENTRY @@ -319,9 +322,7 @@ SYM_FUNC_END(retbleed_untrain_ret) #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) SYM_FUNC_START(entry_untrain_ret) - ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \ - JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO, \ - JMP_SRSO_ALIAS_UNTRAIN_RET, X86_FEATURE_SRSO_ALIAS + ALTERNATIVE JMP_RETBLEED_UNTRAIN_RET, JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO SYM_FUNC_END(entry_untrain_ret) __EXPORT_THUNK(entry_untrain_ret)

1 year, 5 months

3
3
0 0

stable v6.6.24 regression: boot fails: bisected to "x86/mpparse: Register APIC address only once"

by Wolfgang Walter

Hello, after upgrading to v6.6.24 from v6.6.23 some old boxes (i686; Intel Celeron M) stop to boot: They hang after: Decompressing Linux... Parsing ELF... No relocation needed... done. Booting the kernel (entry_offset: 0x00000000). After some minutes they reboot. I bisected this down to commit bebb5af001dc6cb4f505bb21c4d5e2efbdc112e2 Author: Thomas Gleixner <tglx(a)linutronix.de> Date: Fri Mar 22 19:56:39 2024 +0100 x86/mpparse: Register APIC address only once [ Upstream commit f2208aa12c27bfada3c15c550c03ca81d42dcac2 ] The APIC address is registered twice. First during the early detection and afterwards when actually scanning the table for APIC IDs. The APIC and topology core warn about the second attempt. Restrict it to the early detection call. Fixes: 81287ad65da5 ("x86/apic: Sanitize APIC address setup") Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Link: https://lore.kernel.org/r/20240322185305.297774848@linutronix.de Signed-off-by: Sasha Levin <sashal(a)kernel.org> Reverting this commit in v6.6.24 solves the problem. Regards, -- Wolfgang Walter Studierendenwerk München Oberbayern Anstalt des öffentlichen Rechts

1 year, 5 months

3
9
0 0

FAILED: patch "[PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040823-spilt-marsupial-8d2f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 65291dcfcf89 ("mm/secretmem: fix GUP-fast succeeding on secretmem folios") 8f9ff2deb8b9 ("secretmem: convert page_is_secretmem() to folio_is_secretmem()") b0496fe4effd ("mm/gup: Convert gup_pte_range() to use a folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 26 Mar 2024 15:32:08 +0100 Subject: [PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios folio_is_secretmem() currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or temporarily have their LRU flag cleared. Consequently, the LRU flag is unreliable for this purpose. In particular, this is the case when secretmem_fault() allocates a fresh page and calls filemap_add_folio()->folio_add_lru(). The folio might be added to the per-cpu folio batch and won't get the LRU flag set until the batch was drained using e.g., lru_add_drain(). Consequently, folio_is_secretmem() might not detect secretmem folios and GUP-fast can succeed in grabbing a secretmem folio, crashing the kernel when we would later try reading/writing to the folio, because the folio has been unmapped from the directmap. Fix it by removing that unreliable check. Link: https://lkml.kernel.org/r/20240326143210.291116-2-david@redhat.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h index 35f3a4a8ceb1..acf7e1a3f3de 100644 --- a/include/linux/secretmem.h +++ b/include/linux/secretmem.h @@ -13,10 +13,10 @@ static inline bool folio_is_secretmem(struct folio *folio) /* * Using folio_mapping() is quite slow because of the actual call * instruction. - * We know that secretmem pages are not compound and LRU so we can + * We know that secretmem pages are not compound, so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio)) return false; mapping = (struct address_space *)

1 year, 5 months

2
1
0 0

[PATCH v6.1.y 0/14 ] ACPI: resource: Add IRQ override quirks (backport changes from v6.9-rc3)

by kovalev＠altlinux.org

Added support internal keyboard for the following models: Asus ExpertBook (B1502CBA, B1502CGA, B1502CVA, B2402FBA, B2502FBA), Asus Vivobook (E1504GA, E1504GA, E1504GAB), TongFang GM6BGEQ / PCSpecialist Elimina Pro 16 M, RTX 3050, TongFang GM6BG5Q, RTX 4050, TongFang GM6BG0Q / PCSpecialist Elimina Pro 16 M, RTX 4060, Maibenben X565. Successfully tested on the available Asus ExpertBook B1502CVA model. [PATCH 6.1.y 01/14] ACPI: resource: Skip IRQ override on Asus Expertbook [PATCH 6.1.y 02/14] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.1.y 03/14] ACPI: resource: Always use MADT override IRQ settings [PATCH 6.1.y 04/14] ACPI: resource: Honor MADT INT_SRC_OVR settings for [PATCH 6.1.y 05/14] ACPI: resource: Add IRQ override quirk for PCSpecialist [PATCH 6.1.y 06/14] ACPI: resource: Fix IRQ override quirk for PCSpecialist [PATCH 6.1.y 07/14] ACPI: resource: Consolidate IRQ trigger-type override [PATCH 6.1.y 08/14] ACPI: resource: Drop .ident values from dmi_system_id [PATCH 6.1.y 09/14] ACPI: resource: Add TongFang GM6BGEQ, GM6BG5Q and [PATCH 6.1.y 10/14] ACPI: resource: Add DMI quirks for ASUS Vivobook [PATCH 6.1.y 11/14] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.1.y 12/14] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.1.y 13/14] ACPI: resource: Add IRQ override quirk for ASUS [PATCH 6.1.y 14/14] ACPI: resource: Use IRQ override on Maibenben X565

1 year, 5 months

1
14
0 0

[PATCH v6.6.y 0/7 ] ACPI: resource: Add IRQ override quirks (backport changes from v6.9-rc3)

by kovalev＠altlinux.org

Added support internal keyboard for the following models: Asus ExpertBook (B1502CGA, B1502CVA, B2502FBA), Asus Vivobook (E1504GA, E1504GAB), Maibenben X565. Successfully tested on the available Asus ExpertBook B1502CVA model. [PATCH 6.6.y 1/7] ACPI: resource: Consolidate IRQ trigger-type override DMI [PATCH 6.6.y 2/7] ACPI: resource: Drop .ident values from dmi_system_id [PATCH 6.6.y 3/7] ACPI: resource: Add DMI quirks for ASUS Vivobook E1504GA [PATCH 6.6.y 4/7] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.6.y 5/7] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.6.y 6/7] ACPI: resource: Add IRQ override quirk for ASUS [PATCH 6.6.y 7/7] ACPI: resource: Use IRQ override on Maibenben X565

1 year, 5 months

1
7
0 0

[PATCH v6.8.y 0/3 ] ACPI: resource: Add IRQ override quirks (backport changes from v6.9-rc3)

by kovalev＠altlinux.org

Added support internal keyboard for the following models: Asus ExpertBook (B1502CVA, B2502FBA), Maibenben X565. Successfully tested on the available Asus ExpertBook B1502CVA model. [PATCH 6.8.y 1/3] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.8.y 2/3] ACPI: resource: Add IRQ override quirk for ASUS [PATCH 6.8.y 3/3] ACPI: resource: Use IRQ override on Maibenben X565

1 year, 5 months

1
3
0 0

FAILED: patch "[PATCH] drm/xe: Make TLB invalidation fences unordered" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x fd1c8085113fb7c803fd81280f7e0bb25a5797ab # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040820-unfocused-ricotta-37e3@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: fd1c8085113f ("drm/xe: Make TLB invalidation fences unordered") 6240c2c43fd0 ("drm/xe: Document nested struct members according to guidelines") 997a55caa1c3 ("drm/xe/gsc: Initialize GSC proxy") 7c0f97cb62dc ("drm/xe: Invert access counter queue head / tail") 1fd77ceaf0d8 ("drm/xe: Invert page fault queue head / tail") 6ae24344e2e3 ("drm/xe: Add exec_queue.sched_props.job_timeout_ms") a8004af338f6 ("drm/xe: Fix modifying exec_queue priority in xe_migrate_init") b16483f9f812 ("drm/xe: Fix guc_exec_queue_set_priority") 9d612ee52c60 ("drm/xe: Annotate multiple mmio pointers with __iomem") fa78e188d8d1 ("drm/xe/dgfx: Release mmap mappings on rpm suspend") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd1c8085113fb7c803fd81280f7e0bb25a5797ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= <thomas.hellstrom(a)linux.intel.com> Date: Wed, 27 Mar 2024 10:11:35 +0100 Subject: [PATCH] drm/xe: Make TLB invalidation fences unordered MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit They can actually complete out-of-order, so allocate a unique fence context for each fence. Fixes: 5387e865d90e ("drm/xe: Add TLB invalidation fence after rebinds issued from execs") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240327091136.3271-4-thomas.… (cherry picked from commit 0453f1757501df2e82b66b3183a24bba5a6f8fa3) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c index f03e077f81a0..e598a4363d01 100644 --- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c +++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c @@ -61,7 +61,6 @@ int xe_gt_tlb_invalidation_init(struct xe_gt *gt) INIT_LIST_HEAD(&gt->tlb_invalidation.pending_fences); spin_lock_init(&gt->tlb_invalidation.pending_lock); spin_lock_init(&gt->tlb_invalidation.lock); - gt->tlb_invalidation.fence_context = dma_fence_context_alloc(1); INIT_DELAYED_WORK(&gt->tlb_invalidation.fence_tdr, xe_gt_tlb_fence_timeout); diff --git a/drivers/gpu/drm/xe/xe_gt_types.h b/drivers/gpu/drm/xe/xe_gt_types.h index 70c615dd1498..07b2f724ec45 100644 --- a/drivers/gpu/drm/xe/xe_gt_types.h +++ b/drivers/gpu/drm/xe/xe_gt_types.h @@ -177,13 +177,6 @@ struct xe_gt { * xe_gt_tlb_fence_timeout after the timeut interval is over. */ struct delayed_work fence_tdr; - /** @tlb_invalidation.fence_context: context for TLB invalidation fences */ - u64 fence_context; - /** - * @tlb_invalidation.fence_seqno: seqno to TLB invalidation fences, protected by - * tlb_invalidation.lock - */ - u32 fence_seqno; /** @tlb_invalidation.lock: protects TLB invalidation fences */ spinlock_t lock; } tlb_invalidation; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 5fc4ad1e4298..29d1a31f9804 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1135,8 +1135,7 @@ static int invalidation_fence_init(struct xe_gt *gt, spin_lock_irq(&gt->tlb_invalidation.lock); dma_fence_init(&ifence->base.base, &invalidation_fence_ops, &gt->tlb_invalidation.lock, - gt->tlb_invalidation.fence_context, - ++gt->tlb_invalidation.fence_seqno); + dma_fence_context_alloc(1), 1); spin_unlock_irq(&gt->tlb_invalidation.lock); INIT_LIST_HEAD(&ifence->base.link);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: Reject FEC+MST on ICL" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 99f855082f228cdcecd6ab768d3b8b505e0eb028 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040803-tackling-bogged-527d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 99f855082f22 ("drm/i915/mst: Reject FEC+MST on ICL") 126f94e87e79 ("drm/i915: Fix FEC pipe A vs. DDI A mixup") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 99f855082f228cdcecd6ab768d3b8b505e0eb028 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 16:51:47 +0300 Subject: [PATCH] drm/i915/mst: Reject FEC+MST on ICL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ICL supposedly doesn't support FEC on MST. Reject it. Cc: stable(a)vger.kernel.org Fixes: d51f25eb479a ("drm/i915: Add DSC support to MST path") Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402135148.23011-7-ville.… (cherry picked from commit b648ce2a28ba83c4fa67c61fcc5983e15e9d4afb) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 36afbb68d87d..abd62bebc46d 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -1422,7 +1422,8 @@ static bool intel_dp_source_supports_fec(struct intel_dp *intel_dp, if (DISPLAY_VER(dev_priv) >= 12) return true; - if (DISPLAY_VER(dev_priv) == 11 && encoder->port != PORT_A) + if (DISPLAY_VER(dev_priv) == 11 && encoder->port != PORT_A && + !intel_crtc_has_type(pipe_config, INTEL_OUTPUT_DP_MST)) return true; return false;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: Limit MST+DSC to TGL+" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 51bc63392e96ca45d7be98bc43c180b174ffca09 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040851-nail-pectin-26a4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 51bc63392e96 ("drm/i915/mst: Limit MST+DSC to TGL+") d19daffc89fe ("drm/i915/dp_mst: Use connector DSC DPCD in intel_dp_mst_mode_valid_ctx()") 8d5284765a43 ("drm/i915/dp: Use consistent name for link bpp and compressed bpp") 3a4b4809c8cc ("drm/i915/dp: Move compressed bpp check with 420 format inside the helper") a1476c2a9715 ("drm/i915/dp: Consider output_format while computing dsc bpp") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51bc63392e96ca45d7be98bc43c180b174ffca09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 16:51:46 +0300 Subject: [PATCH] drm/i915/mst: Limit MST+DSC to TGL+ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The MST code currently assumes that glk+ already supports MST+DSC, which is incorrect. We need to check for TGL+ actually. ICL does support SST+DSC, but supposedly it can't do MST+FEC which will also rule out MST+DSC. Note that a straight TGL+ check doesn't work here because DSC support can get fused out, so we do need to also check 'has_dsc'. Cc: stable(a)vger.kernel.org Fixes: d51f25eb479a ("drm/i915: Add DSC support to MST path") Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402135148.23011-6-ville.… (cherry picked from commit c9c92f286dbdf872390ef3e74dbe5f0641e46f55) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_display_device.h b/drivers/gpu/drm/i915/display/intel_display_device.h index fe4268813786..9b1bce2624b9 100644 --- a/drivers/gpu/drm/i915/display/intel_display_device.h +++ b/drivers/gpu/drm/i915/display/intel_display_device.h @@ -47,6 +47,7 @@ struct drm_printer; #define HAS_DPT(i915) (DISPLAY_VER(i915) >= 13) #define HAS_DSB(i915) (DISPLAY_INFO(i915)->has_dsb) #define HAS_DSC(__i915) (DISPLAY_RUNTIME_INFO(__i915)->has_dsc) +#define HAS_DSC_MST(__i915) (DISPLAY_VER(__i915) >= 12 && HAS_DSC(__i915)) #define HAS_FBC(i915) (DISPLAY_RUNTIME_INFO(i915)->fbc_mask != 0) #define HAS_FPGA_DBG_UNCLAIMED(i915) (DISPLAY_INFO(i915)->has_fpga_dbg) #define HAS_FW_BLC(i915) (DISPLAY_VER(i915) >= 3) diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index 53aec023ce92..b651c990af85 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1355,7 +1355,7 @@ intel_dp_mst_mode_valid_ctx(struct drm_connector *connector, return 0; } - if (DISPLAY_VER(dev_priv) >= 10 && + if (HAS_DSC_MST(dev_priv) && drm_dp_sink_supports_dsc(intel_connector->dp.dsc_dpcd)) { /* * TBD pass the connector BPC,

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix potential UAF in cifs_dump_full_key()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 58acd1f497162e7d282077f816faa519487be045 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040829-upcoming-gnat-69ec@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 58acd1f49716 ("smb: client: fix potential UAF in cifs_dump_full_key()") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 8e3554150d6c ("cifs: fix sharing of DFS connections") 2f4e429c8469 ("cifs: lock chan_lock outside match_session") 396935de1455 ("cifs: fix use-after-free bug in refresh_cache_worker()") b56bce502f55 ("cifs: set DFS root session in cifs_get_smb_ses()") b9ee2e307c6b ("cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID") 7ad54b98fc1f ("cifs: use origin fullpath for automounts") 466611e4af82 ("cifs: fix source pathname comparison of dfs supers") 6916881f443f ("cifs: fix refresh of cached referrals") cb3f6d876452 ("cifs: don't refresh cached referrals from unactive mounts") a1c0d00572fc ("cifs: share dfs connections and supers") a73a26d97eca ("cifs: split out ses and tcon retrieval from mount_get_conns()") 2301bc103ac4 ("cifs: remove unused smb3_fs_context::mount_options") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") c877ce47e137 ("cifs: reduce roundtrips on create/qinfo requests") 83fb8abec293 ("cifs: Add "extbuf" and "extbuflen" args to smb2_compound_op()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58acd1f497162e7d282077f816faa519487be045 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 2 Apr 2024 16:33:54 -0300 Subject: [PATCH] smb: client: fix potential UAF in cifs_dump_full_key() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/ioctl.c b/fs/smb/client/ioctl.c index c012dfdba80d..855ac5a62edf 100644 --- a/fs/smb/client/ioctl.c +++ b/fs/smb/client/ioctl.c @@ -247,7 +247,9 @@ static int cifs_dump_full_key(struct cifs_tcon *tcon, struct smb3_full_key_debug spin_lock(&cifs_tcp_ses_lock); list_for_each_entry(server_it, &cifs_tcp_ses_list, tcp_ses_list) { list_for_each_entry(ses_it, &server_it->smb_ses_list, smb_ses_list) { - if (ses_it->Suid == out.session_id) { + spin_lock(&ses_it->ses_lock); + if (ses_it->ses_status != SES_EXITING && + ses_it->Suid == out.session_id) { ses = ses_it; /* * since we are using the session outside the crit @@ -255,9 +257,11 @@ static int cifs_dump_full_key(struct cifs_tcon *tcon, struct smb3_full_key_debug * so increment its refcount */ cifs_smb_ses_inc_refcount(ses); + spin_unlock(&ses_it->ses_lock); found = true; goto search_end; } + spin_unlock(&ses_it->ses_lock); } } search_end:

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: refresh referral without acquiring refpath_lock" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0a05ad21d77a188d06481c36d6016805a881bcc0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040810-corporate-splinter-3a5f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0a05ad21d77a ("smb: client: refresh referral without acquiring refpath_lock") 062a7f0ff46e ("smb: client: guarantee refcounted children from parent session") d8392c203e84 ("smb3: show beginning time for per share stats") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0a05ad21d77a188d06481c36d6016805a881bcc0 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 22:44:07 -0300 Subject: [PATCH] smb: client: refresh referral without acquiring refpath_lock Avoid refreshing DFS referral with refpath_lock acquired as the I/O could block for a while due to a potentially disconnected or slow DFS root server and then making other threads - that use same @server and don't require a DFS root server - unable to make any progress. Cc: stable(a)vger.kernel.org # 6.4+ Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/dfs_cache.c b/fs/smb/client/dfs_cache.c index 0552a864ff08..11c8efecf7aa 100644 --- a/fs/smb/client/dfs_cache.c +++ b/fs/smb/client/dfs_cache.c @@ -1172,8 +1172,8 @@ static bool is_ses_good(struct cifs_ses *ses) return ret; } -/* Refresh dfs referral of tcon and mark it for reconnect if needed */ -static int __refresh_tcon(const char *path, struct cifs_ses *ses, bool force_refresh) +/* Refresh dfs referral of @ses and mark it for reconnect if needed */ +static void __refresh_ses_referral(struct cifs_ses *ses, bool force_refresh) { struct TCP_Server_Info *server = ses->server; DFS_CACHE_TGT_LIST(old_tl); @@ -1181,10 +1181,21 @@ static int __refresh_tcon(const char *path, struct cifs_ses *ses, bool force_ref bool needs_refresh = false; struct cache_entry *ce; unsigned int xid; + char *path = NULL; int rc = 0; xid = get_xid(); + mutex_lock(&server->refpath_lock); + if (server->leaf_fullpath) { + path = kstrdup(server->leaf_fullpath + 1, GFP_ATOMIC); + if (!path) + rc = -ENOMEM; + } + mutex_unlock(&server->refpath_lock); + if (!path) + goto out; + down_read(&htable_rw_lock); ce = lookup_cache_entry(path); needs_refresh = force_refresh || IS_ERR(ce) || cache_entry_expired(ce); @@ -1218,19 +1229,17 @@ static int __refresh_tcon(const char *path, struct cifs_ses *ses, bool force_ref free_xid(xid); dfs_cache_free_tgts(&old_tl); dfs_cache_free_tgts(&new_tl); - return rc; + kfree(path); } -static int refresh_tcon(struct cifs_tcon *tcon, bool force_refresh) +static inline void refresh_ses_referral(struct cifs_ses *ses) { - struct TCP_Server_Info *server = tcon->ses->server; - struct cifs_ses *ses = tcon->ses; + __refresh_ses_referral(ses, false); +} - mutex_lock(&server->refpath_lock); - if (server->leaf_fullpath) - __refresh_tcon(server->leaf_fullpath + 1, ses, force_refresh); - mutex_unlock(&server->refpath_lock); - return 0; +static inline void force_refresh_ses_referral(struct cifs_ses *ses) +{ + __refresh_ses_referral(ses, true); } /** @@ -1271,25 +1280,20 @@ int dfs_cache_remount_fs(struct cifs_sb_info *cifs_sb) */ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH; - return refresh_tcon(tcon, true); + force_refresh_ses_referral(tcon->ses); + return 0; } /* Refresh all DFS referrals related to DFS tcon */ void dfs_cache_refresh(struct work_struct *work) { - struct TCP_Server_Info *server; struct cifs_tcon *tcon; struct cifs_ses *ses; tcon = container_of(work, struct cifs_tcon, dfs_cache_work.work); - for (ses = tcon->ses; ses; ses = ses->dfs_root_ses) { - server = ses->server; - mutex_lock(&server->refpath_lock); - if (server->leaf_fullpath) - __refresh_tcon(server->leaf_fullpath + 1, ses, false); - mutex_unlock(&server->refpath_lock); - } + for (ses = tcon->ses; ses; ses = ses->dfs_root_ses) + refresh_ses_referral(ses); queue_delayed_work(dfscache_wq, &tcon->dfs_cache_work, atomic_read(&dfs_cache_ttl) * HZ);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: guarantee refcounted children from parent" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 062a7f0ff46eb57aff526897bd2bebfdb1d3046a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040857-earthworm-untimely-552b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 062a7f0ff46e ("smb: client: guarantee refcounted children from parent session") d8392c203e84 ("smb3: show beginning time for per share stats") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 062a7f0ff46eb57aff526897bd2bebfdb1d3046a Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 22:37:42 -0500 Subject: [PATCH] smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mounting and performing DFS failover by ensuring that all children from parent @tcon->ses are also refcounted. They're all needed across the entire DFS mount. Get rid of @tcon->dfs_ses_list while we're at it, too. Cc: stable(a)vger.kernel.org # 6.4+ Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202404021527.ZlRkIxgv-lkp@intel.com/ Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h index 7ed9d05f6890..286afbe346be 100644 --- a/fs/smb/client/cifsglob.h +++ b/fs/smb/client/cifsglob.h @@ -1281,7 +1281,6 @@ struct cifs_tcon { struct cached_fids *cfids; /* BB add field for back pointer to sb struct(s)? */ #ifdef CONFIG_CIFS_DFS_UPCALL - struct list_head dfs_ses_list; struct delayed_work dfs_cache_work; #endif struct delayed_work query_interfaces; /* query interfaces workqueue job */ @@ -1804,7 +1803,6 @@ struct cifs_mount_ctx { struct TCP_Server_Info *server; struct cifs_ses *ses; struct cifs_tcon *tcon; - struct list_head dfs_ses_list; }; static inline void __free_dfs_info_param(struct dfs_info3_param *param) diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index 0723e1b57256..8e0a348f1f66 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -725,31 +725,31 @@ struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon); void cifs_put_tcon_super(struct super_block *sb); int cifs_wait_for_server_reconnect(struct TCP_Server_Info *server, bool retry); -/* Put references of @ses and @ses->dfs_root_ses */ +/* Put references of @ses and its children */ static inline void cifs_put_smb_ses(struct cifs_ses *ses) { - struct cifs_ses *rses = ses->dfs_root_ses; + struct cifs_ses *next; - __cifs_put_smb_ses(ses); - if (rses) - __cifs_put_smb_ses(rses); + do { + next = ses->dfs_root_ses; + __cifs_put_smb_ses(ses); + } while ((ses = next)); } -/* Get an active reference of @ses and @ses->dfs_root_ses. +/* Get an active reference of @ses and its children. * * NOTE: make sure to call this function when incrementing reference count of * @ses to ensure that any DFS root session attached to it (@ses->dfs_root_ses) * will also get its reference count incremented. * - * cifs_put_smb_ses() will put both references, so call it when you're done. + * cifs_put_smb_ses() will put all references, so call it when you're done. */ static inline void cifs_smb_ses_inc_refcount(struct cifs_ses *ses) { lockdep_assert_held(&cifs_tcp_ses_lock); - ses->ses_count++; - if (ses->dfs_root_ses) - ses->dfs_root_ses->ses_count++; + for (; ses; ses = ses->dfs_root_ses) + ses->ses_count++; } static inline bool dfs_src_pathname_equal(const char *s1, const char *s2) diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index ee29bc57300c..38b75cfa06e3 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1866,6 +1866,9 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx) ctx->sectype != ses->sectype) return 0; + if (ctx->dfs_root_ses != ses->dfs_root_ses) + return 0; + /* * If an existing session is limited to less channels than * requested, it should not be reused @@ -2358,9 +2361,9 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) * need to lock before changing something in the session. */ spin_lock(&cifs_tcp_ses_lock); + if (ctx->dfs_root_ses) + cifs_smb_ses_inc_refcount(ctx->dfs_root_ses); ses->dfs_root_ses = ctx->dfs_root_ses; - if (ses->dfs_root_ses) - ses->dfs_root_ses->ses_count++; list_add(&ses->smb_ses_list, &server->smb_ses_list); spin_unlock(&cifs_tcp_ses_lock); @@ -3311,6 +3314,9 @@ void cifs_mount_put_conns(struct cifs_mount_ctx *mnt_ctx) cifs_put_smb_ses(mnt_ctx->ses); else if (mnt_ctx->server) cifs_put_tcp_session(mnt_ctx->server, 0); + mnt_ctx->ses = NULL; + mnt_ctx->tcon = NULL; + mnt_ctx->server = NULL; mnt_ctx->cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_POSIX_PATHS; free_xid(mnt_ctx->xid); } @@ -3589,8 +3595,6 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx) bool isdfs; int rc; - INIT_LIST_HEAD(&mnt_ctx.dfs_ses_list); - rc = dfs_mount_share(&mnt_ctx, &isdfs); if (rc) goto error; @@ -3621,7 +3625,6 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx) return rc; error: - dfs_put_root_smb_sessions(&mnt_ctx.dfs_ses_list); cifs_mount_put_conns(&mnt_ctx); return rc; } @@ -3636,6 +3639,18 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx) goto error; rc = cifs_mount_get_tcon(&mnt_ctx); + if (!rc) { + /* + * Prevent superblock from being created with any missing + * connections. + */ + if (WARN_ON(!mnt_ctx.server)) + rc = -EHOSTDOWN; + else if (WARN_ON(!mnt_ctx.ses)) + rc = -EACCES; + else if (WARN_ON(!mnt_ctx.tcon)) + rc = -ENOENT; + } if (rc) goto error; diff --git a/fs/smb/client/dfs.c b/fs/smb/client/dfs.c index 449c59830039..3ec965547e3d 100644 --- a/fs/smb/client/dfs.c +++ b/fs/smb/client/dfs.c @@ -66,33 +66,20 @@ static int get_session(struct cifs_mount_ctx *mnt_ctx, const char *full_path) } /* - * Track individual DFS referral servers used by new DFS mount. - * - * On success, their lifetime will be shared by final tcon (dfs_ses_list). - * Otherwise, they will be put by dfs_put_root_smb_sessions() in cifs_mount(). + * Get an active reference of @ses so that next call to cifs_put_tcon() won't + * release it as any new DFS referrals must go through its IPC tcon. */ -static int add_root_smb_session(struct cifs_mount_ctx *mnt_ctx) +static void add_root_smb_session(struct cifs_mount_ctx *mnt_ctx) { struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; - struct dfs_root_ses *root_ses; struct cifs_ses *ses = mnt_ctx->ses; if (ses) { - root_ses = kmalloc(sizeof(*root_ses), GFP_KERNEL); - if (!root_ses) - return -ENOMEM; - - INIT_LIST_HEAD(&root_ses->list); - spin_lock(&cifs_tcp_ses_lock); cifs_smb_ses_inc_refcount(ses); spin_unlock(&cifs_tcp_ses_lock); - root_ses->ses = ses; - list_add_tail(&root_ses->list, &mnt_ctx->dfs_ses_list); } - /* Select new DFS referral server so that new referrals go through it */ ctx->dfs_root_ses = ses; - return 0; } static inline int parse_dfs_target(struct smb3_fs_context *ctx, @@ -185,11 +172,8 @@ static int __dfs_referral_walk(struct cifs_mount_ctx *mnt_ctx, continue; } - if (is_refsrv) { - rc = add_root_smb_session(mnt_ctx); - if (rc) - goto out; - } + if (is_refsrv) + add_root_smb_session(mnt_ctx); rc = ref_walk_advance(rw); if (!rc) { @@ -232,6 +216,7 @@ static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx) struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; struct cifs_tcon *tcon; char *origin_fullpath; + bool new_tcon = true; int rc; origin_fullpath = dfs_get_path(cifs_sb, ctx->source); @@ -239,6 +224,18 @@ static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx) return PTR_ERR(origin_fullpath); rc = dfs_referral_walk(mnt_ctx); + if (!rc) { + /* + * Prevent superblock from being created with any missing + * connections. + */ + if (WARN_ON(!mnt_ctx->server)) + rc = -EHOSTDOWN; + else if (WARN_ON(!mnt_ctx->ses)) + rc = -EACCES; + else if (WARN_ON(!mnt_ctx->tcon)) + rc = -ENOENT; + } if (rc) goto out; @@ -247,15 +244,14 @@ static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx) if (!tcon->origin_fullpath) { tcon->origin_fullpath = origin_fullpath; origin_fullpath = NULL; + } else { + new_tcon = false; } spin_unlock(&tcon->tc_lock); - if (list_empty(&tcon->dfs_ses_list)) { - list_replace_init(&mnt_ctx->dfs_ses_list, &tcon->dfs_ses_list); + if (new_tcon) { queue_delayed_work(dfscache_wq, &tcon->dfs_cache_work, dfs_cache_get_ttl() * HZ); - } else { - dfs_put_root_smb_sessions(&mnt_ctx->dfs_ses_list); } out: @@ -298,7 +294,6 @@ int dfs_mount_share(struct cifs_mount_ctx *mnt_ctx, bool *isdfs) if (rc) return rc; - ctx->dfs_root_ses = mnt_ctx->ses; /* * If called with 'nodfs' mount option, then skip DFS resolving. Otherwise unconditionally * try to get an DFS referral (even cached) to determine whether it is an DFS mount. @@ -324,7 +319,9 @@ int dfs_mount_share(struct cifs_mount_ctx *mnt_ctx, bool *isdfs) *isdfs = true; add_root_smb_session(mnt_ctx); - return __dfs_mount_share(mnt_ctx); + rc = __dfs_mount_share(mnt_ctx); + dfs_put_root_smb_sessions(mnt_ctx); + return rc; } /* Update dfs referral path of superblock */ diff --git a/fs/smb/client/dfs.h b/fs/smb/client/dfs.h index 875ab7ae57fc..e5c4dcf83750 100644 --- a/fs/smb/client/dfs.h +++ b/fs/smb/client/dfs.h @@ -7,7 +7,9 @@ #define _CIFS_DFS_H #include "cifsglob.h" +#include "cifsproto.h" #include "fs_context.h" +#include "dfs_cache.h" #include "cifs_unicode.h" #include <linux/namei.h> @@ -114,11 +116,6 @@ static inline void ref_walk_set_tgt_hint(struct dfs_ref_walk *rw) ref_walk_tit(rw)); } -struct dfs_root_ses { - struct list_head list; - struct cifs_ses *ses; -}; - int dfs_parse_target_referral(const char *full_path, const struct dfs_info3_param *ref, struct smb3_fs_context *ctx); int dfs_mount_share(struct cifs_mount_ctx *mnt_ctx, bool *isdfs); @@ -133,20 +130,32 @@ static inline int dfs_get_referral(struct cifs_mount_ctx *mnt_ctx, const char *p { struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb; + struct cifs_ses *rses = ctx->dfs_root_ses ?: mnt_ctx->ses; - return dfs_cache_find(mnt_ctx->xid, ctx->dfs_root_ses, cifs_sb->local_nls, + return dfs_cache_find(mnt_ctx->xid, rses, cifs_sb->local_nls, cifs_remap(cifs_sb), path, ref, tl); } -static inline void dfs_put_root_smb_sessions(struct list_head *head) +/* + * cifs_get_smb_ses() already guarantees an active reference of + * @ses->dfs_root_ses when a new session is created, so we need to put extra + * references of all DFS root sessions that were used across the mount process + * in dfs_mount_share(). + */ +static inline void dfs_put_root_smb_sessions(struct cifs_mount_ctx *mnt_ctx) { - struct dfs_root_ses *root, *tmp; + const struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; + struct cifs_ses *ses = ctx->dfs_root_ses; + struct cifs_ses *cur; - list_for_each_entry_safe(root, tmp, head, list) { - list_del_init(&root->list); - cifs_put_smb_ses(root->ses); - kfree(root); + if (!ses) + return; + + for (cur = ses; cur; cur = cur->dfs_root_ses) { + if (cur->dfs_root_ses) + cifs_put_smb_ses(cur->dfs_root_ses); } + cifs_put_smb_ses(ses); } #endif /* _CIFS_DFS_H */ diff --git a/fs/smb/client/dfs_cache.c b/fs/smb/client/dfs_cache.c index 508d831fabe3..0552a864ff08 100644 --- a/fs/smb/client/dfs_cache.c +++ b/fs/smb/client/dfs_cache.c @@ -1278,21 +1278,12 @@ int dfs_cache_remount_fs(struct cifs_sb_info *cifs_sb) void dfs_cache_refresh(struct work_struct *work) { struct TCP_Server_Info *server; - struct dfs_root_ses *rses; struct cifs_tcon *tcon; struct cifs_ses *ses; tcon = container_of(work, struct cifs_tcon, dfs_cache_work.work); - ses = tcon->ses; - server = ses->server; - mutex_lock(&server->refpath_lock); - if (server->leaf_fullpath) - __refresh_tcon(server->leaf_fullpath + 1, ses, false); - mutex_unlock(&server->refpath_lock); - - list_for_each_entry(rses, &tcon->dfs_ses_list, list) { - ses = rses->ses; + for (ses = tcon->ses; ses; ses = ses->dfs_root_ses) { server = ses->server; mutex_lock(&server->refpath_lock); if (server->leaf_fullpath) diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c index c3771fc81328..1ea22b3955a2 100644 --- a/fs/smb/client/misc.c +++ b/fs/smb/client/misc.c @@ -138,9 +138,6 @@ tcon_info_alloc(bool dir_leases_enabled) atomic_set(&ret_buf->num_local_opens, 0); atomic_set(&ret_buf->num_remote_opens, 0); ret_buf->stats_from_time = ktime_get_real_seconds(); -#ifdef CONFIG_CIFS_DFS_UPCALL - INIT_LIST_HEAD(&ret_buf->dfs_ses_list); -#endif return ret_buf; } @@ -156,9 +153,6 @@ tconInfoFree(struct cifs_tcon *tcon) atomic_dec(&tconInfoAllocCount); kfree(tcon->nativeFileSystem); kfree_sensitive(tcon->password); -#ifdef CONFIG_CIFS_DFS_UPCALL - dfs_put_root_smb_sessions(&tcon->dfs_ses_list); -#endif kfree(tcon->origin_fullpath); kfree(tcon); }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040843-empathic-duller-2cb9@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") f391d6ee002e ("cifs: Use after free in debug code") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040841-scarcity-subarctic-4f20@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") f391d6ee002e ("cifs: Use after free in debug code") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040839-drainage-uninvited-614e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") f391d6ee002e ("cifs: Use after free in debug code") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040837-alkaline-motor-f911@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") f391d6ee002e ("cifs: Use after free in debug code") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040832-episode-phrasing-9e1a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] riscv: process: Fix kernel gp leakage" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d14fa1fcf69db9d070e75f1c4425211fa619dfc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040817-unplowed-heavily-b59d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d14fa1fcf69d ("riscv: process: Fix kernel gp leakage") fea2fed201ee ("riscv: Enable per-task stack canaries") d7071743db31 ("RISC-V: Add EFI stub support.") f2c9699f6555 ("riscv: Add STACKPROTECTOR supported") a5d8e55b2c7d ("Merge tag 'v5.7-rc7' into efi/core, to refresh the branch and pick up fixes") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d14fa1fcf69db9d070e75f1c4425211fa619dfc8 Mon Sep 17 00:00:00 2001 From: Stefan O'Rear <sorear(a)fastmail.com> Date: Wed, 27 Mar 2024 02:12:58 -0400 Subject: [PATCH] riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs->gp is never used since the kernel gp is not touched by switch_to. For a user mode helper, the gp value can be observed in user space after execve or possibly by other means. [From the email thread] The /* Kernel thread */ comment is somewhat inaccurate in that it is also used for user_mode_helper threads, which exec a user process, e.g. /sbin/init or when /proc/sys/kernel/core_pattern is a pipe. Such threads do not have PF_KTHREAD set and are valid targets for ptrace etc. even before they exec. childregs is the *user* context during syscall execution and it is observable from userspace in at least five ways: 1. kernel_execve does not currently clear integer registers, so the starting register state for PID 1 and other user processes started by the kernel has sp = user stack, gp = kernel __global_pointer$, all other integer registers zeroed by the memset in the patch comment. This is a bug in its own right, but I'm unwilling to bet that it is the only way to exploit the issue addressed by this patch. 2. ptrace(PTRACE_GETREGSET): you can PTRACE_ATTACH to a user_mode_helper thread before it execs, but ptrace requires SIGSTOP to be delivered which can only happen at user/kernel boundaries. 3. /proc/*/task/*/syscall: this is perfectly happy to read pt_regs for user_mode_helpers before the exec completes, but gp is not one of the registers it returns. 4. PERF_SAMPLE_REGS_USER: LOCKDOWN_PERF normally prevents access to kernel addresses via PERF_SAMPLE_REGS_INTR, but due to this bug kernel addresses are also exposed via PERF_SAMPLE_REGS_USER which is permitted under LOCKDOWN_PERF. I have not attempted to write exploit code. 5. Much of the tracing infrastructure allows access to user registers. I have not attempted to determine which forms of tracing allow access to user registers without already allowing access to kernel registers. Fixes: 7db91e57a0ac ("RISC-V: Task implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Stefan O'Rear <sorear(a)fastmail.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20240327061258.2370291-1-sorear@fastmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 6abeecbfc51d..e4bc61c4e58a 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -27,8 +27,6 @@ #include <asm/vector.h> #include <asm/cpufeature.h> -register unsigned long gp_in_global __asm__("gp"); - #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include <linux/stackprotector.h> unsigned long __stack_chk_guard __read_mostly; @@ -207,7 +205,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) if (unlikely(args->fn)) { /* Kernel thread */ memset(childregs, 0, sizeof(struct pt_regs)); - childregs->gp = gp_in_global; /* Supervisor/Machine, irqs on: */ childregs->status = SR_PP | SR_PIE;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] riscv: process: Fix kernel gp leakage" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d14fa1fcf69db9d070e75f1c4425211fa619dfc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040815-geometric-quaintly-f4a7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d14fa1fcf69d ("riscv: process: Fix kernel gp leakage") fea2fed201ee ("riscv: Enable per-task stack canaries") d7071743db31 ("RISC-V: Add EFI stub support.") f2c9699f6555 ("riscv: Add STACKPROTECTOR supported") a5d8e55b2c7d ("Merge tag 'v5.7-rc7' into efi/core, to refresh the branch and pick up fixes") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d14fa1fcf69db9d070e75f1c4425211fa619dfc8 Mon Sep 17 00:00:00 2001 From: Stefan O'Rear <sorear(a)fastmail.com> Date: Wed, 27 Mar 2024 02:12:58 -0400 Subject: [PATCH] riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs->gp is never used since the kernel gp is not touched by switch_to. For a user mode helper, the gp value can be observed in user space after execve or possibly by other means. [From the email thread] The /* Kernel thread */ comment is somewhat inaccurate in that it is also used for user_mode_helper threads, which exec a user process, e.g. /sbin/init or when /proc/sys/kernel/core_pattern is a pipe. Such threads do not have PF_KTHREAD set and are valid targets for ptrace etc. even before they exec. childregs is the *user* context during syscall execution and it is observable from userspace in at least five ways: 1. kernel_execve does not currently clear integer registers, so the starting register state for PID 1 and other user processes started by the kernel has sp = user stack, gp = kernel __global_pointer$, all other integer registers zeroed by the memset in the patch comment. This is a bug in its own right, but I'm unwilling to bet that it is the only way to exploit the issue addressed by this patch. 2. ptrace(PTRACE_GETREGSET): you can PTRACE_ATTACH to a user_mode_helper thread before it execs, but ptrace requires SIGSTOP to be delivered which can only happen at user/kernel boundaries. 3. /proc/*/task/*/syscall: this is perfectly happy to read pt_regs for user_mode_helpers before the exec completes, but gp is not one of the registers it returns. 4. PERF_SAMPLE_REGS_USER: LOCKDOWN_PERF normally prevents access to kernel addresses via PERF_SAMPLE_REGS_INTR, but due to this bug kernel addresses are also exposed via PERF_SAMPLE_REGS_USER which is permitted under LOCKDOWN_PERF. I have not attempted to write exploit code. 5. Much of the tracing infrastructure allows access to user registers. I have not attempted to determine which forms of tracing allow access to user registers without already allowing access to kernel registers. Fixes: 7db91e57a0ac ("RISC-V: Task implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Stefan O'Rear <sorear(a)fastmail.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20240327061258.2370291-1-sorear@fastmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 6abeecbfc51d..e4bc61c4e58a 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -27,8 +27,6 @@ #include <asm/vector.h> #include <asm/cpufeature.h> -register unsigned long gp_in_global __asm__("gp"); - #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include <linux/stackprotector.h> unsigned long __stack_chk_guard __read_mostly; @@ -207,7 +205,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) if (unlikely(args->fn)) { /* Kernel thread */ memset(childregs, 0, sizeof(struct pt_regs)); - childregs->gp = gp_in_global; /* Supervisor/Machine, irqs on: */ childregs->status = SR_PP | SR_PIE;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] riscv: process: Fix kernel gp leakage" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d14fa1fcf69db9d070e75f1c4425211fa619dfc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040813-decline-blinker-ebc3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d14fa1fcf69d ("riscv: process: Fix kernel gp leakage") fea2fed201ee ("riscv: Enable per-task stack canaries") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d14fa1fcf69db9d070e75f1c4425211fa619dfc8 Mon Sep 17 00:00:00 2001 From: Stefan O'Rear <sorear(a)fastmail.com> Date: Wed, 27 Mar 2024 02:12:58 -0400 Subject: [PATCH] riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs->gp is never used since the kernel gp is not touched by switch_to. For a user mode helper, the gp value can be observed in user space after execve or possibly by other means. [From the email thread] The /* Kernel thread */ comment is somewhat inaccurate in that it is also used for user_mode_helper threads, which exec a user process, e.g. /sbin/init or when /proc/sys/kernel/core_pattern is a pipe. Such threads do not have PF_KTHREAD set and are valid targets for ptrace etc. even before they exec. childregs is the *user* context during syscall execution and it is observable from userspace in at least five ways: 1. kernel_execve does not currently clear integer registers, so the starting register state for PID 1 and other user processes started by the kernel has sp = user stack, gp = kernel __global_pointer$, all other integer registers zeroed by the memset in the patch comment. This is a bug in its own right, but I'm unwilling to bet that it is the only way to exploit the issue addressed by this patch. 2. ptrace(PTRACE_GETREGSET): you can PTRACE_ATTACH to a user_mode_helper thread before it execs, but ptrace requires SIGSTOP to be delivered which can only happen at user/kernel boundaries. 3. /proc/*/task/*/syscall: this is perfectly happy to read pt_regs for user_mode_helpers before the exec completes, but gp is not one of the registers it returns. 4. PERF_SAMPLE_REGS_USER: LOCKDOWN_PERF normally prevents access to kernel addresses via PERF_SAMPLE_REGS_INTR, but due to this bug kernel addresses are also exposed via PERF_SAMPLE_REGS_USER which is permitted under LOCKDOWN_PERF. I have not attempted to write exploit code. 5. Much of the tracing infrastructure allows access to user registers. I have not attempted to determine which forms of tracing allow access to user registers without already allowing access to kernel registers. Fixes: 7db91e57a0ac ("RISC-V: Task implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Stefan O'Rear <sorear(a)fastmail.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20240327061258.2370291-1-sorear@fastmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 6abeecbfc51d..e4bc61c4e58a 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -27,8 +27,6 @@ #include <asm/vector.h> #include <asm/cpufeature.h> -register unsigned long gp_in_global __asm__("gp"); - #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include <linux/stackprotector.h> unsigned long __stack_chk_guard __read_mostly; @@ -207,7 +205,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) if (unlikely(args->fn)) { /* Kernel thread */ memset(childregs, 0, sizeof(struct pt_regs)); - childregs->gp = gp_in_global; /* Supervisor/Machine, irqs on: */ childregs->status = SR_PP | SR_PIE;

1 year, 5 months

1
0
0 0

[PATCH] drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init

by Maarten Lankhorst

Add a unreference bo in the error path, to prevent leaking a bo ref. Return 0 on success to clarify the success path. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/intel_fb_bo.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/display/intel_fb_bo.c b/drivers/gpu/drm/xe/display/intel_fb_bo.c index dba327f53ac5..e18521acc516 100644 --- a/drivers/gpu/drm/xe/display/intel_fb_bo.c +++ b/drivers/gpu/drm/xe/display/intel_fb_bo.c @@ -31,7 +31,7 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, ret = ttm_bo_reserve(&bo->ttm, true, false, NULL); if (ret) - return ret; + goto err; if (!(bo->flags & XE_BO_FLAG_SCANOUT)) { /* @@ -42,12 +42,16 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, */ if (XE_IOCTL_DBG(i915, !list_empty(&bo->ttm.base.gpuva.list))) { ttm_bo_unreserve(&bo->ttm); - return -EINVAL; + ret = -EINVAL; + goto err; } bo->flags |= XE_BO_FLAG_SCANOUT; } ttm_bo_unreserve(&bo->ttm); + return 0; +err: + xe_bo_put(bo); return ret; } -- 2.43.0

1 year, 5 months

2
1
0 0

Re: Patch "ASoC: tas2781: mark dvc_tlv with __maybe_unused" has been added to the 6.8-stable tree

by Gergo Koteles

Hi, On Sun, 2024-04-07 at 16:13 -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > ASoC: tas2781: mark dvc_tlv with __maybe_unused > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > asoc-tas2781-mark-dvc_tlv-with-__maybe_unused.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Is this necessary for stable? It only fixes a W=1 build warning. Regards, Gergo

1 year, 5 months

2
1
0 0

[PATCH v3 0/3] arm64: dts: hi3798cv200: fix GICR size, add cache info, maintenance irq and GICH, GICV spaces

by Yang Xiwen via B4 Relay

The patchset fixes some warnings reported by the kernel during boot. The cache size info is from Processor_Datasheet_v2XX.pdf [1], Section 2.2.1 Master Processor. The cache line size and the set-associative info are from Cortex-A53 Documentation [2]. From the doc, it can be concluded that L1 i-cache is 4-way assoc, L1 d-cache is 2-way assoc and L2 cache is 16-way assoc. Calculate the dts props accordingly. Also, to use KVM's VGIC code, GICH, GICV registers spaces and maintenance IRQ are added to the dts with verification. [1]: https://github.com/96boards/documentation/blob/master/enterprise/poplar/har… [2]: https://developer.arm.com/documentation/ddi0500/j/Level-1-Memory-System Signed-off-by: Yang Xiwen <forbidden405(a)outlook.com> --- Changes in v3: - send patches to stable (Andrew Lunn) - rewrite the commit logs more formally (Andrew Lunn) - rename l2-cache0 to l2-cache (Krzysztof Kozlowski) - Link to v2: https://lore.kernel.org/r/20240218-cache-v2-0-1fd919e2bd3e@outlook.com Changes in v2: - arm64: dts: hi3798cv200: add GICH, GICV register spces and maintainance IRQ. - Link to v1: https://lore.kernel.org/r/20240218-cache-v1-0-2c0a8a4472e7@outlook.com --- Yang Xiwen (3): arm64: dts: hi3798cv200: fix the size of GICR arm64: dts: hi3798cv200: add GICH, GICV register space and irq arm64: dts: hi3798cv200: add cache info arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 43 +++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) --- base-commit: 8d3dea210042f54b952b481838c1e7dfc4ec751d change-id: 20240218-cache-11c8bf7566c2 Best regards, -- Yang Xiwen <forbidden405(a)outlook.com>

1 year, 5 months

5
13
0 0

[PATCH 6/8] accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE

by Jacek Lawrynowicz

DRM_IVPU_PARAM_CORE_CLOCK_RATE returned current NPU frequency which could be 0 if device was sleeping. This value wasn't really useful to the user space, so return max freq instead which can be used to estimate NPU performance. Fixes: c39dc15191c4 ("accel/ivpu: Read clock rate only if device is up") Cc: <stable(a)vger.kernel.org> # v6.7 Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_drv.c | 18 +----------------- drivers/accel/ivpu/ivpu_hw.h | 6 ++++++ drivers/accel/ivpu/ivpu_hw_37xx.c | 7 ++++--- drivers/accel/ivpu/ivpu_hw_40xx.c | 6 ++++++ 4 files changed, 17 insertions(+), 20 deletions(-) diff --git a/drivers/accel/ivpu/ivpu_drv.c b/drivers/accel/ivpu/ivpu_drv.c index 303d92753387..77283daaedd1 100644 --- a/drivers/accel/ivpu/ivpu_drv.c +++ b/drivers/accel/ivpu/ivpu_drv.c @@ -131,22 +131,6 @@ static int ivpu_get_capabilities(struct ivpu_device *vdev, struct drm_ivpu_param return 0; } -static int ivpu_get_core_clock_rate(struct ivpu_device *vdev, u64 *clk_rate) -{ - int ret; - - ret = ivpu_rpm_get_if_active(vdev); - if (ret < 0) - return ret; - - *clk_rate = ret ? ivpu_hw_reg_pll_freq_get(vdev) : 0; - - if (ret) - ivpu_rpm_put(vdev); - - return 0; -} - static int ivpu_get_param_ioctl(struct drm_device *dev, void *data, struct drm_file *file) { struct ivpu_file_priv *file_priv = file->driver_priv; @@ -170,7 +154,7 @@ static int ivpu_get_param_ioctl(struct drm_device *dev, void *data, struct drm_f args->value = vdev->platform; break; case DRM_IVPU_PARAM_CORE_CLOCK_RATE: - ret = ivpu_get_core_clock_rate(vdev, &args->value); + args->value = ivpu_hw_ratio_to_freq(vdev, vdev->hw->pll.max_ratio); break; case DRM_IVPU_PARAM_NUM_CONTEXTS: args->value = ivpu_get_context_count(vdev); diff --git a/drivers/accel/ivpu/ivpu_hw.h b/drivers/accel/ivpu/ivpu_hw.h index b2909168a0a6..094c659d2800 100644 --- a/drivers/accel/ivpu/ivpu_hw.h +++ b/drivers/accel/ivpu/ivpu_hw.h @@ -21,6 +21,7 @@ struct ivpu_hw_ops { u32 (*profiling_freq_get)(struct ivpu_device *vdev); void (*profiling_freq_drive)(struct ivpu_device *vdev, bool enable); u32 (*reg_pll_freq_get)(struct ivpu_device *vdev); + u32 (*ratio_to_freq)(struct ivpu_device *vdev, u32 ratio); u32 (*reg_telemetry_offset_get)(struct ivpu_device *vdev); u32 (*reg_telemetry_size_get)(struct ivpu_device *vdev); u32 (*reg_telemetry_enable_get)(struct ivpu_device *vdev); @@ -130,6 +131,11 @@ static inline u32 ivpu_hw_reg_pll_freq_get(struct ivpu_device *vdev) return vdev->hw->ops->reg_pll_freq_get(vdev); }; +static inline u32 ivpu_hw_ratio_to_freq(struct ivpu_device *vdev, u32 ratio) +{ + return vdev->hw->ops->ratio_to_freq(vdev, ratio); +} + static inline u32 ivpu_hw_reg_telemetry_offset_get(struct ivpu_device *vdev) { return vdev->hw->ops->reg_telemetry_offset_get(vdev); diff --git a/drivers/accel/ivpu/ivpu_hw_37xx.c b/drivers/accel/ivpu/ivpu_hw_37xx.c index 5e2865f9f7d6..bd25e2d9fb0f 100644 --- a/drivers/accel/ivpu/ivpu_hw_37xx.c +++ b/drivers/accel/ivpu/ivpu_hw_37xx.c @@ -803,12 +803,12 @@ static void ivpu_hw_37xx_profiling_freq_drive(struct ivpu_device *vdev, bool ena /* Profiling freq - is a debug feature. Unavailable on VPU 37XX. */ } -static u32 ivpu_hw_37xx_pll_to_freq(u32 ratio, u32 config) +static u32 ivpu_hw_37xx_ratio_to_freq(struct ivpu_device *vdev, u32 ratio) { u32 pll_clock = PLL_REF_CLK_FREQ * ratio; u32 cpu_clock; - if ((config & 0xff) == PLL_RATIO_4_3) + if ((vdev->hw->config & 0xff) == PLL_RATIO_4_3) cpu_clock = pll_clock * 2 / 4; else cpu_clock = pll_clock * 2 / 5; @@ -827,7 +827,7 @@ static u32 ivpu_hw_37xx_reg_pll_freq_get(struct ivpu_device *vdev) if (!ivpu_is_silicon(vdev)) return PLL_SIMULATION_FREQ; - return ivpu_hw_37xx_pll_to_freq(pll_curr_ratio, vdev->hw->config); + return ivpu_hw_37xx_ratio_to_freq(vdev, pll_curr_ratio); } static u32 ivpu_hw_37xx_reg_telemetry_offset_get(struct ivpu_device *vdev) @@ -1050,6 +1050,7 @@ const struct ivpu_hw_ops ivpu_hw_37xx_ops = { .profiling_freq_get = ivpu_hw_37xx_profiling_freq_get, .profiling_freq_drive = ivpu_hw_37xx_profiling_freq_drive, .reg_pll_freq_get = ivpu_hw_37xx_reg_pll_freq_get, + .ratio_to_freq = ivpu_hw_37xx_ratio_to_freq, .reg_telemetry_offset_get = ivpu_hw_37xx_reg_telemetry_offset_get, .reg_telemetry_size_get = ivpu_hw_37xx_reg_telemetry_size_get, .reg_telemetry_enable_get = ivpu_hw_37xx_reg_telemetry_enable_get, diff --git a/drivers/accel/ivpu/ivpu_hw_40xx.c b/drivers/accel/ivpu/ivpu_hw_40xx.c index e4eddbf5d11c..b0b88d4c8926 100644 --- a/drivers/accel/ivpu/ivpu_hw_40xx.c +++ b/drivers/accel/ivpu/ivpu_hw_40xx.c @@ -980,6 +980,11 @@ static u32 ivpu_hw_40xx_reg_pll_freq_get(struct ivpu_device *vdev) return PLL_RATIO_TO_FREQ(pll_curr_ratio); } +static u32 ivpu_hw_40xx_ratio_to_freq(struct ivpu_device *vdev, u32 ratio) +{ + return PLL_RATIO_TO_FREQ(ratio); +} + static u32 ivpu_hw_40xx_reg_telemetry_offset_get(struct ivpu_device *vdev) { return REGB_RD32(VPU_40XX_BUTTRESS_VPU_TELEMETRY_OFFSET); @@ -1230,6 +1235,7 @@ const struct ivpu_hw_ops ivpu_hw_40xx_ops = { .profiling_freq_get = ivpu_hw_40xx_profiling_freq_get, .profiling_freq_drive = ivpu_hw_40xx_profiling_freq_drive, .reg_pll_freq_get = ivpu_hw_40xx_reg_pll_freq_get, + .ratio_to_freq = ivpu_hw_40xx_ratio_to_freq, .reg_telemetry_offset_get = ivpu_hw_40xx_reg_telemetry_offset_get, .reg_telemetry_size_get = ivpu_hw_40xx_reg_telemetry_size_get, .reg_telemetry_enable_get = ivpu_hw_40xx_reg_telemetry_enable_get, -- 2.43.2

1 year, 5 months

2
2
0 0

[PATCH v5 00/10] x86/sev: KEXEC/KDUMP support for SEV-ES guests

by vsntk18＠gmail.com

From: Vasant Karasulli <vkarasulli(a)suse.de> Hi, here are changes to enable kexec/kdump in SEV-ES guests. The biggest problem for supporting kexec/kdump under SEV-ES is to find a way to hand the non-boot CPUs (APs) from one kernel to another. Without SEV-ES the first kernel parks the CPUs in a HLT loop until they get reset by the kexec'ed kernel via an INIT-SIPI-SIPI sequence. For virtual machines the CPU reset is emulated by the hypervisor, which sets the vCPU registers back to reset state. This does not work under SEV-ES, because the hypervisor has no access to the vCPU registers and can't make modifications to them. So an SEV-ES guest needs to reset the vCPU itself and park it using the AP-reset-hold protocol. Upon wakeup the guest needs to jump to real-mode and to the reset-vector configured in the AP-Jump-Table. The code to do this is the main part of this patch-set. It works by placing code on the AP Jump-Table page itself to park the vCPU and for jumping to the reset vector upon wakeup. The code on the AP Jump Table runs in 16-bit protected mode with segment base set to the beginning of the page. The AP Jump-Table is usually not within the first 1MB of memory, so the code can't run in real-mode. The AP Jump-Table is the best place to put the parking code, because the memory is owned, but read-only by the firmware and writeable by the OS. Only the first 4 bytes are used for the reset-vector, leaving the rest of the page for code/data/stack to park a vCPU. The code can't be in kernel memory because by the time the vCPU wakes up the memory will be owned by the new kernel, which might have overwritten it already. The other patches add initial GHCB Version 2 protocol support, because kexec/kdump need the MSR-based (without a GHCB) AP-reset-hold VMGEXIT, which is a GHCB protocol version 2 feature. The kexec'ed kernel is also entered via the decompressor and needs MMIO support there, so this patch-set also adds MMIO #VC support to the decompressor and support for handling CLFLUSH instructions. Finally there is also code to disable kexec/kdump support at runtime when the environment does not support it (e.g. no GHCB protocol version 2 support or AP Jump Table over 4GB). The diffstat looks big, but most of it is moving code for MMIO #VC support around to make it available to the decompressor. The previous version of this patch-set can be found here: https://lore.kernel.org/kvm/20240311161727.14916-1-vsntk18@gmail.com/ Please review. Thanks, Vasant Changes v4->v5: - Rebased to v6.9-rc2 kernel - Applied review comments by Tom Lendacky - Exclude the AP jump table related code for SEV-SNP guests Changes v3->v4: - Rebased to v6.8 kernel - Applied review comments by Sean Christopherson - Combined sev_es_setup_ap_jump_table() and sev_setup_ap_jump_table() into a single function which makes caching jump table address unnecessary - annotated struct sev_ap_jump_table_header with __packed attribute - added code to set up real mode data segment at boot time instead of hardcoding the value. Changes v2->v3: - Rebased to v5.17-rc1 - Applied most review comments by Boris - Use the name 'AP jump table' consistently - Make kexec-disabling for unsupported guests x86-specific - Cleanup and consolidate patches to detect GHCB v2 protocol support Joerg Roedel (9): x86/kexec/64: Disable kexec when SEV-ES is active x86/sev: Save and print negotiated GHCB protocol version x86/sev: Set GHCB data structure version x86/sev: Setup code to park APs in the AP Jump Table x86/sev: Park APs on AP Jump Table with GHCB protocol version 2 x86/sev: Use AP Jump Table blob to stop CPU x86/sev: Add MMIO handling support to boot/compressed/ code x86/sev: Handle CLFLUSH MMIO events x86/kexec/64: Support kexec under SEV-ES with AP Jump Table Blob Vasant Karasulli (1): x86/sev: Exclude AP jump table related code for SEV-SNP guests arch/x86/boot/compressed/sev.c | 45 +- arch/x86/include/asm/insn-eval.h | 1 + arch/x86/include/asm/realmode.h | 5 + arch/x86/include/asm/sev-ap-jumptable.h | 30 + arch/x86/include/asm/sev.h | 7 + arch/x86/kernel/machine_kexec_64.c | 12 + arch/x86/kernel/process.c | 8 + arch/x86/kernel/sev-shared.c | 234 +++++- arch/x86/kernel/sev.c | 376 +++++----- arch/x86/lib/insn-eval-shared.c | 921 ++++++++++++++++++++++++ arch/x86/lib/insn-eval.c | 911 +---------------------- arch/x86/realmode/Makefile | 9 +- arch/x86/realmode/init.c | 5 +- arch/x86/realmode/rm/Makefile | 11 +- arch/x86/realmode/rm/header.S | 3 + arch/x86/realmode/rm/sev.S | 85 +++ arch/x86/realmode/rmpiggy.S | 6 + arch/x86/realmode/sev/Makefile | 33 + arch/x86/realmode/sev/ap_jump_table.S | 131 ++++ arch/x86/realmode/sev/ap_jump_table.lds | 24 + 20 files changed, 1711 insertions(+), 1146 deletions(-) create mode 100644 arch/x86/include/asm/sev-ap-jumptable.h create mode 100644 arch/x86/lib/insn-eval-shared.c create mode 100644 arch/x86/realmode/rm/sev.S create mode 100644 arch/x86/realmode/sev/Makefile create mode 100644 arch/x86/realmode/sev/ap_jump_table.S create mode 100644 arch/x86/realmode/sev/ap_jump_table.lds base-commit: 39cd87c4eb2b893354f3b850f916353f2658ae6f -- 2.34.1

1 year, 5 months

2
10
0 0

[PATCH] spmi: hisi-spmi-controller: Do not override device identifier

by Vamshi Gajjela

'nr' member of struct spmi_controller, which serves as an identifier for the controller/bus. This value is a dynamic ID assigned in spmi_controller_alloc, and overriding it from the driver results in an ida_free error "ida_free called for id=xx which is not allocated". Signed-off-by: Vamshi Gajjela <vamshigajjela(a)google.com> Fixes: 70f59c90c819 ("staging: spmi: add Hikey 970 SPMI controller driver") Cc: stable(a)vger.kernel.org --- drivers/spmi/hisi-spmi-controller.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/spmi/hisi-spmi-controller.c b/drivers/spmi/hisi-spmi-controller.c index 674a350cc676..fa068b34b040 100644 --- a/drivers/spmi/hisi-spmi-controller.c +++ b/drivers/spmi/hisi-spmi-controller.c @@ -300,7 +300,6 @@ static int spmi_controller_probe(struct platform_device *pdev) spin_lock_init(&spmi_controller->lock); - ctrl->nr = spmi_controller->channel; ctrl->dev.parent = pdev->dev.parent; ctrl->dev.of_node = of_node_get(pdev->dev.of_node); -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 5 months

4
3
0 0

[PATCH AUTOSEL 6.8 01/28] tools: iio: replace seekdir() in iio_generic_buffer

by Sasha Levin

From: Petre Rodan <petre.rodan(a)subdimension.ro> [ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ] Replace seekdir() with rewinddir() in order to fix a localized glibc bug. One of the glibc patches that stable Gentoo is using causes an improper directory stream positioning bug on 32bit arm. That in turn ends up as a floating point exception in iio_generic_buffer. The attached patch provides a fix by using an equivalent function which should not cause trouble for other distros and is easier to reason about in general as it obviously always goes back to to the start. https://sourceware.org/bugzilla/show_bug.cgi?id=31212 Signed-off-by: Petre Rodan <petre.rodan(a)subdimension.ro> Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/iio/iio_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c index 6a00a6eecaef0..c5c5082cb24e5 100644 --- a/tools/iio/iio_utils.c +++ b/tools/iio/iio_utils.c @@ -376,7 +376,7 @@ int build_channel_array(const char *device_dir, int buffer_idx, goto error_close_dir; } - seekdir(dp, 0); + rewinddir(dp); while (ent = readdir(dp), ent) { if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), "_en") == 0) { -- 2.43.0

1 year, 5 months

2
29
0 0

[PATCH AUTOSEL 6.1 01/52] drm/vc4: don't check if plane->state->fb == state->fb

by Sasha Levin

From: Maíra Canal <mcanal(a)igalia.com> [ Upstream commit 5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 ] Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32 [ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0 [ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0 [ 110.909170] sp : ffffffc00913b9c0 [ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60 [ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480 [ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78 [ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000 [ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004 [ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003 [ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00 [ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572 [ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000 [ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001 [ 110.909434] Call trace: [ 110.909441] refcount_dec_not_one+0xb8/0xc0 [ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4] [ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4] [ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper] [ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4] [ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper] [ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper] [ 110.911716] drm_atomic_commit+0xb0/0xdc [drm] [ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm] [ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm] [ 110.914091] drm_ioctl+0x24c/0x3b0 [drm] [ 110.914850] __arm64_sys_ioctl+0x9c/0xd4 [ 110.914873] invoke_syscall+0x4c/0x114 [ 110.914897] el0_svc_common+0xd0/0x118 [ 110.914917] do_el0_svc+0x38/0xd0 [ 110.914936] el0_svc+0x30/0x8c [ 110.914958] el0t_64_sync_handler+0x84/0xf0 [ 110.914979] el0t_64_sync+0x18c/0x190 [ 110.914996] ---[ end trace 0000000000000000 ]--- This happens because, although `prepare_fb` and `cleanup_fb` are perfectly balanced, we cannot guarantee consistency in the check plane->state->fb == state->fb. This means that sometimes we can increase the refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The opposite can also be true. In fact, the struct drm_plane .state shouldn't be accessed directly but instead, the `drm_atomic_get_new_plane_state()` helper function should be used. So, we could stick to this check, but using `drm_atomic_get_new_plane_state()`. But actually, this check is not really needed. We can increase and decrease the refcount symmetrically without problems. This is going to make the code more simple and consistent. Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Acked-by: Maxime Ripard <mripard(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240105175908.242000-1-mcana… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/vc4/vc4_plane.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index eb08020154f30..7e6648b277b25 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -1415,9 +1415,6 @@ static int vc4_prepare_fb(struct drm_plane *plane, drm_gem_plane_helper_prepare_fb(plane, state); - if (plane->state->fb == state->fb) - return 0; - return vc4_bo_inc_usecnt(bo); } @@ -1426,7 +1423,7 @@ static void vc4_cleanup_fb(struct drm_plane *plane, { struct vc4_bo *bo; - if (plane->state->fb == state->fb || !state->fb) + if (!state->fb) return; bo = to_vc4_bo(&drm_fb_dma_get_gem_obj(state->fb, 0)->base); -- 2.43.0

1 year, 5 months

2
53
0 0

[PATCH AUTOSEL 6.6 01/75] drm/vc4: don't check if plane->state->fb == state->fb

by Sasha Levin

From: Maíra Canal <mcanal(a)igalia.com> [ Upstream commit 5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 ] Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32 [ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0 [ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0 [ 110.909170] sp : ffffffc00913b9c0 [ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60 [ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480 [ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78 [ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000 [ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004 [ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003 [ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00 [ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572 [ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000 [ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001 [ 110.909434] Call trace: [ 110.909441] refcount_dec_not_one+0xb8/0xc0 [ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4] [ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4] [ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper] [ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4] [ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper] [ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper] [ 110.911716] drm_atomic_commit+0xb0/0xdc [drm] [ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm] [ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm] [ 110.914091] drm_ioctl+0x24c/0x3b0 [drm] [ 110.914850] __arm64_sys_ioctl+0x9c/0xd4 [ 110.914873] invoke_syscall+0x4c/0x114 [ 110.914897] el0_svc_common+0xd0/0x118 [ 110.914917] do_el0_svc+0x38/0xd0 [ 110.914936] el0_svc+0x30/0x8c [ 110.914958] el0t_64_sync_handler+0x84/0xf0 [ 110.914979] el0t_64_sync+0x18c/0x190 [ 110.914996] ---[ end trace 0000000000000000 ]--- This happens because, although `prepare_fb` and `cleanup_fb` are perfectly balanced, we cannot guarantee consistency in the check plane->state->fb == state->fb. This means that sometimes we can increase the refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The opposite can also be true. In fact, the struct drm_plane .state shouldn't be accessed directly but instead, the `drm_atomic_get_new_plane_state()` helper function should be used. So, we could stick to this check, but using `drm_atomic_get_new_plane_state()`. But actually, this check is not really needed. We can increase and decrease the refcount symmetrically without problems. This is going to make the code more simple and consistent. Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Acked-by: Maxime Ripard <mripard(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240105175908.242000-1-mcana… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/vc4/vc4_plane.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index 00e713faecd5a..5948e34f7f813 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -1505,9 +1505,6 @@ static int vc4_prepare_fb(struct drm_plane *plane, drm_gem_plane_helper_prepare_fb(plane, state); - if (plane->state->fb == state->fb) - return 0; - return vc4_bo_inc_usecnt(bo); } @@ -1516,7 +1513,7 @@ static void vc4_cleanup_fb(struct drm_plane *plane, { struct vc4_bo *bo; - if (plane->state->fb == state->fb || !state->fb) + if (!state->fb) return; bo = to_vc4_bo(&drm_fb_dma_get_gem_obj(state->fb, 0)->base); -- 2.43.0

1 year, 5 months

2
76
0 0

[PATCH AUTOSEL 6.8 01/68] wifi: ath9k: fix LNA selection in ath_ant_try_scan()

by Sasha Levin

From: Dmitry Antipov <dmantipov(a)yandex.ru> [ Upstream commit d6b27eb997ef9a2aa51633b3111bc4a04748e6d3 ] In 'ath_ant_try_scan()', (most likely) the 2nd LNA's signal strength should be used in comparison against RSSI when selecting first LNA as the main one. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Acked-by: Toke Høiland-Jørgensen <toke(a)toke.dk> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://msgid.link/20231211172502.25202-1-dmantipov@yandex.ru Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath9k/antenna.c b/drivers/net/wireless/ath/ath9k/antenna.c index 988222cea9dfe..acc84e6711b0e 100644 --- a/drivers/net/wireless/ath/ath9k/antenna.c +++ b/drivers/net/wireless/ath/ath9k/antenna.c @@ -643,7 +643,7 @@ static void ath_ant_try_scan(struct ath_ant_comb *antcomb, conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; } else if (antcomb->rssi_sub > - antcomb->rssi_lna1) { + antcomb->rssi_lna2) { /* set to A-B */ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2; -- 2.43.0

1 year, 5 months

3
72
0 0

[PATCH v2] phy: freescale: imx8m-pcie: fix pcie link-up instability

by Marcel Ziswiler

From: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> On the i.MX 8M Mini, the AUX_PLL_REFCLK_SEL has to be left at its reset default of AUX_IN (PLL clock). Background Information: In our automated testing setup, we use Delock Mini-PCIe SATA cards [1]. While this setup has proven very stable overall we noticed upstream on the i.MX 8M Mini fails quite regularly (about 50/50) to bring up the PCIe link while with NXP's downstream BSP 5.15.71_2.2.2 it always works. As that old downstream stuff was quite different, I first also tried NXP's latest downstream BSP 6.1.55_2.2.0 which from a PCIe point of view is fairly vanilla, however, also there the PCIe link-up was not stable. Comparing and debugging I noticed that upstream explicitly configures the AUX_PLL_REFCLK_SEL to I_PLL_REFCLK_FROM_SYSPLL while working downstream [2] leaving it at reset defaults of AUX_IN (PLL clock). Unfortunately, the TRM does not mention any further details about this register (both for the i.MX 8M Mini as well as the Plus). NXP confirmed their validation codes for the i.MX8MM PCIe doesn't configure cmn_reg063 (offset: 0x18C). BTW: On the i.MX 8M Plus we have not seen any issues with PCIe with the exact same setup which is why I left it unchanged. [1] https://www.delock.com/produkt/95233/merkmale.html [2] https://github.com/nxp-imx/linux-imx/blob/lf-5.15.71-2.2.0/drivers/pci/cont… Fixes: 1aa97b002258 ("phy: freescale: pcie: Initialize the imx8 pcie standalone phy driver") Cc: stable(a)vger.kernel.org # 6.1.x: ca679c49: phy: freescale: imx8m-pcie: Refine i.MX8MM PCIe PHY driver Cc: stable(a)vger.kernel.org # 6.1.x Signed-off-by: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Reviewed-by: Richard Zhu <hongxing.zhu(a)nxp.com> Link: https://lore.kernel.org/all/AS8PR04MB867661386FEA07649771FBE18C362@AS8PR04M… --- Changes in v2: - Reword the commmit message. - Meld the background information from the cover letter into the commit message as suggested by Fabio. Thanks! - Document NXP's confirmation from their validation codes and add Richard Zhu's reviewed-by. Thanks! drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c index b700f52b7b67..11fcb1867118 100644 --- a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c +++ b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c @@ -110,8 +110,10 @@ static int imx8_pcie_phy_power_on(struct phy *phy) /* Source clock from SoC internal PLL */ writel(ANA_PLL_CLK_OUT_TO_EXT_IO_SEL, imx8_phy->base + IMX8MM_PCIE_PHY_CMN_REG062); - writel(AUX_PLL_REFCLK_SEL_SYS_PLL, - imx8_phy->base + IMX8MM_PCIE_PHY_CMN_REG063); + if (imx8_phy->drvdata->variant != IMX8MM) { + writel(AUX_PLL_REFCLK_SEL_SYS_PLL, + imx8_phy->base + IMX8MM_PCIE_PHY_CMN_REG063); + } val = ANA_AUX_RX_TX_SEL_TX | ANA_AUX_TX_TERM; writel(val | ANA_AUX_RX_TERM_GND_EN, imx8_phy->base + IMX8MM_PCIE_PHY_CMN_REG064); -- 2.44.0

1 year, 5 months

3
3
0 0

[PATCH v3] rust: make mutually exclusive with CFI_CLANG

by Conor Dooley

From: Conor Dooley <conor.dooley(a)microchip.com> On RISC-V and arm64, and presumably x86, if CFI_CLANG is enabled, loading a rust module will trigger a kernel panic. Support for sanitisers, including kcfi (CFI_CLANG), is in the works, but for now they're nightly-only options in rustc. Make RUST depend on !CFI_CLANG to prevent configuring a kernel without symmetrical support for kfi. Fixes: 2f7ab1267dc9 ("Kbuild: add Rust support") cc: stable(a)vger.kernel.org Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- Sending this one on its own, there's no explicit dep on this for the riscv enabling patch, v3 to continue the numbering from there. Nothing has changed since v2. CC: Miguel Ojeda <ojeda(a)kernel.org> CC: Alex Gaynor <alex.gaynor(a)gmail.com> CC: Wedson Almeida Filho <wedsonaf(a)gmail.com> CC: linux-kernel(a)vger.kernel.org (open list) CC: rust-for-linux(a)vger.kernel.org CC: Sami Tolvanen <samitolvanen(a)google.com> CC: Kees Cook <keescook(a)chromium.org> CC: Nathan Chancellor <nathan(a)kernel.org> CC: llvm(a)lists.linux.dev --- init/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/init/Kconfig b/init/Kconfig index aa02aec6aa7d..ad9a2da27dc9 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1899,6 +1899,7 @@ config RUST bool "Rust support" depends on HAVE_RUST depends on RUST_IS_AVAILABLE + depends on !CFI_CLANG depends on !MODVERSIONS depends on !GCC_PLUGINS depends on !RANDSTRUCT -- 2.43.0

1 year, 5 months

5
8
0 0

[PATCH v4] rust: init: remove impl Zeroable for Infallible

by Laine Taffin Altman

In Rust, producing an invalid value of any type is immediate undefined behavior (UB); this includes via zeroing memory. Therefore, since an uninhabited type has no valid values, producing any values at all for it is UB. The Rust standard library type `core::convert::Infallible` is uninhabited, by virtue of having been declared as an enum with no cases, which always produces uninhabited types in Rust. The current kernel code allows this UB to be triggered, for example by code like `Box::<core::convert::Infallible>::init(kernel::init::zeroed())`. Thus, remove the implementation of `Zeroable` for `Infallible`, thereby avoiding the unsoundness (potential for future UB). Cc: stable(a)vger.kernel.org Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function") Closes: https://github.com/Rust-for-Linux/pinned-init/pull/13 Signed-off-by: Laine Taffin Altman <alexanderaltman(a)me.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Reviewed-by: Boqun Feng <boqun.feng(a)gmail.com> --- V3 -> V4: Address review nits; run checkpatch properly. V2 -> V3: Email formatting correction. V1 -> V2: Added more documentation to the comment, with links; also added more details to the commit message. rust/kernel/init.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 424257284d16..3859c7ff81b7 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -1292,8 +1292,15 @@ macro_rules! impl_zeroable { i8, i16, i32, i64, i128, isize, f32, f64, - // SAFETY: These are ZSTs, there is nothing to zero. - {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, Infallible, (), + // Note: do not add uninhabited types (such as `!` or `core::convert::Infallible`) to this list; + // creating an instance of an uninhabited type is immediate undefined behavior. For more on + // uninhabited/empty types, consult The Rustonomicon: + // https://doc.rust-lang.org/stable/nomicon/exotic-sizes.html#empty-types The Rust Reference + // also has information on undefined behavior: + // https://doc.rust-lang.org/stable/reference/behavior-considered-undefined.ht… + // + // SAFETY: These are inhabited ZSTs; there is nothing to zero and a valid value exists. + {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, (), // SAFETY: Type is allowed to take any value, including all zeros. {<T>} MaybeUninit<T>, base-commit: c85af715cac0a951eea97393378e84bb49384734 -- 2.44.0

1 year, 5 months

3
6
0 0

Re: Patch "usb: typec: ucsi: Check for notifications after init" has been added to the 6.8-stable tree

by Christian Ehrhardt

Hi Sasha, On Sun, Apr 07, 2024 at 08:53:40AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > usb: typec: ucsi: Check for notifications after init > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… This patch contains an out of bounds memory access and should not be included in the stable backports until a fix is available. A fix is already queued in Greg's usb-linus branch. Please drop the above patch from all stable trees for now. Sorry for the inconvenience. > The filename of the patch is: > usb-typec-ucsi-check-for-notifications-after-init.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 903bfed719f3e87b607956bbe4d855c71831a43a > Author: Christian A. Ehrhardt <lk(a)c--e.de> > Date: Wed Mar 20 08:39:23 2024 +0100 > > usb: typec: ucsi: Check for notifications after init > > [ Upstream commit 808a8b9e0b87bbc72bcc1f7ddfe5d04746e7ce56 ] > > The completion notification for the final SET_NOTIFICATION_ENABLE > command during initialization can include a connector change > notification. However, at the time this completion notification is > processed, the ucsi struct is not ready to handle this notification. > As a result the notification is ignored and the controller > never sends an interrupt again. > > Re-check CCI for a pending connector state change after > initialization is complete. Adjust the corresponding debug > message accordingly. > > Fixes: 71a1fa0df2a3 ("usb: typec: ucsi: Store the notification mask") > Cc: stable(a)vger.kernel.org > Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> > Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> > Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> # on SM8550-QRD > Link: https://lore.kernel.org/r/20240320073927.1641788-3-lk@c--e.de > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c > index 0bfe5e906e543..96da828f556a9 100644 > --- a/drivers/usb/typec/ucsi/ucsi.c > +++ b/drivers/usb/typec/ucsi/ucsi.c > @@ -962,7 +962,7 @@ void ucsi_connector_change(struct ucsi *ucsi, u8 num) > struct ucsi_connector *con = &ucsi->connector[num - 1]; > > if (!(ucsi->ntfy & UCSI_ENABLE_NTFY_CONNECTOR_CHANGE)) { > - dev_dbg(ucsi->dev, "Bogus connector change event\n"); > + dev_dbg(ucsi->dev, "Early connector change event\n"); > return; > } > > @@ -1393,6 +1393,7 @@ static int ucsi_init(struct ucsi *ucsi) > { > struct ucsi_connector *con, *connector; > u64 command, ntfy; > + u32 cci; > int ret; > int i; > > @@ -1445,6 +1446,13 @@ static int ucsi_init(struct ucsi *ucsi) > > ucsi->connector = connector; > ucsi->ntfy = ntfy; > + > + ret = ucsi->ops->read(ucsi, UCSI_CCI, &cci, sizeof(cci)); > + if (ret) > + return ret; > + if (UCSI_CCI_CONNECTOR(READ_ONCE(cci))) > + ucsi_connector_change(ucsi, cci); > + > return 0; > > err_unregister: > Best regards Christian

1 year, 5 months

1
0
0 0

[PATCH 0/3] dmaengine: xilinx: xdma: Various fixes for xdma

by Louis Chauvet

The current driver have some issues, this series fixes them. PATCH 1 is fixing a wrong offset computation in the dma descriptor address PATCH 2 is fixing the xdma_synchronize callback, which was not waiting properly for the last transfer. PATCH 3 is clarifing the documentation for xdma_fill_descs --- Louis Chauvet (1): dmaengine: xilinx: xdma: Fix synchronization issue Miquel Raynal (2): dmaengine: xilinx: xdma: Fix wrong offsets in the buffers addresses in dma descriptor dmaengine: xilinx: xdma: Clarify kdoc in XDMA driver drivers/dma/xilinx/xdma-regs.h | 3 +++ drivers/dma/xilinx/xdma.c | 42 +++++++++++++++++++++++++++--------------- 2 files changed, 30 insertions(+), 15 deletions(-) --- base-commit: 8e938e39866920ddc266898e6ae1fffc5c8f51aa change-id: 20240322-digigram-xdma-fixes-aa13451b7474 Best regards, -- Louis Chauvet <louis.chauvet(a)bootlin.com>

1 year, 5 months

5
9
0 0

[PATCH net v4] virtio_net: Do not send RSS key if it is not supported

by Breno Leitao

There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_commit_rss_command() 3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather 4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size; 5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function): if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed"); 6) virtio_error() (also QEMU function) set the device as broken vdev->broken = true; 7) Qemu bails out, and do not repond this crazy kernel. 8) The kernel is waiting for the response to come back (function virtnet_send_command()) 9) The kernel is waiting doing the following : while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) cpu_relax(); 10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu `vdev->broken`, so, it never realizes that the vitio is broken at QEMU side. Fix it by not sending RSS commands if the feature is not available in the device. Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") Cc: stable(a)vger.kernel.org Cc: qemu-devel(a)nongnu.org Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> --- Changelog: V2: * Moved from creating a valid packet, by rejecting the request completely. V3: * Got some good feedback from and Xuan Zhuo and Heng Qi, and reworked the rejection path. V4: * Added a comment in an "if" clause, as suggested by Michael S. Tsirkin. --- drivers/net/virtio_net.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index c22d1118a133..115c3c5414f2 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3807,6 +3807,7 @@ static int virtnet_set_rxfh(struct net_device *dev, struct netlink_ext_ack *extack) { struct virtnet_info *vi = netdev_priv(dev); + bool update = false; int i; if (rxfh->hfunc != ETH_RSS_HASH_NO_CHANGE && @@ -3814,13 +3815,28 @@ static int virtnet_set_rxfh(struct net_device *dev, return -EOPNOTSUPP; if (rxfh->indir) { + if (!vi->has_rss) + return -EOPNOTSUPP; + for (i = 0; i < vi->rss_indir_table_size; ++i) vi->ctrl->rss.indirection_table[i] = rxfh->indir[i]; + update = true; } - if (rxfh->key) + + if (rxfh->key) { + /* If either _F_HASH_REPORT or _F_RSS are negotiated, the + * device provides hash calculation capabilities, that is, + * hash_key is configured. + */ + if (!vi->has_rss && !vi->has_rss_hash_report) + return -EOPNOTSUPP; + memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); + update = true; + } - virtnet_commit_rss_command(vi); + if (update) + virtnet_commit_rss_command(vi); return 0; } @@ -4729,13 +4745,15 @@ static int virtnet_probe(struct virtio_device *vdev) if (virtio_has_feature(vdev, VIRTIO_NET_F_HASH_REPORT)) vi->has_rss_hash_report = true; - if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) + if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) { vi->has_rss = true; - if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_indir_table_size = virtio_cread16(vdev, offsetof(struct virtio_net_config, rss_max_indirection_table_length)); + } + + if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_key_size = virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size)); -- 2.43.0

1 year, 5 months

3
2
0 0

[PATCH AUTOSEL 4.19 1/5] scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit bb011631435c705cdeddca68d5c85fd40a4320f9 ] Typically when an out of resource CQE status is detected, the lpfc_ramp_down_queue_handler() logic is called to help reduce I/O load by reducing an sdev's queue_depth. However, the current lpfc_rampdown_queue_depth() logic does not help reduce queue_depth. num_cmd_success is never updated and is always zero, which means new_queue_depth will always be set to sdev->queue_depth. So, new_queue_depth = sdev->queue_depth - new_queue_depth always sets new_queue_depth to zero. And, scsi_change_queue_depth(sdev, 0) is essentially a no-op. Change the lpfc_ramp_down_queue_handler() logic to set new_queue_depth equal to sdev->queue_depth subtracted from number of times num_rsrc_err was incremented. If num_rsrc_err is >= sdev->queue_depth, then set new_queue_depth equal to 1. Eventually, the frequency of Good_Status frames will signal SCSI upper layer to auto increase the queue_depth back to the driver default of 64 via scsi_handle_queue_ramp_up(). Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-5-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 ++++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index 53b661793268f..5698928d8029c 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -989,7 +989,6 @@ struct lpfc_hba { unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 atomic_t num_rsrc_err; - atomic_t num_cmd_success; unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; #ifdef CONFIG_SCSI_LPFC_DEBUG_FS diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index 425b83618a2e5..02d067e1fc45c 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -303,11 +303,10 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) struct Scsi_Host *shost; struct scsi_device *sdev; unsigned long new_queue_depth; - unsigned long num_rsrc_err, num_cmd_success; + unsigned long num_rsrc_err; int i; num_rsrc_err = atomic_read(&phba->num_rsrc_err); - num_cmd_success = atomic_read(&phba->num_cmd_success); /* * The error and success command counters are global per @@ -322,20 +321,16 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { shost = lpfc_shost_from_vport(vports[i]); shost_for_each_device(sdev, shost) { - new_queue_depth = - sdev->queue_depth * num_rsrc_err / - (num_rsrc_err + num_cmd_success); - if (!new_queue_depth) - new_queue_depth = sdev->queue_depth - 1; + if (num_rsrc_err >= sdev->queue_depth) + new_queue_depth = 1; else new_queue_depth = sdev->queue_depth - - new_queue_depth; + num_rsrc_err; scsi_change_queue_depth(sdev, new_queue_depth); } } lpfc_destroy_vport_work_array(phba, vports); atomic_set(&phba->num_rsrc_err, 0); - atomic_set(&phba->num_cmd_success, 0); } /** -- 2.43.0

1 year, 5 months

1
4
0 0

[PATCH AUTOSEL 5.4 1/6] scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit bb011631435c705cdeddca68d5c85fd40a4320f9 ] Typically when an out of resource CQE status is detected, the lpfc_ramp_down_queue_handler() logic is called to help reduce I/O load by reducing an sdev's queue_depth. However, the current lpfc_rampdown_queue_depth() logic does not help reduce queue_depth. num_cmd_success is never updated and is always zero, which means new_queue_depth will always be set to sdev->queue_depth. So, new_queue_depth = sdev->queue_depth - new_queue_depth always sets new_queue_depth to zero. And, scsi_change_queue_depth(sdev, 0) is essentially a no-op. Change the lpfc_ramp_down_queue_handler() logic to set new_queue_depth equal to sdev->queue_depth subtracted from number of times num_rsrc_err was incremented. If num_rsrc_err is >= sdev->queue_depth, then set new_queue_depth equal to 1. Eventually, the frequency of Good_Status frames will signal SCSI upper layer to auto increase the queue_depth back to the driver default of 64 via scsi_handle_queue_ramp_up(). Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-5-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 ++++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index 7ce0d94cdc018..98ab07c3774ed 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -1039,7 +1039,6 @@ struct lpfc_hba { unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 atomic_t num_rsrc_err; - atomic_t num_cmd_success; unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; #ifdef CONFIG_SCSI_LPFC_DEBUG_FS diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index 816235ccd2992..f238e0f41f07c 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -246,11 +246,10 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) struct Scsi_Host *shost; struct scsi_device *sdev; unsigned long new_queue_depth; - unsigned long num_rsrc_err, num_cmd_success; + unsigned long num_rsrc_err; int i; num_rsrc_err = atomic_read(&phba->num_rsrc_err); - num_cmd_success = atomic_read(&phba->num_cmd_success); /* * The error and success command counters are global per @@ -265,20 +264,16 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { shost = lpfc_shost_from_vport(vports[i]); shost_for_each_device(sdev, shost) { - new_queue_depth = - sdev->queue_depth * num_rsrc_err / - (num_rsrc_err + num_cmd_success); - if (!new_queue_depth) - new_queue_depth = sdev->queue_depth - 1; + if (num_rsrc_err >= sdev->queue_depth) + new_queue_depth = 1; else new_queue_depth = sdev->queue_depth - - new_queue_depth; + num_rsrc_err; scsi_change_queue_depth(sdev, new_queue_depth); } } lpfc_destroy_vport_work_array(phba, vports); atomic_set(&phba->num_rsrc_err, 0); - atomic_set(&phba->num_cmd_success, 0); } /** -- 2.43.0

1 year, 5 months

1
5
0 0

[PATCH AUTOSEL 5.10 1/7] scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit bb011631435c705cdeddca68d5c85fd40a4320f9 ] Typically when an out of resource CQE status is detected, the lpfc_ramp_down_queue_handler() logic is called to help reduce I/O load by reducing an sdev's queue_depth. However, the current lpfc_rampdown_queue_depth() logic does not help reduce queue_depth. num_cmd_success is never updated and is always zero, which means new_queue_depth will always be set to sdev->queue_depth. So, new_queue_depth = sdev->queue_depth - new_queue_depth always sets new_queue_depth to zero. And, scsi_change_queue_depth(sdev, 0) is essentially a no-op. Change the lpfc_ramp_down_queue_handler() logic to set new_queue_depth equal to sdev->queue_depth subtracted from number of times num_rsrc_err was incremented. If num_rsrc_err is >= sdev->queue_depth, then set new_queue_depth equal to 1. Eventually, the frequency of Good_Status frames will signal SCSI upper layer to auto increase the queue_depth back to the driver default of 64 via scsi_handle_queue_ramp_up(). Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-5-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 ++++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index cf69f831a7253..8f1b5b0ee8cd8 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -1065,7 +1065,6 @@ struct lpfc_hba { unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 atomic_t num_rsrc_err; - atomic_t num_cmd_success; unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; #ifdef CONFIG_SCSI_LPFC_DEBUG_FS diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index b4b87e5d8b291..2121534838747 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -246,11 +246,10 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) struct Scsi_Host *shost; struct scsi_device *sdev; unsigned long new_queue_depth; - unsigned long num_rsrc_err, num_cmd_success; + unsigned long num_rsrc_err; int i; num_rsrc_err = atomic_read(&phba->num_rsrc_err); - num_cmd_success = atomic_read(&phba->num_cmd_success); /* * The error and success command counters are global per @@ -265,20 +264,16 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { shost = lpfc_shost_from_vport(vports[i]); shost_for_each_device(sdev, shost) { - new_queue_depth = - sdev->queue_depth * num_rsrc_err / - (num_rsrc_err + num_cmd_success); - if (!new_queue_depth) - new_queue_depth = sdev->queue_depth - 1; + if (num_rsrc_err >= sdev->queue_depth) + new_queue_depth = 1; else new_queue_depth = sdev->queue_depth - - new_queue_depth; + num_rsrc_err; scsi_change_queue_depth(sdev, new_queue_depth); } } lpfc_destroy_vport_work_array(phba, vports); atomic_set(&phba->num_rsrc_err, 0); - atomic_set(&phba->num_cmd_success, 0); } /** -- 2.43.0

1 year, 5 months

1
6
0 0

[PATCH AUTOSEL 5.15 01/10] scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c ] There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rport object. This sometimes causes the race condition where the final DA_ID and LOGO are skipped from being sent to the fabric switch. Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID and LOGO are sent. Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-3-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc_vport.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c index da9a1f72d9383..b1071226e27fb 100644 --- a/drivers/scsi/lpfc/lpfc_vport.c +++ b/drivers/scsi/lpfc/lpfc_vport.c @@ -651,10 +651,6 @@ lpfc_vport_delete(struct fc_vport *fc_vport) lpfc_free_sysfs_attr(vport); lpfc_debugfs_terminate(vport); - /* Remove FC host to break driver binding. */ - fc_remove_host(shost); - scsi_remove_host(shost); - /* Send the DA_ID and Fabric LOGO to cleanup Nameserver entries. */ ndlp = lpfc_findnode_did(vport, Fabric_DID); if (!ndlp) @@ -700,6 +696,10 @@ lpfc_vport_delete(struct fc_vport *fc_vport) skip_logo: + /* Remove FC host to break driver binding. */ + fc_remove_host(shost); + scsi_remove_host(shost); + lpfc_cleanup(vport); /* Remove scsi host now. The nodes are cleaned up. */ -- 2.43.0

1 year, 5 months

1
9
0 0

[PATCH AUTOSEL 6.1 01/13] scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c ] There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rport object. This sometimes causes the race condition where the final DA_ID and LOGO are skipped from being sent to the fabric switch. Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID and LOGO are sent. Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-3-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc_vport.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c index 4d171f5c213f7..6b4259894584f 100644 --- a/drivers/scsi/lpfc/lpfc_vport.c +++ b/drivers/scsi/lpfc/lpfc_vport.c @@ -693,10 +693,6 @@ lpfc_vport_delete(struct fc_vport *fc_vport) lpfc_free_sysfs_attr(vport); lpfc_debugfs_terminate(vport); - /* Remove FC host to break driver binding. */ - fc_remove_host(shost); - scsi_remove_host(shost); - /* Send the DA_ID and Fabric LOGO to cleanup Nameserver entries. */ ndlp = lpfc_findnode_did(vport, Fabric_DID); if (!ndlp) @@ -740,6 +736,10 @@ lpfc_vport_delete(struct fc_vport *fc_vport) skip_logo: + /* Remove FC host to break driver binding. */ + fc_remove_host(shost); + scsi_remove_host(shost); + lpfc_cleanup(vport); /* Remove scsi host now. The nodes are cleaned up. */ -- 2.43.0

1 year, 5 months

1
12
0 0

[PATCH AUTOSEL 6.6 01/22] scsi: ufs: core: Fix MCQ MAC configuration

by Sasha Levin

From: Rohit Ner <rohitner(a)google.com> [ Upstream commit 767712f91de76abd22a45184e6e3440120b8bfce ] As per JEDEC Standard No. 223E Section 5.9.2, the max # active commands value programmed by the host sw in MCQConfig.MAC should be one less than the actual value. Signed-off-by: Rohit Ner <rohitner(a)google.com> Link: https://lore.kernel.org/r/20240220095637.2900067-1-rohitner@google.com Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Can Guo <quic_cang(a)quicinc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ufs/core/ufs-mcq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 0787456c2b892..c873fd8239427 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -94,7 +94,7 @@ void ufshcd_mcq_config_mac(struct ufs_hba *hba, u32 max_active_cmds) val = ufshcd_readl(hba, REG_UFS_MCQ_CFG); val &= ~MCQ_CFG_MAC_MASK; - val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds); + val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds - 1); ufshcd_writel(hba, val, REG_UFS_MCQ_CFG); } EXPORT_SYMBOL_GPL(ufshcd_mcq_config_mac); -- 2.43.0

1 year, 5 months

1
21
0 0

[PATCH AUTOSEL 6.8 01/25] scsi: ufs: core: Fix MCQ MAC configuration

by Sasha Levin

From: Rohit Ner <rohitner(a)google.com> [ Upstream commit 767712f91de76abd22a45184e6e3440120b8bfce ] As per JEDEC Standard No. 223E Section 5.9.2, the max # active commands value programmed by the host sw in MCQConfig.MAC should be one less than the actual value. Signed-off-by: Rohit Ner <rohitner(a)google.com> Link: https://lore.kernel.org/r/20240220095637.2900067-1-rohitner@google.com Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Can Guo <quic_cang(a)quicinc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ufs/core/ufs-mcq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 0787456c2b892..c873fd8239427 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -94,7 +94,7 @@ void ufshcd_mcq_config_mac(struct ufs_hba *hba, u32 max_active_cmds) val = ufshcd_readl(hba, REG_UFS_MCQ_CFG); val &= ~MCQ_CFG_MAC_MASK; - val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds); + val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds - 1); ufshcd_writel(hba, val, REG_UFS_MCQ_CFG); } EXPORT_SYMBOL_GPL(ufshcd_mcq_config_mac); -- 2.43.0

1 year, 5 months

1
24
0 0

Regression in kernel 6.8.2 fails in various ways (USB, BT, ...)

by Norbert Preining

Hi all (please cc) I am running Arch Linux on a Lenovo X1 Carbon Gen 10. Tests are made with uptodate system, and besides the kernel no difference. The kernels are as distributed by Arch, but if necessary I can compile locally. Arch Linux kernel 6.8.1 works without any problems. Upgrading to 6.8.2 breaks a lot of things: * Plugging in my Yubikey C does not trigger any reaction (as a consequence scdaemon hangs) * sending of bluetooth firmware data fails with Oops (see below) * shutdown hangs and does not turn off the computer I can repeat this behaviour on every reboot into 6.8.2. I have dmesg/journalctl -b for both kernels collected, if required, I can send them. I checked the diffs but nothing really did stand out. Yubikey plugin: On 6.8.1 when I plug in the yubikey it lights up, and in the logs I see: [ 370.767739] usb 3-1: new full-speed USB device number 5 using xhci_hcd [ 370.910392] usb 3-1: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.43 [ 370.910403] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 370.910407] usb 3-1: Product: YubiKey OTP+FIDO+CCID [ 370.910409] usb 3-1: Manufacturer: Yubico [ 371.497496] input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0/0003:1050:0407.0005/input/input21 [ 371.555342] hid-generic 0003:1050:0407.0005: input,hidraw4: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1/input0 [ 371.557021] hid-generic 0003:1050:0407.0006: hiddev96,hidraw5: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1/input1 [ 371.557145] usbcore: registered new interface driver usbhid [ 371.557151] usbhid: USB HID core driver On 6.8.2 not short blinking, and nothing in the logs. Bluetooth Ooops: 14.271713] usb usb3-port10: disabled by hub (EMI?), re-enabling... [ 14.271725] usb 3-10: USB disconnect, device number 4 [ 14.271893] Bluetooth: hci0: Failed to send firmware data (-19) [ 14.271953] Bluetooth: hci0: sending frame failed (-19) [ 14.271976] Bluetooth: hci0: Intel reset sent to retry FW download [ 14.427765] Bluetooth: hci0: sending frame failed (-19) [ 14.427811] BUG: kernel NULL pointer dereference, address: 0000000000000070 [ 14.427814] #PF: supervisor read access in kernel mode [ 14.427815] #PF: error_code(0x0000) - not-present page [ 14.427816] PGD 0 P4D 0 [ 14.427819] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 14.427820] CPU: 0 PID: 198 Comm: kworker/u41:0 Tainted: G OE 6.8.2-arch2-1 #1 a430fb92f7ba43092b62bbe6bac995458d3d442d [ 14.427823] Hardware name: LENOVO 21CBCTO1WW/21CBCTO1WW, BIOS N3AET80W (1.45 ) 02/20/2024 [ 14.427824] Workqueue: hci0 hci_power_on [bluetooth] [ 14.427874] RIP: 0010:btintel_read_debug_features+0x4d/0xf0 [btintel] [ 14.427880] Code: 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 8d 4c 24 07 c6 44 24 07 01 e8 de a9 ef ff 48 89 c3 48 3d 00 f0 ff ff 77 49 <83> 78 70 13 75 67 48 8b 80 d0 00 00 00 be 02 00 00 00 48 89 df 48 [ 14.427881] RSP: 0018:ffffb7ba80aa3cc0 EFLAGS: 00010207 [ 14.427882] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff965ac0ddaab0 [ 14.427884] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff965ac0ddaaa8 [ 14.427884] RBP: ffffb7ba80aa3cf0 R08: ffff965ac0ddaab0 R09: 0000000000000000 [ 14.427885] R10: 0000000000000001 R11: 0000000000000100 R12: ffff965ac0dda000 [ 14.427886] R13: ffff965a84746900 R14: ffff965a8208ca05 R15: ffff965ac0dda6d0 [ 14.427887] FS: 0000000000000000(0000) GS:ffff9661bf400000(0000) knlGS:0000000000000000 [ 14.427888] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 14.427889] CR2: 0000000000000070 CR3: 00000002bb620000 CR4: 0000000000f50ef0 [ 14.427889] PKRU: 55555554 [ 14.427890] Call Trace: [ 14.427891] <TASK> [ 14.427893] ? __die+0x23/0x70 [ 14.427898] ? page_fault_oops+0x171/0x4e0 [ 14.427901] ? __timer_delete_sync+0x7d/0xe0 [ 14.427905] ? exc_page_fault+0x7f/0x180 [ 14.427908] ? asm_exc_page_fault+0x26/0x30 [ 14.427912] ? btintel_read_debug_features+0x4d/0xf0 [btintel 6735e787c9ed982ceaa471c7ab364a390a1acb37] [ 14.427916] btintel_register_devcoredump_support.isra.0+0x3e/0x110 [btintel 6735e787c9ed982ceaa471c7ab364a390a1acb37] [ 14.427921] btintel_setup_combined+0x503/0x790 [btintel 6735e787c9ed982ceaa471c7ab364a390a1acb37] [ 14.427925] hci_dev_open_sync+0x102/0xc20 [bluetooth 81a2e5f6c3a85f38dade670bfe91d861a9119613] [ 14.427953] ? __schedule+0x3ee/0x1520 [ 14.427956] hci_dev_do_open+0x23/0x60 [bluetooth 81a2e5f6c3a85f38dade670bfe91d861a9119613] [ 14.427975] hci_power_on+0x51/0x260 [bluetooth 81a2e5f6c3a85f38dade670bfe91d861a9119613] [ 14.427994] process_one_work+0x183/0x370 [ 14.427998] worker_thread+0x3ab/0x4f0 [ 14.428000] ? __pfx_worker_thread+0x10/0x10 [ 14.428001] kthread+0xe5/0x120 [ 14.428005] ? __pfx_kthread+0x10/0x10 [ 14.428006] ret_from_fork+0x31/0x50 [ 14.428009] ? __pfx_kthread+0x10/0x10 [ 14.428011] ret_from_fork_asm+0x1b/0x30 [ 14.428014] </TASK> [ 14.428015] Modules linked in: nf_tables bnep tun btusb btrtl btintel btbcm btmtk bluetooth gpio_ljca i2c_ljca ecdh_generic hid_sensor_custom_intel_hinge hid_sensor_trigger industrialio_triggered_buffer kfifo_buf hid_sensor_iio_common industrialio hid_sensor_custom hid_sensor_hub intel_ishtp_hid joydev vfat fat ext4 crc16 mbcache jbd2 snd_ctl_led snd_soc_skl_hda_dsp snd_soc_hdac_hdmi snd_soc_intel_hda_dsp_common snd_sof_probes hid_multitouch hid_generic mousedev snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match intel_uncore_frequency intel_uncore_frequency_common snd_soc_acpi intel_tcc_cooling iwlmvm soundwire_generic_allocation soundwire_bus x86_pkg_temp_thermal intel_powerclamp snd_soc_core mac80211 coretemp snd_compress ac97_bus snd_pcm_dmaengine kvm_intel [ 14.428048] snd_hda_intel libarc4 ptp snd_intel_dspcfg pps_core snd_intel_sdw_acpi snd_hda_codec processor_thermal_device_pci kvm processor_thermal_device processor_thermal_wt_hint snd_hda_core processor_thermal_rfim iwlwifi iTCO_wdt irqbypass intel_rapl_msr processor_thermal_rapl mei_pxp snd_hwdep ucsi_acpi mei_hdcp mei_wdt rapl intel_rapl_common intel_pmc_bxt typec_ucsi iTCO_vendor_support intel_lpss_pci intel_cstate thinkpad_acpi mei_me think_lmi snd_pcm spi_nor processor_thermal_wt_req intel_ish_ipc typec ntfs3 i2c_i801 intel_lpss nxp_nci_i2c ledtrig_audio processor_thermal_power_floor cfg80211 wmi_bmof intel_uncore psmouse pcspkr firmware_attributes_class mtd thunderbolt mei snd_timer idma64 intel_ishtp i2c_smbus ov2740 roles platform_profile igen6_edac processor_thermal_mbox nxp_nci v4l2_fwnode nci snd intel_skl_int3472_tps68470 int3403_thermal v4l2_async intel_pmc_core soc_button_array tps68470_regulator nfc soundcore int340x_thermal_zone clk_tps68470 mei_vsc_hw rfkill videodev intel_vsec i2c_hid_acpi [ 14.428085] intel_hid int3400_thermal i2c_hid pmt_telemetry mc pinctrl_tigerlake sparse_keymap acpi_pad acpi_thermal_rel intel_skl_int3472_discrete acpi_tad pmt_class mac_hid i2c_dev corefreqk(OE) sg crypto_user fuse loop nfnetlink ip_tables x_tables btrfs blake2b_generic libcrc32c crc32c_generic xor raid6_pq dm_crypt cbc encrypted_keys trusted asn1_encoder tee dm_mod xe drm_ttm_helper gpu_sched drm_suballoc_helper drm_gpuvm drm_exec spi_ljca usb_ljca i915 crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 serio_raw sha256_ssse3 atkbd i2c_algo_bit sha1_ssse3 drm_buddy libps2 vivaldi_fmap aesni_intel ttm nvme intel_gtt crypto_simd nvme_core cryptd drm_display_helper video xhci_pci spi_intel_pci i8042 nvme_auth xhci_pci_renesas spi_intel cec serio wmi [ 14.428121] CR2: 0000000000000070 [ 14.428123] ---[ end trace 0000000000000000 ]--- [ 14.428124] RIP: 0010:btintel_read_debug_features+0x4d/0xf0 [btintel] [ 14.428128] Code: 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 8d 4c 24 07 c6 44 24 07 01 e8 de a9 ef ff 48 89 c3 48 3d 00 f0 ff ff 77 49 <83> 78 70 13 75 67 48 8b 80 d0 00 00 00 be 02 00 00 00 48 89 df 48 [ 14.428130] RSP: 0018:ffffb7ba80aa3cc0 EFLAGS: 00010207 [ 14.428131] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff965ac0ddaab0 [ 14.428131] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff965ac0ddaaa8 [ 14.428132] RBP: ffffb7ba80aa3cf0 R08: ffff965ac0ddaab0 R09: 0000000000000000 [ 14.428133] R10: 0000000000000001 R11: 0000000000000100 R12: ffff965ac0dda000 [ 14.428133] R13: ffff965a84746900 R14: ffff965a8208ca05 R15: ffff965ac0dda6d0 [ 14.428134] FS: 0000000000000000(0000) GS:ffff9661bf400000(0000) knlGS:0000000000000000 [ 14.428135] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 14.428136] CR2: 0000000000000070 CR3: 00000002bb620000 CR4: 0000000000f50ef0 [ 14.428137] PKRU: 55555554 [ 14.428137] note: kworker/u41:0[198] exited with irqs disabled [ 16.434794] Bluetooth: hci0: command 0xfc09 tx timeout Thanks for any suggestions and best regards (and please Cc) Norbert -- PREINING Norbert https://www.preining.info arXiv / Cornell University + IFMGA Guide + TU Wien + TeX Live GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

1 year, 5 months

4
10
0 0

Linux 6.8.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.4 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 include/linux/workqueue.h | 35 -- kernel/workqueue.c | 757 +++++++--------------------------------------- 3 files changed, 131 insertions(+), 663 deletions(-) Greg Kroah-Hartman (12): Revert "workqueue: Shorten events_freezable_power_efficient name" Revert "workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()" Revert "workqueue: Implement system-wide nr_active enforcement for unbound workqueues" Revert "workqueue: Introduce struct wq_node_nr_active" Revert "workqueue: RCU protect wq->dfl_pwq and implement accessors for it" Revert "workqueue: Make wq_adjust_max_active() round-robin pwqs while activating" Revert "workqueue: Move nr_active handling into helpers" Revert "workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()" Revert "workqueue: Factor out pwq_is_empty()" Revert "workqueue: Move pwq->max_active to wq->max_active" Revert "workqueue.c: Increase workqueue name length" Linux 6.8.4

1 year, 5 months

2
7
0 0

Re: Broken Domain Validation in 6.1.84+

by James Bottomley

[cc stable to see if they have any ideas about fixing this] On Sat, 2024-04-06 at 12:16 -0400, John David Anglin wrote: > On 2024-04-06 11:06 a.m., James Bottomley wrote: > > On Sat, 2024-04-06 at 10:30 -0400, John David Anglin wrote: > > > On 2024-04-05 3:36 p.m., Bart Van Assche wrote: > > > > On 4/4/24 13:07, John David Anglin wrote: > > > > > On 2024-04-04 12:32 p.m., Bart Van Assche wrote: > > > > > > Can you please help with verifying whether this kernel warn > > > > > > ing is only triggered by the 6.1 stable kernel series or > > > > > > whether it is also > > > > > > triggered by a vanilla kernel, e.g. kernel v6.8? That will > > > > > > tell us whether we > > > > > > need to review the upstream changes or the backp > > > > > > orts on the v6.1 branch. > > > > > Stable kernel v6.8.3 is okay. > > > > Would it be possible to bisect this issue on the linux-6.1.y > > > > branch? That probably will be faster than reviewing all > > > > backports > > > > of SCSI patches on that branch. > > > The warning triggers with v6.1.81. It doesn't trigger with > > > v6.1.80. > > It's this patch: > > > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… > > > > The specific problem being that the update to scsi_execute doesn't > > set the sense_len that the WARN_ON is checking. > > > > This isn't a problem in mainline because we've converted all uses > > of scsi_execute. Stable needs to either complete the conversion or > > back out the inital patch. This change depends on the above change: > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… > > Thus, more than just the initial patch needs to be backed out. OK, so the reason the bad patch got pulled in is because it's a precursor of this fixes tagged backport: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… Which is presumably the other patch you had to back out to fix the issue. The problem is that Mike's series updating and then removing scsi_execute() went into the tree as one series, so no-one notice the first patch had this bug because the buggy routine got removed at the end of the series. This also means there's nothing to fix and backport in upstream. The bug is also more widely spread than simply domain validation, because every use of scsi_execute in the current stable tree will trip this. I'm not sure what the best fix is. I can certainly come up with a one line fix for stable adding the missing length in the #define, but it can't come from upstream as stated above. We could back the two patches out then do a stable specific fix for the UAS problem (I don't think we can leave the UAS patch backed out because the problem was pretty serious). What does stable want to do? James

1 year, 5 months

2
1
0 0

[PATCH for 6.1.y] nvme: fix miss command type check

by Tokunori Ikegami

From: "min15.li" <min15.li(a)samsung.com> commit 31a5978243d24d77be4bacca56c78a0fbc43b00d upstream. In the function nvme_passthru_end(), only the value of the command opcode is checked, without checking the command type (IO command or Admin command). When we send a Dataset Management command (The opcode of the Dataset Management command is the same as the Set Feature command), kernel thinks it is a set feature command, then sets the controller's keep alive interval, and calls nvme_keep_alive_work(). Signed-off-by: min15.li <min15.li(a)samsung.com> Reviewed-by: Kanchan Joshi <joshi.k(a)samsung.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Fixes: b58da2d270db ("nvme: update keep alive interval when kato is modified") Signed-off-by: Tokunori Ikegami <ikegami.t(a)gmail.com> --- drivers/nvme/host/core.c | 4 +++- drivers/nvme/host/ioctl.c | 3 ++- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index d7516e99275b..20160683e868 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1151,7 +1151,7 @@ static u32 nvme_passthru_start(struct nvme_ctrl *ctrl, struct nvme_ns *ns, return effects; } -void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, +void nvme_passthru_end(struct nvme_ctrl *ctrl, struct nvme_ns *ns, u32 effects, struct nvme_command *cmd, int status) { if (effects & NVME_CMD_EFFECTS_CSE_MASK) { @@ -1167,6 +1167,8 @@ void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, nvme_queue_scan(ctrl); flush_work(&ctrl->scan_work); } + if (ns) + return; switch (cmd->common.opcode) { case nvme_admin_set_features: diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c index 91e6d0347579..b3e322e4ade3 100644 --- a/drivers/nvme/host/ioctl.c +++ b/drivers/nvme/host/ioctl.c @@ -147,6 +147,7 @@ static int nvme_submit_user_cmd(struct request_queue *q, unsigned bufflen, void __user *meta_buffer, unsigned meta_len, u32 meta_seed, u64 *result, unsigned timeout, bool vec) { + struct nvme_ns *ns = q->queuedata; struct nvme_ctrl *ctrl; struct request *req; void *meta = NULL; @@ -181,7 +182,7 @@ static int nvme_submit_user_cmd(struct request_queue *q, blk_mq_free_request(req); if (effects) - nvme_passthru_end(ctrl, effects, cmd, ret); + nvme_passthru_end(ctrl, ns, effects, cmd, ret); return ret; } diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h index a892d679e338..8e28d2de45c0 100644 --- a/drivers/nvme/host/nvme.h +++ b/drivers/nvme/host/nvme.h @@ -1063,7 +1063,7 @@ static inline void nvme_auth_free(struct nvme_ctrl *ctrl) {}; u32 nvme_command_effects(struct nvme_ctrl *ctrl, struct nvme_ns *ns, u8 opcode); int nvme_execute_passthru_rq(struct request *rq, u32 *effects); -void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, +void nvme_passthru_end(struct nvme_ctrl *ctrl, struct nvme_ns *ns, u32 effects, struct nvme_command *cmd, int status); struct nvme_ctrl *nvme_ctrl_from_file(struct file *file); struct nvme_ns *nvme_find_get_ns(struct nvme_ctrl *ctrl, unsigned nsid); diff --git a/drivers/nvme/target/passthru.c b/drivers/nvme/target/passthru.c index adc0958755d6..a0a292d49588 100644 --- a/drivers/nvme/target/passthru.c +++ b/drivers/nvme/target/passthru.c @@ -216,6 +216,7 @@ static void nvmet_passthru_execute_cmd_work(struct work_struct *w) struct nvmet_req *req = container_of(w, struct nvmet_req, p.work); struct request *rq = req->p.rq; struct nvme_ctrl *ctrl = nvme_req(rq)->ctrl; + struct nvme_ns *ns = rq->q->queuedata; u32 effects; int status; @@ -242,7 +243,7 @@ static void nvmet_passthru_execute_cmd_work(struct work_struct *w) blk_mq_free_request(rq); if (effects) - nvme_passthru_end(ctrl, effects, req->cmd, status); + nvme_passthru_end(ctrl, ns, effects, req->cmd, status); } static enum rq_end_io_ret nvmet_passthru_req_done(struct request *rq, -- 2.40.1

1 year, 5 months

1
0
0 0

[PATCH v2 0/1] cifs: Convert struct fealist away from 1-element array

by Vitaly Chikunov

Backport of the mainline fix to the kernel panic when Wine is run over CIFS share. This is intended for linux-6.1.y tree. Please apply. Bug and testing details: Jan 24 15:15:20 kalt2test.dpt.local kernel: detected buffer overflow in strncpy Jan 24 15:15:20 kalt2test.dpt.local kernel: ------------[ cut here ]------------ Jan 24 15:15:20 kalt2test.dpt.local kernel: kernel BUG at lib/string_helpers.c:1027! Jan 24 15:15:20 kalt2test.dpt.local kernel: invalid opcode: 0000 [#1] PREEMPT SMP PTI Jan 24 15:15:20 kalt2test.dpt.local kernel: CPU: 1 PID: 4532 Comm: vr402352.res Tainted: G OE 6.1.73-un-def-alt1 #1 Jan 24 15:15:20 kalt2test.dpt.local kernel: Hardware name: Gigabyte Technology Co., Ltd. B360M-D3H/B360M D3H-CF, BIOS F12 03/14/2019 Jan 24 15:15:20 kalt2test.dpt.local kernel: RIP: 0010:fortify_panic+0xf/0x11 ... Jan 24 15:15:20 kalt2test.dpt.local kernel: Call Trace: Jan 24 15:15:20 kalt2test.dpt.local kernel: <TASK> Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __die_body.cold+0x1a/0x1f Jan 24 15:15:20 kalt2test.dpt.local kernel: ? die+0x2b/0x50 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? do_trap+0xcf/0x120 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? do_error_trap+0x83/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? exc_invalid_op+0x4e/0x70 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? asm_exc_invalid_op+0x16/0x20 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11 Jan 24 15:15:20 kalt2test.dpt.local kernel: CIFSSMBSetEA.cold+0xc/0x18 [cifs] Jan 24 15:15:20 kalt2test.dpt.local kernel: cifs_xattr_set+0x596/0x690 [cifs] Jan 24 15:15:20 kalt2test.dpt.local kernel: ? evm_protected_xattr_common+0x41/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: __vfs_removexattr+0x52/0x70 Jan 24 15:15:20 kalt2test.dpt.local kernel: __vfs_removexattr_locked+0xbc/0x150 Jan 24 15:15:20 kalt2test.dpt.local kernel: vfs_removexattr+0x56/0x100 Jan 24 15:15:20 kalt2test.dpt.local kernel: removexattr+0x58/0x90 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? ct_kernel_exit.constprop.0+0x6b/0x80 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_enter+0x5a/0xd0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? syscall_exit_to_user_mode+0x31/0x50 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? int80_emulation+0xb9/0x110 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? ct_kernel_exit.constprop.0+0x6b/0x80 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_enter+0x5a/0xd0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __fget_light.part.0+0x83/0xd0 Jan 24 15:15:20 kalt2test.dpt.local kernel: __ia32_sys_fremovexattr+0x80/0xa0 Jan 24 15:15:20 kalt2test.dpt.local kernel: int80_emulation+0xa9/0x110 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? vtime_user_exit+0x1c/0x70 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_exit+0x6c/0xc0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? int80_emulation+0x1b/0x110 Jan 24 15:15:20 kalt2test.dpt.local kernel: asm_int80_emulation+0x16/0x20 Jan 24 15:15:20 kalt2test.dpt.local kernel: RIP: 0023:0xf7e3b9b1 This backport is a simple cherry-pick of mainline commit 398d5843c032 ("cifs: Convert struct fealist away from 1-element array"). Build and runtime tested to fix the problem. Downstream bug report and test report: https://bugzilla.altlinux.org/49177 Difference from v0: - No changes, only a cover letter is added with bug details. Kees Cook (1): cifs: Convert struct fealist away from 1-element array fs/smb/client/cifspdu.h | 4 ++-- fs/smb/client/cifssmb.c | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) -- 2.42.1

1 year, 5 months

1
1
0 0

[OOPS][STABLE] NULL pointer dereferenced with Linux 6.8.4

by Chris Rankin

Hi, Just noticed this OOPS in my vanilla 6.8.4 kernel dmesg log. The USB device here is an optical drive, although oddly I wasn't unplugging it at the time. I was actually remounting it as a different user: $ udisksctl unmount -b /dev/sr1 <SWITCH USER> $ udisksctl mount -b /dev/sr1 [ 7737.972588] usb 2-4: USB disconnect, device number 3 [ 7743.332135] BUG: kernel NULL pointer dereference, address: 0000000000000370 [ 7743.337805] #PF: supervisor write access in kernel mode [ 7743.341730] #PF: error_code(0x0002) - not-present page [ 7743.345569] PGD 0 P4D 0 [ 7743.346830] Oops: 0002 [#1] PREEMPT SMP PTI [ 7743.349711] CPU: 4 PID: 27870 Comm: kworker/4:0 Tainted: G I 6.8.4 #1 [ 7743.356237] Hardware name: Gigabyte Technology Co., Ltd. EX58-UD3R/EX58-UD3R, BIOS FB 05/04/2009 [ 7743.363830] Workqueue: events sg_remove_sfp_usercontext [sg] [ 7743.368196] RIP: 0010:mutex_lock+0x1e/0x2e [ 7743.370997] Code: 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 51 48 89 3c 24 2e 2e 2e 31 c0 31 c0 48 8b 3c 24 65 48 8b 14 25 40 c2 02 00 <f0> 48 0f b1 17 74 03 5a eb b9 58 c3 cc cc cc cc 90 90 90 90 90 90 [ 7743.388443] RSP: 0018:ffffc90004667e00 EFLAGS: 00010246 [ 7743.392368] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000810000d2 [ 7743.398201] RDX: ffff88805bf30e40 RSI: ffffffffa1bbd20d RDI: 0000000000000370 [ 7743.404034] RBP: 0000000000000370 R08: ffff8881144e2d70 R09: 00000000810000d2 [ 7743.409867] R10: 000000000000023e R11: 000000000000023e R12: ffff8881424039c0 [ 7743.415698] R13: dead000000000100 R14: ffff88826223a000 R15: ffff88826223a030 [ 7743.421522] FS: 0000000000000000(0000) GS:ffff888343d00000(0000) knlGS:0000000000000000 [ 7743.428308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7743.432745] CR2: 0000000000000370 CR3: 000000000221a000 CR4: 00000000000006f0 [ 7743.438570] Call Trace: [ 7743.439715] <TASK> [ 7743.440513] ? __die_body+0x1a/0x5c [ 7743.442707] ? page_fault_oops+0x32a/0x377 [ 7743.445504] ? fixup_exception+0x22/0x250 [ 7743.448217] ? exc_page_fault+0x105/0x117 [ 7743.450928] ? asm_exc_page_fault+0x22/0x30 [ 7743.453850] ? __pfx_sg_device_destroy+0x10/0x10 [sg] [ 7743.457602] ? mutex_lock+0x1e/0x2e [ 7743.459839] blk_trace_remove+0x15/0x35 [ 7743.462378] sg_device_destroy+0x1d/0x60 [sg] [ 7743.465438] sg_remove_sfp_usercontext+0xd2/0xe9 [sg] [ 7743.469190] process_scheduled_works+0x198/0x296 [ 7743.472510] worker_thread+0x1c6/0x220 [ 7743.474962] ? __pfx_worker_thread+0x10/0x10 [ 7743.477934] kthread+0xf7/0xff [ 7743.479694] ? __pfx_kthread+0x10/0x10 [ 7743.482146] ret_from_fork+0x24/0x36 [ 7743.484425] ? __pfx_kthread+0x10/0x10 [ 7743.486877] ret_from_fork_asm+0x1b/0x30 [ 7743.489506] </TASK> [ 7743.490397] Modules linked in: udf usb_storage sg algif_hash af_alg snd_seq_dummy rpcrdma rdma_cm iw_cm ib_cm ib_core nf_nat_ftp nf_conntrack_ftp cfg80211 af_packet nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables bnep it87 hwmon_vid binfmt_misc snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel uvcvideo intel_powerclamp btusb btintel snd_usb_audio snd_intel_dspcfg coretemp btbcm uvc snd_hda_codec videobuf2_vmalloc kvm_intel snd_virtuoso bluetooth videobuf2_memops snd_oxygen_lib videobuf2_v4l2 snd_hda_core snd_usbmidi_lib videodev snd_mpu401_uart kvm videobuf2_common [ 7743.490474] snd_hwdep snd_rawmidi mc snd_seq ecdh_generic input_leds led_class joydev snd_seq_device snd_pcm rfkill ecc r8169 pktcdvd irqbypass gpio_ich realtek iTCO_wdt intel_cstate snd_hrtimer mdio_devres snd_timer libphy intel_uncore i2c_i801 snd pcspkr psmouse i2c_smbus acpi_cpufreq mxm_wmi soundcore lpc_ich i7core_edac tiny_power_button button nfsd auth_rpcgss nfs_acl lockd grace dm_mod sunrpc fuse configfs loop dax zram zsmalloc ext4 crc32c_generic crc16 mbcache jbd2 amdgpu video amdxcp i2c_algo_bit mfd_core drm_ttm_helper ttm drm_exec gpu_sched sr_mod drm_suballoc_helper drm_buddy drm_display_helper cdrom sd_mod hid_microsoft usbhid drm_kms_helper ahci libahci pata_jmicron drm libata uhci_hcd xhci_pci ehci_pci ehci_hcd scsi_mod xhci_hcd usbcore drm_panel_orientation_quirks cec firewire_ohci crc32c_intel sha512_ssse3 rc_core sha256_ssse3 serio_raw firewire_core sha1_ssse3 usb_common bsg crc_itu_t scsi_common wmi msr [ 7743.659267] CR2: 0000000000000370 [ 7743.661287] ---[ end trace 0000000000000000 ]--- [ 7743.664605] RIP: 0010:mutex_lock+0x1e/0x2e [ 7743.667406] Code: 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 51 48 89 3c 24 2e 2e 2e 31 c0 31 c0 48 8b 3c 24 65 48 8b 14 25 40 c2 02 00 <f0> 48 0f b1 17 74 03 5a eb b9 58 c3 cc cc cc cc 90 90 90 90 90 90 [ 7743.684850] RSP: 0018:ffffc90004667e00 EFLAGS: 00010246 [ 7743.688767] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000810000d2 [ 7743.694592] RDX: ffff88805bf30e40 RSI: ffffffffa1bbd20d RDI: 0000000000000370 [ 7743.700415] RBP: 0000000000000370 R08: ffff8881144e2d70 R09: 00000000810000d2 [ 7743.706239] R10: 000000000000023e R11: 000000000000023e R12: ffff8881424039c0 [ 7743.712064] R13: dead000000000100 R14: ffff88826223a000 R15: ffff88826223a030 [ 7743.717897] FS: 0000000000000000(0000) GS:ffff888343d00000(0000) knlGS:0000000000000000 [ 7743.724684] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7743.729129] CR2: 0000000000000370 CR3: 000000000221a000 CR4: 00000000000006f0 [ 7743.734961] note: kworker/4:0[27870] exited with irqs disabled

1 year, 5 months

1
0
0 0

[PATCH 6.8 000/715] 6.8.2-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 6.8.2 release. There are 715 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Mar 26 10:34:31 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Abel Vesa (3): arm64: dts: qcom: x1e80100-qcp: Fix supplies for LDOs 3E and 2J arm64: dts: qcom: sm8550: Fix SPMI channels size arm64: dts: qcom: sm8650: Fix SPMI channels size Abhinav Kumar (1): drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN Adam Butcher (1): spi: spi-imx: fix off-by-one in mx51 CPU mode burst length Adam Guerin (4): crypto: qat - remove unused macros in qat_comp_alg.c crypto: qat - removed unused macro in adf_cnv_dbgfs.c crypto: qat - avoid division by zero crypto: qat - remove double initialization of value Adam Skladowski (1): dt-bindings: msm: qcom, mdss: Include ommited fam-b compatible Ajay Singh (2): wifi: wilc1000: do not realloc workqueue everytime an interface is added wifi: wilc1000: fix multi-vif management when deleting a vif Alex Bee (1): drm/rockchip: inno_hdmi: Fix video timing Alexander Stein (2): media: tc358743: register v4l2 async device only after successful setup media: i2c: imx290: Fix IMX920 typo Alexander Sverdlin (1): spi: lpspi: Avoid potential use-after-free in probe() Alexandre Ghiti (1): riscv: Fix compilation error with FAST_GUP and rv32 Alexey I. Froloff (1): ACPI: resource: Do IRQ override on Lunnen Ground laptops Alexey Kodanev (1): RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() Alexis Lothoré (4): wifi: wilc1000: fix declarations ordering wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wifi: wilc1000: revert reset line logic flip Amir Goldstein (1): ovl: relax WARN_ON in ovl_verify_area() Anastasia Belova (1): cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value Andre Przywara (1): firmware: arm_scmi: Fix double free in SMC transport cleanup path Andrejs Cainikovs (1): arm64: dts: ti: k3-am62-main: disable usb lpm Andrew Davis (1): arm64: dts: ti: k3-j721e: Fix mux-reg-masks in hbmc_mux Andrey Grafin (2): libbpf: Apply map_set_def_max_entries() for inner_maps on creation selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values Andrey Skvortsov (2): Bluetooth: hci_h5: Add ability to allocate memory for private data Bluetooth: btrtl: fix out of bounds memory access Andrii Nakryiko (10): libbpf: Fix faccessat() usage on Android libbpf: fix __arg_ctx type enforcement for perf_event programs libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API libbpf: Add bpf_token_create() API libbpf: Add btf__new_split() API that was declared but not implemented libbpf: Add missed btf_ext__raw_data() API bpf: make sure scalar args don't accept __arg_nonnull tag bpf: don't emit warnings intended for global subprogs for static subprogs libbpf: fix return value for PERF_EVENT __arg_ctx type fix up check bpf: don't infer PTR_TO_CTX for programs with unnamed context type Andrzej Pietrasiewicz (1): media: videobuf2: Add missing doc comment for waiting_in_dqbuf Andy Shevchenko (2): backlight: hx8357: Fix potential NULL pointer dereference serial: 8250_exar: Don't remove GPIO device on suspend AngeloGioacchino Del Regno (1): drm/mediatek: dsi: Fix DSI RGB666 formats and definitions Antoniu Miclaus (1): rtc: max31335: fix interrupt status reg Anup Patel (1): RISC-V: KVM: Forward SEED CSR access to user space Ard Biesheuvel (3): x86/sme: Fix memory encryption setting if enabled by default and not overridden x86/efistub: Clear decompressor BSS in native EFI entrypoint x86/efistub: Don't clear BSS twice in mixed mode Armin Wolf (2): ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() platform/x86/amd/pmf: Do not use readl() for policy buffer access Arnaldo Carvalho de Melo (1): perf bpf: Clean up the generated/copied vmlinux.h Arnaud Pouliquen (2): remoteproc: stm32: Fix incorrect type in assignment for va remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef Arnd Bergmann (12): fs/select: rework stack allocation hack for clang cpufreq: qcom-hw: add CONFIG_COMMON_CLK dependency wifi: brcmsmac: avoid function pointer casts crypto: qat - avoid memcpy() overflow warning media: pvrusb2: fix pvr2_stream_callback casts crypto: arm/sha - fix function cast warnings mtd: rawnand: lpc32xx_mlc: fix irq handler prototype media: dvb-frontends: avoid stack overflow warnings with clang media: mediatek: vcodec: avoid -Wcast-function-type-strict warning scsi: csiostor: Avoid function pointer casts scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn soc: fsl: dpio: fix kcalloc() argument order Artem Savkov (1): selftests/bpf: Fix potential premature unload in bpf_testmod Arthur Grillo (1): drm: Fix drm_fixp2int_round() making it add 0.5 Arınç ÜNAL (3): net: dsa: mt7530: prevent possible incorrect XTAL frequency selection net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports net: dsa: mt7530: fix handling of all link-local frames Asad Kamal (1): drm/amd/pm: Fix esm reg mask use to get pcie speed Athaariq Ardhiansyah (1): ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops Audra Mitchell (1): workqueue.c: Increase workqueue name length Babu Moger (2): x86/resctrl: Remove hard-coded memory bandwidth limit x86/resctrl: Read supported bandwidth sources from CPUID Baochen Qiang (2): wifi: ath11k: fix a possible dead lock caused by ab->base_lock wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use Baokun Li (1): erofs: fix lockdep false positives on initializing erofs_pseudo_mnt Bart Van Assche (1): fs: Fix rw_hint validation Bartosz Golaszewski (1): Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional() Baruch Siach (1): mtd: maps: physmap-core: fix flash size larger than 32-bit Basavaraj Natikar (2): HID: amd_sfh: Update HPD sensor structure elements HID: amd_sfh: Avoid disabling the interrupt Ben Wolsieffer (1): watchdog: stm32_iwdg: initialize default timeout Benjamin Berg (3): wifi: cfg80211: add RNR with reporting AP information wifi: mac80211: use deflink and fix typo in link ID check wifi: cfg80211: set correct param change count in ML element Benjamin Gaignard (1): media: usbtv: Remove useless locks in usbtv_video_free() Benjamin Lin (2): wifi: mt76: mt7996: fix incorrect interpretation of EHT MCS caps wifi: mt76: mt7996: fix HIF_TXD_V2_1 value Bert Karwatzki (1): iommu: Fix compilation without CONFIG_IOMMU_INTEL Bhavya Kapoor (4): arm64: dts: ti: k3-j7200-common-proc-board: Modify Pinmux for wkup_uart0 and mcu_uart0 arm64: dts: ti: k3-j7200-common-proc-board: Remove clock-frequency from mcu_uart0 arm64: dts: ti: k3-j721s2-common-proc-board: Remove Pinmux for CTS and RTS in wkup_uart0 arm64: dts: ti: k3-j784s4-evm: Remove Pinmux for CTS and RTS in wkup_uart0 Bitterblue Smith (3): wifi: rtw88: 8821cu: Fix firmware upload fail wifi: rtw88: 8821c: Fix beacon loss and disconnect wifi: rtw88: 8821c: Fix false alarm count Bjorn Andersson (2): pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl arm64: dts: qcom: sa8540p: Drop gfx.lvl as power-domain for gpucc Breno Leitao (1): net: blackhole_dev: fix build warning for ethh set but not used Brian Masney (1): fbdev/simplefb: change loglevel when the power domains cannot be parsed Bryan O'Donoghue (1): clk: Fix clk_core_get NULL dereference Changbin Du (1): modules: wait do_free_init correctly Changhuang Liang (1): staging: media: starfive: Set 16 bpp for capture_raw device Chao Yu (15): f2fs: compress: fix to guarantee persisting compressed blocks by CP f2fs: compress: fix to cover normal cluster write with cp_rwsem f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic f2fs: zone: fix to wait completion of last bio in zone correctly f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem f2fs: fix to avoid potential panic during recovery f2fs: fix to create selinux label during whiteout initialization f2fs: compress: fix to check zstd compress level correctly in mount option f2fs: compress: fix to check compress flag w/ .i_sem lock f2fs: fix to use correct segment type in f2fs_allocate_data_block() f2fs: ro: compress: fix to avoid caching unaligned extent f2fs: fix to truncate meta inode pages forcely f2fs: zone: fix to remove pow2 check condition for zoned block device f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault Charles Keepax (1): ASoC: Intel: ssp-common: Add stub for sof_ssp_get_codec_name Charlie Jenkins (1): riscv: Only check online cpus for emulated accesses Chen Ni (2): sr9800: Add check for usbnet_get_endpoints drm/tegra: dsi: Add missing check for of_find_device_by_node Chen-Yu Tsai (4): arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF pinctrl: mediatek: Drop bogus slew rate register range for MT8186 pinctrl: mediatek: Drop bogus slew rate register range for MT8192 clk: mediatek: mt8183: Correct parent of CLK_INFRA_SSPM_32K_SELF Chintan Vankar (1): arm64: dts: ti: k3-j784s4-main: Fix mux-reg-masks in serdes_ln_ctrl Christoph Hellwig (1): iomap: clear the per-folio dirty bits on all writeback failures Christophe JAILLET (17): mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() PCI/P2PDMA: Fix a sleeping issue in a RCU read section PCI: switchtec: Fix an error handling path in switchtec_pci_probe() clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() clk: mediatek: mt8135: Fix an error handling path in clk_mt8135_apmixed_probe() clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() perf pmu: Fix a potential memory leak in perf_pmu__lookup() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() NFS: Fix an off by one in root_nfs_cat() thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path Christophe Leroy (1): powerpc: Force inlining of arch_vmap_p{u/m}d_supported() Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts Chunguang Xu (1): nvme: fix reconnection fail due to reserved tag allocation Claudiu Beznea (3): arm64: dts: renesas: rzg3s-smarc-som: Guard Ethernet IRQ GPIO hogs pinctrl: renesas: rzg2l: Fix locking in rzg2l_dt_subnode_to_map() clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux Colin Ian King (1): usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin Craig Tatlor (1): ARM: dts: qcom: msm8974: correct qfprom node size Cristian Ciocaltea (6): ASoC: amd: acp: Add missing error handling in sof-mach ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() ASoC: SOF: core: Skip firmware test for custom loaders ASoC: SOF: amd: Compute file paths on firmware load ASoC: SOF: amd: Move signed_fw_image to struct acp_quirk_entry ASoC: SOF: amd: Skip IRAM/DRAM size modification for Steam Deck OLED Dafna Hirschfeld (1): drm/xe: Replace 'grouped target' in Makefile with pattern rule Damian Muszynski (2): crypto: qat - fix ring to service map for dcc in 4xxx crypto: qat - fix ring to service map for dcc in 420xx Dan Carpenter (6): io_uring/net: fix overflow check in io_recvmsg_mshot_prep() ASoC: SOF: Add some bounds checking to firmware data lib/stackdepot: off by one in depot_fetch_stack() bus: mhi: ep: check the correct variable in mhi_ep_register_controller() staging: greybus: fix get_channel_from_mode() failure path char: xilinx_hwicap: Fix NULL vs IS_ERR() bug Daniel Golle (3): clk: mediatek: mt7981-topckgen: flag SGM_REG_SEL as critical net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up net: ethernet: mtk_eth_soc: fix PPE hanging issue Daniel Lezcano (1): powercap: dtpm_cpu: Fix error check against freq_qos_add_request() Daniel Thompson (3): backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: lp8788: Fully initialize backlight_properties during probe Daniil Dulov (2): media: go7007: add check of return value of go7007_read_addr() media: pvrusb2: remove redundant NULL check Dave Airlie (2): nouveau: reset the bo resource bus info after an eviction nouveau/gsp: don't check devinit disable on GSP. Dave Jiang (2): ACPI: HMAT: Remove register of memory node for generic target cxl: Fix the incorrect assignment of SSLBIS entry pointer initial location Dave Wysochanski (1): NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt David E. Box (2): platform/x86/intel/pmc/lnl: Remove SSRAM support platform/x86/intel/pmc/arl: Put GNA device in D3 David Gow (8): kunit: test: Log the correct filter string in executor_test lib/cmdline: Fix an invalid format specifier in an assertion msg lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg time: test: Fix incorrect format specifier rtc: test: Fix invalid format specifier. net: test: Fix printf format specifier in skb_segment kunit test drm/xe/tests: Fix printf format specifiers in xe_migrate test drm: tests: Fix invalid printf format specifiers in KUnit tests David Heidelberg (1): arm64: dts: qcom: sdm845-oneplus-common: improve DAI node naming David Howells (4): cifs: Fix writeback data corruption afs: Revert "afs: Hide silly-rename files from userspace" afs: Don't cache preferred address afs: Fix occasional rmdir-then-VNOVNODE with generic/011 David Lechner (2): spi: consolidate setting message->spi spi: move split xfers for CS_WORD emulation David Regan (1): mtd: rawnand: brcmnand: exec_op helper functions return type fixes Deren Wu (3): wifi: mt76: mt7925: update PCIe DMA settings wifi: mt76: mt7921e: fix use-after-free in free_irq() wifi: mt76: mt7925e: fix use-after-free in free_irq() Devarsh Thakkar (2): arm64: dts: ti: Add common1 register space for AM65x SoC arm64: dts: ti: Add common1 register space for AM62x SoC Dmitry Baryshkov (11): soc: qcom: socinfo: rename PM2250 to PM4125 arm64: dts: qcom: rename PM2250 to PM4125 arm64: dts: qcom: msm8998: declare VLS CLAMP register for USB3 PHY arm64: dts: qcom: qcm2290: declare VLS CLAMP register for USB3 PHY arm64: dts: qcom: sm6115: declare VLS CLAMP register for USB3 PHY drm: ci: use clk_ignore_unused for apq8016 drm/msm/dpu: finalise global state object drm/msm/a6xx: specify UBWC config for sc7180 phy: qcom: qmp-usb: split USB-C PHY driver phy: qcom: qmp-usbc: add support for the Type-C handling phy: qcom: qmp-usbc: handle CLAMP register in a correct way Douglas Anderson (1): drm/panel: boe-tv101wum-nl6: make use of prepare_prev_first Duanqiang Wen (1): net: txgbe: fix clk_name exceed MAX_DEV_ID limits Duoming Zhou (3): wifi: brcm80211: handle pmk_op allocation failure nfp: flower: handle acti_netdevs allocation failure clk: zynq: Prevent null pointer dereference caused by kmalloc failure Dylan Hung (1): i3c: dw: Disable IBI IRQ depends on hot-join and SIR enabling Edward Adam Davis (1): media: pvrusb2: fix uaf in pvr2_context_set_notify Emmanuel Grumbach (2): wifi: iwlwifi: mvm: fix the TLC command after ADD_STA wifi: iwlwifi: mvm: don't set the MFP flag for the GTK Eric Dumazet (8): sock_diag: annotate data-races around sock_diag_handlers[family] inet_diag: annotate data-races around inet_diag_table[] ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check packet: annotate data-races around ignore_outgoing net: move dev->state into net_device_read_txrx group Ethan Zhao (3): PCI: Make pci_dev_is_disconnected() helper public for other drivers iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected iommu/vt-d: Improve ITE fault handling if target device isn't present Eugen Hristev (2): arm64: dts: mediatek: mt8192: fix vencoder clock name arm64: dts: mediatek: mt8186: fix VENC power domain clocks Ezra Buehler (1): mtd: spinand: esmt: Extend IDs to 5 bytes Fedor Pchelkin (1): drm/tegra: put drm_gem_object ref on error in tegra_fb_create Fei Shao (1): spi: spi-mt65xx: Fix NULL pointer access in interrupt handler Felix Maurer (1): hsr: Handle failures in module init Filipe Manana (1): btrfs: fix race when detecting delalloc ranges during fiemap Florian Fainelli (1): spi: Fix error code checking in spi_mem_exec_op() Frank Li (2): arm64: dts: imx8qm: Align edma3 power-domains resources indentation arm64: dts: imx8qm: Correct edma3 power-domains and interrupt numbers Frederic Weisbecker (2): rcu/exp: Fix RCU expedited parallel grace period kworker allocation failure recovery rcu/exp: Handle RCU expedited grace period kworker allocation failure Frieder Schrempf (7): arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S i.MX8MM arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL OSM-S board arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL OSM-S board arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board arm64: dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module Frédéric Danis (1): Bluetooth: Fix eir name length Gabor Juhos (3): clk: qcom: gcc-ipq5018: fix 'enable_reg' offset of 'gcc_gmac0_sys_clk' clk: qcom: gcc-ipq5018: fix 'halt_reg' offset of 'gcc_pcie1_pipe_clk' clk: qcom: gcc-ipq5018: fix register offset for GCC_UBI0_AXI_ARES reset Gabriel Krisman Bertazi (2): ovl: Always reject mounting over case-insensitive directories io_uring: Fix release of pinned pages when __io_uaddr_map fails Gavrilov Ilia (6): tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function net/x25: fix incorrect parameter validation in the x25_getsockopt() function Geert Uytterhoeven (11): ARM: dts: renesas: r8a73a4: Fix external clocks and clock rate arm64: dts: renesas: r8a779g0: Restore sort order arm64: dts: renesas: r8a779g0: Add missing SCIF_CLK2 ARM: dts: arm: realview: Fix development chip ROM compatible value arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes arm64: dts: renesas: r8a779g0: Correct avb[01] reg sizes clk: renesas: r8a779g0: Fix PCIe clock name pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function clk: renesas: r8a779g0: Correct PFC/GPIO parent clocks clk: renesas: r8a779f0: Correct PFC/GPIO parent clock pinctrl: renesas: Allow the compiler to optimize away sh_pfc_pm Gen Xu (1): wifi: mt76: mt792x: fix ethtool warning Geoffrey D. Bennett (4): ALSA: scarlett2: Fix Scarlett 4th Gen 4i4 low-voltage detection ALSA: scarlett2: Fix Scarlett 4th Gen autogain status values ALSA: scarlett2: Fix Scarlett 4th Gen input gain range ALSA: scarlett2: Fix Scarlett 4th Gen input gain range again George Stark (1): leds: aw2013: Unlock mutex before destroying it Gergo Koteles (5): ALSA: hda/tas2781: use dev_dbg in system_resume ALSA: hda/tas2781: add lock to system_suspend ALSA: hda/tas2781: do not reset cur_* values in runtime_suspend ALSA: hda/tas2781: do not call pm_runtime_force_* in system_resume/suspend ALSA: hda/tas2781: restore power state after system_resume Hao Zhang (1): wifi: mt76: mt7925: fix mcu query command fail Harry Wentland (2): drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/vkms: Avoid reading beyond LUT array Hayes Wang (1): r8152: fix unknown device for choose_configuration Heiko Carstens (1): s390/cache: prevent rebuild of shared_cpu_list Heiko Stuebner (3): arm64: dts: rockchip: add missing interrupt-names for rk356x vdpu arm64: dts: rockchip: fix reset-names for rk356x i2s2 controller arm64: dts: rockchip: drop rockchip,trcm-sync-tx-only from rk3588 i2s Hongyu Jin (1): dm io: Support IO priority Howard Hsu (1): wifi: mt76: mt7996: fix HE beamformer phy cap for station vif Hsin-Te Yuan (1): arm64: dts: mt8195-cherry-tomato: change watchdog reset boot flow Hsin-Yi Wang (2): drm/panel-edp: use put_sync in unprepare drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip Hugo Villeneuve (1): serial: max310x: fix syntax error in IRQ error message Ian Rogers (5): perf pmu: Treat the msr pmu as software perf srcline: Add missed addr2line closes perf expr: Fix "has_event" function for metric style events perf stat: Avoid metric-only segv perf metric: Don't remove scale from counts Ido Schimmel (2): selftests: forwarding: Add missing multicast routing config entries selftests: forwarding: Fix ping failure due to short timeout Ignat Korchagin (1): net: veth: do not manipulate GRO when using XDP Igor Prusov (1): clk: meson: Add missing clocks to axg_clk_regmaps Ilan Peer (1): wifi: iwlwifi: mvm: Fix the listener MAC filter flags Ilpo Järvinen (1): PCI/DPC: Print all TLP Prefixes, not just the first Jaegeuk Kim (1): f2fs: check number of blocks in a current section Jai Luthra (1): arm64: dts: ti: k3-am62p: Fix memory ranges for DMSS James Clark (1): coresight: Fix issue where a source device's helpers aren't disabled Jan Höppner (1): s390/dasd: Use dev_*() for device log messages Jan Kara (2): quota: Fix rcu annotations of inode dquot pointers quota: Properly annotate i_dquot arrays with __rcu Janne Grunau (1): spi: Restore delays for non-GPIO chip select Jason Gunthorpe (1): iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA Jayesh Choudhary (1): arm64: dts: ti: k3-am69-sk: remove assigned-clock-parents for unused VP Jeff LaBundy (1): Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 Jens Axboe (5): io_uring: remove looping around handling traditional task_work io_uring: remove unconditional looping in local task_work handling io_uring/net: unify how recvmsg and sendmsg copy in the msghdr io_uring/net: move receive multishot out of the generic msghdr path io_uring: don't save/restore iowait state Jeremy Kerr (1): net: mctp: copy skb ext data when fragmenting Jernej Skrabec (4): media: cedrus: h265: Fix configuring bitstream size media: sun8i-di: Fix coefficient writes media: sun8i-di: Fix power on/off sequences media: sun8i-di: Fix chroma difference threshold Jerome Brunet (4): ASoC: meson: aiu: fix function pointer type mismatch ASoC: meson: t9015: fix function pointer type mismatch ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs ASoC: meson: axg-tdm-interface: add frame rate constraint Ji Sheng Teoh (1): watchdog: starfive: Check pm_runtime_enabled() before decrementing usage counter Jianhua Lu (1): backlight: ktz8866: Correct the check for of_property_read_u32 Jie Wang (1): net: hns3: fix port duplex configure error in IMP reset Jijie Shao (1): net: hns3: fix wrong judgment condition issue Jinjie Ruan (1): wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() Jiri Olsa (1): bpftool: Fix wrong free call in do_show_link Jiri Pirko (3): dpll: spec: use proper enum for pin capabilities attribute dpll: fix dpll_xa_ref_*_del() for multiple registrations devlink: fix port new reply cmd type Jiri Slaby (SUSE) (1): tty: vt: fix 20 vs 0x20 typo in EScsiignore Johan Carlsson (1): ALSA: usb-audio: Stop parsing channels bits when all channels are found. Johan Hovold (1): PCI/AER: Fix rootport attribute paths in ABI docs Johannes Berg (8): wifi: iwlwifi: mvm: report beacon protection failures wifi: iwlwifi: dbg-tlv: ensure NUL termination wifi: iwlwifi: acpi: fix WPFC reading wifi: iwlwifi: mvm: initialize rates in FW earlier wifi: iwlwifi: mvm: d3: fix IPN byte order wifi: iwlwifi: always have 'uats_enabled' wifi: iwlwifi: mvm: fix erroneous queue index mask wifi: iwlwifi: mvm: don't set replay counters to 0xff John Keeping (1): regulator: userspace-consumer: add module device table John Ogness (6): printk: nbcon: Relocate 32bit seq macros printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() printk: Wait for all reserved records with pr_flush() printk: Add this_cpu_in_panic() printk: ringbuffer: Cleanup reader terminology printk: ringbuffer: Skip non-finalized records in panic Jon Hunter (1): memory: tegra: Correct DLA client names Jonah Palmer (1): vdpa/mlx5: Allow CVQ size changes Jonas Dreßler (3): Bluetooth: Remove HCI_POWER_OFF_TIMEOUT Bluetooth: mgmt: Remove leftover queuing of power_off work Bluetooth: Remove superfluous call to hci_conn_check_pending() Jonathan Bell (1): PCI: brcmstb: Fix broken brcm_pcie_mdio_write() polling Jorge Mora (2): NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 NFSv4.2: fix listxattr maximum XDR buffer size Josef Bacik (1): nfs: fix panic when nfs4_ff_layout_prepare_ds() fails Josh Poimboeuf (1): objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks José Roberto de Souza (1): drm/xe: Skip VMAs pin when requesting signal to the last XE_EXEC Judith Mendez (1): arm64: dts: ti: k3-am64-main: Fix ITAP/OTAP values for MMC Juergen Gross (2): xen/evtchn: avoid WARN() when unbinding an event channel xen/events: increment refcnt only if event channel is refcounted Julien Massot (2): media: cadence: csi2rx: use match fwnode for media link media: v4l2: cci: print leading 0 on error Jérôme Pouiller (1): wifi: wfx: fix memory leak when starting AP Jörg Wedekind (1): PCI: Mark 3ware-9650SE Root Port Extended Tags as broken Kai Huang (1): x86/asm: Remove the __iomem annotation of movdir64b()'s dst argument Kajol Jain (1): powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks Kamal Heib (1): net: ena: Remove ena_select_queue Kang Yang (1): wifi: ath12k: fix incorrect logic of calculating vdev_stats_id Kees Cook (2): pstore: inode: Only d_invalidate() is needed x86, relocs: Ignore relocations in .notes section Keisuke Nishimura (2): sched/fair: Take the scheduling domain into account in select_idle_smt() sched/fair: Take the scheduling domain into account in select_idle_core() Komal Bajaj (2): arm64: dts: qcom: qcm6490-idp: Correct the voltage setting for vph_pwr arm64: dts: qcom: qcs6490-rb3gen2: Correct the voltage setting for vph_pwr Konrad Dybcio (13): arm64: dts: qcom: sc8180x: Hook up VDD_CX as GCC parent domain arm64: dts: qcom: sc8180x: Fix up big CPU idle state entry latency arm64: dts: qcom: sc8180x: Add missing CPU off state arm64: dts: qcom: sc8180x: Fix eDP PHY power-domains arm64: dts: qcom: sc8180x: Don't hold MDP core clock at FMAX arm64: dts: qcom: sc8180x: Require LOW_SVS vote for MMCX if DISPCC is on arm64: dts: qcom: sc8180x: Add missing CPU<->MDP_CFG path arm64: dts: qcom: sc8180x: Shrink aoss_qmp register space size arm64: dts: qcom: sm8450: Add missing interconnects to serial arm64: dts: qcom: sdm845: Use the Low Power Island CX/MX for SLPI clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times Konstantin Taranov (5): RDMA/mana_ib: Fix bug in creation of dma regions RDMA/mana_ib: Introduce mdev_to_gc helper function RDMA/mana_ib: Introduce mana_ib_get_netdev helper function RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function RDMA/mana_ib: Use virtual address in dma regions for MRs Krzysztof Kozlowski (5): arm64: dts: qcom: x1e80100: drop qcom,drv-count arm64: dts: qcom: sdm845-db845c: correct PCIe wake-gpios arm64: dts: qcom: sm8150: correct PCIe wake-gpios riscv: dts: starfive: jh7100: fix root clock names soundwire: stream: add missing const to Documentation Kuniyuki Iwashima (3): af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). tcp: Fix refcnt handling in __inet_hash_connect(). Kévin L'hôpital (1): net: phy: fix phy_get_internal_delay accessing an empty array Lad Prabhakar (3): arm64: dts: renesas: rzg2l: Add missing interrupts to IRQC nodes arm64: dts: renesas: r9a08g045: Add missing interrupts to IRQC node ASoC: sh: rz-ssi: Fix error message print Lang Yu (1): drm/amdgpu: fix mmhub client id out-of-bounds access Le Ma (1): drm/amdgpu: drop setting buffer funcs in sdma442 Leon Romanovsky (1): xfrm: Allow UDP encapsulation only in offload modes Li Nan (3): md: fix kmemleak of rdev->serial block: fix deadlock between bd_link_disk_holder and partition scan md: Don't clear MD_CLOSING when the raid is about to stop Li Zhijian (1): coccinelle: device_attr_show: Remove useless expression STR Linu Cherian (1): octeontx2-af: Use matching wake_up API variant in CGX command interface Liu Ying (1): arm64: dts: imx8mp-evk: Fix hdmi@3d node Lorenzo Bianconi (1): wifi: mt76: mt7996: fix fw loading timeout Lu Baolu (4): iommu/vt-d: Use rbtree to track iommu probed devices iommu/vt-d: Use device rbtree in iopf reporting path iommu: Add static iommu_ops->release_domain iommu/vt-d: Fix NULL domain on device release Luca Ceresoli (1): ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates Luca Weiss (4): arm64: dts: qcom: sc7280: Add static properties to cryptobam arm64: dts: qcom: qcm6490-fairphone-fp5: Add missing reserved-memory backlight: lm3630a: Initialize backlight_properties on init backlight: lm3630a: Don't set bl->props.brightness in get_brightness Lucas Stach (1): media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Luiz Augusto von Dentz (8): Bluetooth: Remove BT_HS Bluetooth: hci_event: Fix not indicating new connection for BIG Sync Bluetooth: hci_core: Cancel request on command timeout Bluetooth: hci_sync: Fix overwriting request callback Bluetooth: hci_core: Fix possible buffer overflow Bluetooth: msft: Fix memory leak Bluetooth: btusb: Fix memory leak Bluetooth: af_bluetooth: Fix deadlock Luoyouming (1): RDMA/hns: Fix mis-modifying default congestion control algorithm Maciej Strozek (2): mfd: cs42l43: Fix wrong register defaults mfd: cs42l43: Fix wrong GPIO_FN_SEL and SPI_CLK_CONFIG1 defaults Mads Bligaard Nielsen (1): drm/bridge: adv7511: fix crash on irq during probe Manivannan Sadhasivam (1): arm64: dts: qcom: sm8650: Fix UFS PHY clocks Manorit Chawdhry (2): arm64: dts: ti: k3-j721s2: Fix power domain for VTM node arm64: dts: ti: k3-j784s4: Fix power domain for VTM node Manu Bretelle (1): selftests/bpf: Disable IPv6 for lwt_redirect test Mao Jinlong (1): coresight: etm4x: Set skip_power_up in etm4_init_arch_data function Marek Vasut (1): arm64: dts: imx8mp: Set SPI NOR to max 40 MHz on Data Modul i.MX8M Plus eDM SBC Marijn Suijten (1): drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled Mario Limonciello (2): iommu/amd: Mark interrupt as managed crypto: ccp - Avoid discarding errors in psp_send_platform_access_msg() Mark Rutland (1): perf print-events: make is_event_supported() more robust Markus Schneider-Pargmann (1): can: m_can: Start/Cancel polling timer together with interrupts Martin KaFai Lau (2): selftests/bpf: Fix the flaky tc_redirect_dtime test selftests/bpf: Wait for the netstamp_needed_key static key to be turned on Martin Kaiser (1): gpio: vf610: allow disabling the vf610 driver Martin Kaistra (1): wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work Martin Krastev (1): drm/vmwgfx: Fix vmw_du_get_cursor_mob fencing of newly-created MOBs Masahiro Yamada (1): kconfig: fix infinite loop when expanding a macro at the end of file Mathias Nyman (4): xhci: Add interrupt pending autoclear flag to each interrupter xhci: make isoc_bei_interval variable interrupter specific. xhci: remove unnecessary event_ring_deq parameter from xhci_handle_event() xhci: update event ring dequeue pointer position to controller correctly Matthew Brost (2): drm/xe: Fix ref counting leak on page fault drm/xe: Invalidate userptr VMA on page pin fault Matti Vaittinen (1): iio: gts-helper: Fix division loop Maxim Kudinov (1): ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override Maxime Ripard (2): kunit: Setup DMA masks on the kunit device drm/tests: helpers: Include missing drm_drv header Mete Durlu (1): s390/vtime: fix average steal time calculation Michael Ellerman (3): powerpc/32: fix ADB_CUDA kconfig warning powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. powerpc/4xx: Fix warp_gpio_leds build failure Michael Roth (1): x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type Michal Vokáč (2): ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node Mikhail Khvainitski (1): HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd Mikulas Patocka (3): dm: call the resume method on internal suspend dm-integrity: fix a memory leak when rechecking the data dm-integrity: align the outgoing bio in integrity_recheck Ming Lei (1): dm raid: fix false positive for requeue needed during reshape Ming Yen Hsieh (9): wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band wifi: mt76: mt7925: fix wmm queue mapping wifi: mt76: mt7925: fix fw download fail wifi: mt76: mt7925: fix WoW failed in encrypted mode wifi: mt76: mt7925: fix the wrong header translation config wifi: mt76: mt7925: add support to set ifs time by mcu command wifi: mt76: mt7921: fix incorrect type conversion for CLC command wifi: mt76: mt792x: fix a potential loading failure of the 6Ghz channel config from ACPI wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 Miri Korenblit (5): wifi: iwlwifi: change link id in time event to s8 wifi: iwlwifi: fix EWRD table validity check wifi: iwlwifi: read BIOS PNVM only for non-Intel SKU wifi: iwlwifi: support EHT for WH wifi: iwlwifi: properly check if link is active Miroslav Franc (1): s390/dasd: fix double module refcount decrement Muhammad Usama Anjum (1): io_uring/net: correct the type of variable Mustafa Ismail (1): RDMA/irdma: Remove duplicate assignment Nathan Chancellor (1): s390/vdso: drop '-fPIC' from LDFLAGS Navid Emamdoost (1): nbd: null check for nla_nest_start Neil Armstrong (1): dt-bindings: arm-smmu: fix SM8[45]50 GPU SMMU if condition Nicholas Piggin (1): powerpc/ps3: Fix lv1 hcall assembly for ELFv2 calling convention Nikita Kiryushin (1): net: phy: fix phy_read_poll_timeout argument type in genphy_loopback Nikita Zhandarovich (5): do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak media: em28xx: annotate unchecked call to media_device_register() drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() wireguard: receive: annotate data-race around receiving_counter.counter Nícolas F. R. A. Prado (6): cpufreq: mediatek-hw: Wait for CPU supplies before probing cpufreq: mediatek-hw: Don't error out if supply is not found arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs arm64: dts: mediatek: mt8192-asurada: Remove CrosEC base detection node arm64: dts: mediatek: mt8186: Add missing clocks to ssusb power domains arm64: dts: mediatek: mt8186: Add missing xhci clock to usb controllers Oleksij Rempel (1): net: dsa: microchip: make sure drive strength configuration is not lost by soft reset Olga Kornievskaia (1): NFSv4.1/pnfs: fix NFS with TLS in pnfs Ondrej Jirman (1): leds: sgm3140: Add missing timer cleanup and flash gpio control Oscar Salvador (1): lib/stackdepot: fix first entry having a 0-handle Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: release elements in clone only from destroy path netfilter: nf_tables: do not compare internal table flags on updates Paloma Arellano (2): drm/msm/dpu: allow certain formats for CDM for DP drm/msm/dpu: add division of drm_display_mode's hskew parameter Pauli Virtanen (1): Bluetooth: fix use-after-free in accessing skb after sending it Pavel Begunkov (1): io_uring: fix poll_remove stalled req completion Peng Fan (1): thermal/drivers/qoriq: Fix getting tmu range Perry Yuan (1): ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors Peter Chiu (2): wifi: mt76: mt7996: check txs format before getting skb by pid wifi: mt76: mt7996: fix TWT issues Peter Griffin (2): mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref Peter Hilber (3): timekeeping: Fix cross-timestamp interpolation on counter wrap timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation for non-x86 Peter Robinson (2): bus: tegra-aconnect: Update dependency to ARCH_TEGRA dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA Petr Machata (1): selftests: forwarding: Add missing config entries Petr Mladek (1): printk: Disable passing console lock owner completely during panic() Petre Rodan (1): iio: pressure: mprls0025pa fix off-by-one enum Przemek Kitszel (1): ice: fix stats being updated by way too large values Puranjay Mohan (1): bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() Qiheng Lin (1): powerpc/pseries: Fix potential memleak in papr_get_attr() Quan Tian (1): netfilter: nf_tables: Fix a memory leak in nf_tables_updchain Quan Zhou (1): wifi: mt76: mt7925: add flow to avoid chip bt function fail Quanyang Wang (1): crypto: xilinx - call finalize with bh disabled Quentin Schulz (2): drm/rockchip: lvds: do not overwrite error code drm/rockchip: lvds: do not print scary message when probing defer Raag Jadav (1): pwm: dwc: use pm_sleep_ptr() macro Rafael J. Wysocki (1): ACPI: scan: Fix device check notification handling Rafał Miłecki (9): arm64: dts: mediatek: mt7986: fix reference to PWM in fan node arm64: dts: mediatek: mt7986: drop crypto's unneeded/invalid clock name arm64: dts: mediatek: mt7986: fix SPI bus width properties arm64: dts: mediatek: mt7986: fix SPI nodename arm64: dts: mediatek: mt7986: drop "#clock-cells" from PWM arm64: dts: mediatek: mt7986: add "#reset-cells" to infracfg arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes arm64: dts: marvell: reorder crypto interrupts on Armada SoCs arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells Rahul Rameshbabu (4): wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Disable QoS for bcm4331 Raj Kumar Bhagat (1): wifi: ath12k: fix fetching MCBC flag for QCN9274 Randy Dunlap (4): fs/hfsplus: use better @opf description drivers/ps3: select VIDEO to provide cmdline functions crypto: jitter - fix CRYPTO_JITTERENTROPY help text rtc: mt6397: select IRQ_DOMAIN instead of depending on it Ravi Gunasekaran (1): arm64: dts: ti: k3-am62p5-sk: Enable CPSW MDIO node Rob Clark (1): drm/msm/a7xx: Fix LLC typo Rob Herring (1): media: dt-bindings: techwell,tw9900: Fix port schema ref Roger Quadros (1): arm64: dts: ti: am65x: Fix dtbs_install for Rocktech OLDI overlay Romain Naour (2): arm64: dts: ti: k3-am69-sk: fix PMIC interrupt number arm64: dts: ti: k3-j721e-sk: fix PMIC interrupt number Sakari Ailus (3): media: ivsc: csi: Swap SINK and SOURCE pads mei: vsc: Call wake_up() in the threaded IRQ handler mei: vsc: Don't use sleeping condition in wait_event_timeout() Sam Protsenko (1): clk: samsung: exynos850: Propagate SPI IPCLK rate change Sam Ravnborg (4): sparc32: Use generic cmpdi2/ucmpdi2 variants mtd: maps: sun_uflash: Declare uflash_devinit static sparc32: Do not select GENERIC_ISA_DMA sparc32: Fix section mismatch in leon_pci_grpci Sami Tolvanen (1): riscv: Fix syscall wrapper for >word-size arguments Sandipan Das (2): perf vendor events amd: Fix Zen 4 cache latency events perf/x86/amd/core: Avoid register reset when CPU is dead Sasha Levin (1): Linux 6.8.2-rc1 Saurabh Sengar (1): x86/hyperv: Use per cpu initial stack for vtl context Sean Anderson (1): usb: phy: generic: Get the vbus supply Serge Semin (2): tty: mips_ejtag_fdc: Fix passing incompatible pointer type warning mips: cm: Convert __mips_cm_l2sync_phys_base() to weak function Shay Drory (1): devlink: Fix devlink parallel commands processing Sheng Yong (1): f2fs: compress: fix to check unreleased compressed cluster Shengjiu Wang (1): clk: imx: imx8mp: Fix SAI_MCLK_SEL definition Shifeng Li (1): RDMA/device: Fix a race between mad_client and cm_client init Shigeru Yoshida (1): hsr: Fix uninit-value access in hsr_get_node() Shiming Cheng (1): ipv6: fib6_rules: flush route cache when rule is changed Shin'ichiro Kawasaki (1): nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() Shung-Hsi Yu (1): selftests/bpf: trace_helpers.c: do not use poisoned type Sibi Sankar (1): cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() Srinivasan Shanmugam (5): drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() Sriram R (1): wifi: ath12k: Fix issues in channel list update StanleyYP Wang (1): wifi: mt76: mt7996: fix efuse reading issue Stefan Binding (1): ALSA: hda: cs35l41: Set Channel Index correctly when system is missing _DSD Stephen Boyd (2): gpiolib: Pass consumer device through to core in devm_fwnode_gpiod_get_index() arm64: ftrace: Don't forbid CALL_OPS+CC_OPTIMIZE_FOR_SIZE with Clang Steve Sistare (1): vdpa_sim: reset must not run Subbaraya Sundeep (5): octeontx2: Detect the mbox up or down message via register octeontx2-pf: Wait till detach_resources msg is complete octeontx2-pf: Use default max_active works instead of one octeontx2-pf: Send UP messages to VF only when VF is up. octeontx2-af: Use separate handlers for interrupts Sunil Goutham (1): octeontx2-af: Fix devlink params Suzuki K Poulose (1): virtio: uapi: Drop __packed attribute in linux/virtio_pci.h Takashi Iwai (1): ALSA: seq: fix function cast warnings Tejun Heo (9): workqueue: Move pwq->max_active to wq->max_active workqueue: Factor out pwq_is_empty() workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work() workqueue: Move nr_active handling into helpers workqueue: Make wq_adjust_max_active() round-robin pwqs while activating workqueue: RCU protect wq->dfl_pwq and implement accessors for it workqueue: Introduce struct wq_node_nr_active workqueue: Implement system-wide nr_active enforcement for unbound workqueues workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() Thinh Tran (1): net/bnx2x: Prevent access to a freed page in page_pool Thomas Richter (1): s390/pai: fix attr_event_free upper limit for pai device drivers Thomas Weißschuh (1): power: supply: mm8013: fix "not charging" detection Thomas Zimmermann (1): arch/powerpc: Remove <linux/fb.h> from backlight code Théo Lebrun (2): gpio: nomadik: fix offset bug in nmk_pmx_set() spi: spi-mem: add statistics support to ->exec_op() calls Tiezhu Yang (1): bpftool: Silence build warning about calloc() Tim Harvey (1): arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS Tim Pambor (1): net: phy: dp83822: Fix RGMII TX delay configuration Tobias Brunner (1): ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels Toke Høiland-Jørgensen (5): wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete libbpf: Use OPTS_SET() macro in bpf_xdp_query() bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix stackmap overflow check on 32-bit arches Tomi Valkeinen (2): drm/tidss: Fix initial plane zpos values drm/tidss: Fix sync-lost issue with two displays Tony Luck (1): x86/resctrl: Implement new mba_MBps throttling heuristic Tudor Ambarus (1): tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT Unnathi Chalicheemala (1): soc: qcom: llcc: Check return value on Broadcast_OR reg read Uwe Kleine-König (3): pwm: atmel-hlcdc: Fix clock imbalance related to suspend support pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan ASoC: tlv320adc3xxx: Don't strip remove function when driver is builtin Vaishnav Achath (1): arm64: dts: ti: k3-am62p-mcu/wakeup: Disable MCU and wakeup R5FSS nodes Viktor Malik (2): tools/resolve_btfids: Refactor set sorting with types from btf_ids.h tools/resolve_btfids: Fix cross-compilation to non-host endianness Vinicius Costa Gomes (2): igc: Fix missing time sync events igb: Fix missing time sync events Viresh Kumar (1): OPP: debugfs: Fix warning around icc_get_name() Vladimir Zapolskiy (1): arm64: dts: qcom: sm6115: drop pipe clock selection Wang Jianjian (1): quota: Fix potential NULL pointer dereference Wen Gong (3): wifi: ath11k: add support to select 6 GHz regulatory type wifi: ath11k: store cur_regulatory_info for each radio wifi: ath11k: change to move WMI_VDEV_PARAM_SET_HEMU_MODE before WMI_PEER_ASSOC_CMDID Wenjie Qi (1): f2fs: fix NULL pointer dereference in f2fs_submit_page_write() William Kucharski (1): RDMA/srpt: Do not register event handler until srpt device is fully setup William Tu (2): devlink: Fix length of eswitch inline-mode vmxnet3: Fix missing reserved tailroom Xingyuan Mo (1): wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() Xiubo Li (1): ceph: stop copying to iter at EOF on sync reads Xiuhong Wang (2): f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks f2fs: compress: fix reserve_cblocks counting error when out of space Xuan Zhuo (1): virtio: packed: fix unmap leak for indirect desc table Yan Zhai (3): rcu: add a helper to report consolidated flavor QS net: report RCU QS on threaded NAPI repolling bpf: report RCU QS in cpumap kthread Yang Jihong (5): perf record: Fix possible incorrect free in record__switch_output() perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() Yang Yingliang (1): NTB: fix possible name leak in ntb_register_device() Yewon Choi (1): rds: introduce acquire/release ordering in acquire/release_in_xmit() Yifan Zhang (1): drm/amdgpu: add MMHUB 3.3.1 support Yihang Li (1): scsi: hisi_sas: Fix a deadlock issue related to automatic dump Yonghong Song (1): bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly Yonglong Liu (1): net: hns3: fix kernel crash when 1588 is received on HIP08 devices Yu Kuai (3): md/raid1: factor out helpers to add rdev to conf md/raid1: record nonrot rdevs while adding/removing rdevs to conf md/raid1: fix choose next idle in read_balance() Zhang Shurong (1): drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe Zhipeng Lu (10): wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() SUNRPC: fix a memleak in gss_import_v2_context SUNRPC: fix some memleaks in gssx_dec_option_array drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node drm/lima: fix a memleak in lima_heap_alloc media: v4l2-tpg: fix some memleaks in tpg_alloc media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: edia: dvbdev: fix a use-after-free media: go7007: fix a memleak in go7007_load_encoder media: ttpci: fix two memleaks in budget_av_attach rong.yan (1): wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band .../testing/sysfs-bus-pci-devices-aer_stats | 6 +- .../bindings/display/msm/qcom,mdss.yaml | 1 + .../devicetree/bindings/iommu/arm,smmu.yaml | 13 +- .../bindings/media/i2c/techwell,tw9900.yaml | 2 +- Documentation/driver-api/soundwire/stream.rst | 4 +- Documentation/netlink/specs/devlink.yaml | 2 +- Documentation/netlink/specs/dpll.yaml | 1 + .../networking/net_cachelines/net_device.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/arm/arm-realview-pb1176.dts | 2 +- .../boot/dts/nxp/imx/imx6dl-yapp4-common.dtsi | 25 +- arch/arm/boot/dts/qcom/qcom-msm8974.dtsi | 2 +- arch/arm/boot/dts/renesas/r8a73a4-ape6evm.dts | 12 + arch/arm/boot/dts/renesas/r8a73a4.dtsi | 9 +- arch/arm/crypto/sha256_glue.c | 13 +- arch/arm/crypto/sha512-glue.c | 12 +- arch/arm64/Kconfig | 2 +- .../dts/allwinner/sun50i-h6-beelink-gs1.dts | 2 + .../boot/dts/allwinner/sun50i-h6-tanix.dtsi | 2 + arch/arm64/boot/dts/allwinner/sun50i-h6.dtsi | 7 +- .../boot/dts/broadcom/bcmbca/bcm4908.dtsi | 3 - .../dts/freescale/imx8mm-kontron-bl-osm-s.dts | 38 +- .../boot/dts/freescale/imx8mm-kontron-bl.dts | 38 +- .../dts/freescale/imx8mm-kontron-osm-s.dtsi | 6 +- .../boot/dts/freescale/imx8mm-kontron-sl.dtsi | 4 +- .../dts/freescale/imx8mm-venice-gw71xx.dtsi | 29 +- .../freescale/imx8mp-data-modul-edm-sbc.dts | 2 +- arch/arm64/boot/dts/freescale/imx8mp-evk.dts | 33 +- .../boot/dts/freescale/imx8qm-ss-dma.dtsi | 29 +- arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 10 +- arch/arm64/boot/dts/marvell/armada-cp11x.dtsi | 10 +- .../dts/mediatek/mt7622-bananapi-bpi-r64.dts | 1 + arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 1 + .../dts/mediatek/mt7986a-bananapi-bpi-r3.dts | 2 +- arch/arm64/boot/dts/mediatek/mt7986a-rfb.dts | 7 +- arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7986b-rfb.dts | 7 +- .../dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 + .../dts/mediatek/mt8183-kukui-kodama.dtsi | 4 + .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 + .../arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 4 - arch/arm64/boot/dts/mediatek/mt8186.dtsi | 18 +- .../boot/dts/mediatek/mt8192-asurada.dtsi | 4 - arch/arm64/boot/dts/mediatek/mt8192.dtsi | 2 +- .../dts/mediatek/mt8195-cherry-tomato-r1.dts | 4 + .../dts/mediatek/mt8195-cherry-tomato-r2.dts | 4 + .../dts/mediatek/mt8195-cherry-tomato-r3.dts | 4 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 7 + .../dts/qcom/{pm2250.dtsi => pm4125.dtsi} | 8 +- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 7 + .../boot/dts/qcom/qcm6490-fairphone-fp5.dts | 5 + arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 4 +- arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 4 +- arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 78 +- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 4 - arch/arm64/boot/dts/qcom/sa8540p.dtsi | 3 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 + arch/arm64/boot/dts/qcom/sc8180x.dtsi | 38 +- arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 2 +- .../boot/dts/qcom/sdm845-oneplus-common.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 12 + arch/arm64/boot/dts/qcom/sm8550.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 10 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 1 - arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 4 +- arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 88 +- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 12 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 22 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 22 +- arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 8 +- .../boot/dts/renesas/rzg3s-smarc-som.dtsi | 4 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 3 +- arch/arm64/boot/dts/rockchip/rk3588s.dtsi | 2 - arch/arm64/boot/dts/ti/Makefile | 1 + arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 9 +- arch/arm64/boot/dts/ti/k3-am62p-mcu.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am62p-wakeup.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62p.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 4 + arch/arm64/boot/dts/ti/k3-am64-main.dtsi | 9 +- arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 5 +- arch/arm64/boot/dts/ti/k3-am69-sk.dts | 10 +- .../dts/ti/k3-j7200-common-proc-board.dts | 18 +- .../boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 +- .../dts/ti/k3-j721s2-common-proc-board.dts | 2 - .../boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-j784s4-evm.dts | 2 - arch/arm64/boot/dts/ti/k3-j784s4-main.dtsi | 12 +- .../boot/dts/ti/k3-j784s4-mcu-wakeup.dtsi | 2 +- arch/mips/include/asm/mips-cm.h | 13 + arch/mips/kernel/mips-cm.c | 5 +- arch/powerpc/include/asm/backlight.h | 5 +- arch/powerpc/include/asm/ppc_asm.h | 6 +- arch/powerpc/include/asm/vmalloc.h | 4 +- arch/powerpc/perf/hv-gpci.c | 29 +- arch/powerpc/platforms/44x/warp.c | 1 + .../platforms/embedded6xx/linkstation.c | 3 - arch/powerpc/platforms/embedded6xx/mpc10x.h | 3 + arch/powerpc/platforms/powermac/Kconfig | 2 +- arch/powerpc/platforms/powermac/backlight.c | 26 - arch/powerpc/platforms/ps3/Kconfig | 1 + arch/powerpc/platforms/ps3/hvcall.S | 18 +- .../pseries/papr_platform_attributes.c | 8 +- arch/riscv/boot/dts/starfive/jh7100.dtsi | 4 + arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/include/asm/syscall_wrapper.h | 53 +- arch/riscv/kernel/traps_misaligned.c | 2 +- arch/riscv/kvm/vcpu_insn.c | 13 + arch/s390/kernel/cache.c | 1 + arch/s390/kernel/perf_pai_crypto.c | 2 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/s390/kernel/vdso32/Makefile | 2 +- arch/s390/kernel/vdso64/Makefile | 2 +- arch/s390/kernel/vtime.c | 4 +- arch/sparc/Kconfig | 6 +- arch/sparc/kernel/leon_pci_grpci1.c | 2 +- arch/sparc/kernel/leon_pci_grpci2.c | 2 +- arch/sparc/lib/Makefile | 4 +- arch/sparc/lib/cmpdi2.c | 28 - arch/sparc/lib/ucmpdi2.c | 20 - arch/x86/events/amd/core.c | 1 - arch/x86/hyperv/hv_vtl.c | 19 +- arch/x86/include/asm/io.h | 2 +- arch/x86/include/asm/page.h | 6 +- arch/x86/include/asm/special_insns.h | 9 +- arch/x86/kernel/acpi/cppc.c | 2 +- arch/x86/kernel/cpu/resctrl/core.c | 10 +- arch/x86/kernel/cpu/resctrl/internal.h | 8 +- arch/x86/kernel/cpu/resctrl/monitor.c | 48 +- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 14 +- arch/x86/mm/mem_encrypt_identity.c | 10 +- arch/x86/tools/relocs.c | 8 + block/holder.c | 12 +- crypto/Kconfig | 5 +- drivers/acpi/numa/hmat.c | 8 +- drivers/acpi/processor_idle.c | 2 + drivers/acpi/resource.c | 21 + drivers/acpi/scan.c | 8 +- drivers/block/aoe/aoecmd.c | 12 +- drivers/block/aoe/aoenet.c | 1 + drivers/block/nbd.c | 6 + drivers/bluetooth/btmtk.c | 4 +- drivers/bluetooth/btusb.c | 10 +- drivers/bluetooth/hci_h5.c | 5 +- drivers/bluetooth/hci_qca.c | 6 +- drivers/bluetooth/hci_serdev.c | 9 +- drivers/bluetooth/hci_uart.h | 12 +- drivers/bus/Kconfig | 5 +- drivers/bus/mhi/ep/main.c | 2 +- drivers/char/xilinx_hwicap/xilinx_hwicap.c | 4 +- drivers/clk/clk.c | 3 + drivers/clk/hisilicon/clk-hi3519.c | 2 +- drivers/clk/hisilicon/clk-hi3559a.c | 1 - drivers/clk/imx/clk-imx8mp-audiomix.c | 11 +- drivers/clk/mediatek/clk-mt7622-apmixedsys.c | 1 - drivers/clk/mediatek/clk-mt7981-topckgen.c | 5 +- drivers/clk/mediatek/clk-mt8135-apmixedsys.c | 4 +- drivers/clk/mediatek/clk-mt8183.c | 2 +- drivers/clk/meson/axg.c | 2 + drivers/clk/qcom/dispcc-sdm845.c | 2 + drivers/clk/qcom/gcc-ipq5018.c | 6 +- drivers/clk/qcom/reset.c | 27 +- drivers/clk/renesas/r8a779f0-cpg-mssr.c | 2 +- drivers/clk/renesas/r8a779g0-cpg-mssr.c | 13 +- drivers/clk/renesas/r9a07g043-cpg.c | 2 +- drivers/clk/renesas/r9a07g044-cpg.c | 2 +- drivers/clk/samsung/clk-exynos850.c | 33 +- drivers/clk/zynq/clkc.c | 8 +- drivers/cpufreq/Kconfig.arm | 1 + drivers/cpufreq/brcmstb-avs-cpufreq.c | 2 + drivers/cpufreq/cpufreq.c | 18 +- drivers/cpufreq/freq_table.c | 2 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 19 +- drivers/crypto/ccp/platform-access.c | 11 +- .../intel/qat/qat_420xx/adf_420xx_hw_data.c | 8 + .../intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 8 + .../crypto/intel/qat/qat_common/adf_clock.c | 3 + .../intel/qat/qat_common/adf_cnv_dbgfs.c | 1 - .../intel/qat/qat_common/adf_gen4_hw_data.c | 3 + .../intel/qat/qat_common/adf_gen4_ras.c | 6 +- .../intel/qat/qat_common/qat_comp_algs.c | 9 - drivers/crypto/xilinx/zynqmp-aes-gcm.c | 3 + drivers/cxl/core/cdat.c | 30 +- drivers/dma/Kconfig | 14 +- drivers/dpll/dpll_core.c | 8 +- drivers/firmware/arm_scmi/smc.c | 7 + drivers/firmware/efi/libstub/x86-stub.c | 7 +- drivers/gpio/Kconfig | 3 +- drivers/gpio/gpiolib-devres.c | 2 +- drivers/gpio/gpiolib.c | 14 +- drivers/gpio/gpiolib.h | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 6 +- drivers/gpu/drm/amd/amdgpu/atom.c | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 1 + drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 23 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +- .../amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- .../amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 7 +- .../link/protocols/link_edp_panel_control.c | 3 +- .../gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 4 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 +- drivers/gpu/drm/ci/test.yml | 5 +- drivers/gpu/drm/lima/lima_gem.c | 23 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 12 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 10 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 11 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.h | 7 + .../drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 7 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_cdm.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c | 15 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.h | 1 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 8 + drivers/gpu/drm/nouveau/nouveau_bo.c | 2 + .../drm/nouveau/nvkm/subdev/devinit/r535.c | 1 - .../gpu/drm/panel/panel-boe-tv101wum-nl6.c | 2 + drivers/gpu/drm/panel/panel-edp.c | 3 +- drivers/gpu/drm/radeon/ni.c | 2 +- drivers/gpu/drm/rockchip/inno_hdmi.c | 4 +- drivers/gpu/drm/rockchip/rockchip_lvds.c | 3 +- drivers/gpu/drm/tegra/dpaux.c | 14 +- drivers/gpu/drm/tegra/dsi.c | 59 +- drivers/gpu/drm/tegra/fb.c | 1 + drivers/gpu/drm/tegra/hdmi.c | 20 +- drivers/gpu/drm/tegra/output.c | 16 +- drivers/gpu/drm/tegra/rgb.c | 18 +- drivers/gpu/drm/tests/drm_buddy_test.c | 14 +- drivers/gpu/drm/tests/drm_mm_test.c | 6 +- drivers/gpu/drm/tidss/tidss_crtc.c | 10 + drivers/gpu/drm/tidss/tidss_plane.c | 2 +- drivers/gpu/drm/vkms/vkms_composer.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 5 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/xe/Makefile | 3 +- drivers/gpu/drm/xe/tests/xe_migrate.c | 8 +- drivers/gpu/drm/xe/xe_exec.c | 41 +- drivers/gpu/drm/xe/xe_gt_pagefault.c | 10 +- drivers/gpu/drm/xe/xe_trace.h | 2 +- drivers/gpu/drm/xe/xe_vm.c | 32 +- drivers/gpu/drm/xe/xe_vm_types.h | 7 +- drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 30 +- drivers/hid/amd-sfh-hid/amd_sfh_pcie.h | 6 +- drivers/hid/hid-lenovo.c | 57 +- drivers/hv/Kconfig | 1 + drivers/hwtracing/coresight/coresight-core.c | 30 +- .../hwtracing/coresight/coresight-etm-perf.c | 2 +- .../coresight/coresight-etm4x-core.c | 10 +- drivers/hwtracing/coresight/coresight-priv.h | 2 +- drivers/hwtracing/ptt/hisi_ptt.c | 6 +- drivers/i3c/master/dw-i3c-master.c | 4 +- drivers/iio/industrialio-gts-helper.c | 15 +- drivers/iio/pressure/mprls0025pa.c | 4 +- drivers/infiniband/core/device.c | 37 +- drivers/infiniband/hw/hns/hns_roce_device.h | 17 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 16 +- drivers/infiniband/hw/irdma/verbs.c | 3 +- drivers/infiniband/hw/mana/cq.c | 29 +- drivers/infiniband/hw/mana/main.c | 82 +- drivers/infiniband/hw/mana/mana_ib.h | 27 +- drivers/infiniband/hw/mana/mr.c | 17 +- drivers/infiniband/hw/mana/qp.c | 94 +- drivers/infiniband/hw/mana/wq.c | 4 +- drivers/infiniband/ulp/rtrs/rtrs-clt-sysfs.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +- drivers/input/misc/iqs7222.c | 112 ++ drivers/iommu/Kconfig | 2 +- drivers/iommu/amd/init.c | 3 + .../iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 8 +- drivers/iommu/intel/Makefile | 2 + drivers/iommu/intel/dmar.c | 26 +- drivers/iommu/intel/iommu.c | 122 +- drivers/iommu/intel/iommu.h | 10 + drivers/iommu/intel/pasid.c | 67 + drivers/iommu/intel/pasid.h | 1 + drivers/iommu/intel/svm.c | 17 +- drivers/iommu/iommu.c | 19 +- drivers/iommu/irq_remapping.c | 3 +- drivers/leds/flash/leds-sgm3140.c | 3 + drivers/leds/leds-aw2013.c | 1 + drivers/md/dm-bufio.c | 6 +- drivers/md/dm-integrity.c | 30 +- drivers/md/dm-io.c | 23 +- drivers/md/dm-kcopyd.c | 4 +- drivers/md/dm-log.c | 4 +- drivers/md/dm-raid.c | 4 +- drivers/md/dm-raid1.c | 6 +- drivers/md/dm-snap-persistent.c | 4 +- drivers/md/dm-verity-target.c | 2 +- drivers/md/dm-writecache.c | 8 +- drivers/md/dm.c | 26 +- drivers/md/md.c | 15 +- drivers/md/md.h | 1 + drivers/md/raid1.c | 134 +- drivers/md/raid1.h | 1 + drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 52 +- drivers/media/dvb-core/dvbdev.c | 5 + drivers/media/dvb-frontends/stv0367.c | 34 +- drivers/media/i2c/imx290.c | 16 +- drivers/media/i2c/tc358743.c | 7 +- drivers/media/pci/intel/ivsc/mei_csi.c | 4 +- drivers/media/pci/ttpci/budget-av.c | 8 +- drivers/media/platform/cadence/cdns-csi2rx.c | 2 +- .../media/platform/mediatek/mdp/mtk_mdp_vpu.c | 2 +- .../vcodec/common/mtk_vcodec_fw_vpu.c | 10 +- drivers/media/platform/mediatek/vpu/mtk_vpu.c | 2 +- drivers/media/platform/mediatek/vpu/mtk_vpu.h | 2 +- .../media/platform/sunxi/sun8i-di/sun8i-di.c | 69 +- drivers/media/usb/em28xx/em28xx-cards.c | 4 + drivers/media/usb/go7007/go7007-driver.c | 8 +- drivers/media/usb/go7007/go7007-usb.c | 4 +- drivers/media/usb/pvrusb2/pvrusb2-context.c | 10 +- drivers/media/usb/pvrusb2/pvrusb2-dvb.c | 6 +- drivers/media/usb/pvrusb2/pvrusb2-v4l2.c | 11 +- drivers/media/usb/usbtv/usbtv-video.c | 7 - drivers/media/v4l2-core/v4l2-cci.c | 4 +- drivers/media/v4l2-core/v4l2-mem2mem.c | 10 +- drivers/memory/tegra/tegra234.c | 16 +- drivers/mfd/altera-sysmgr.c | 4 +- drivers/mfd/cs42l43.c | 72 +- drivers/mfd/syscon.c | 4 +- drivers/misc/mei/vsc-tp.c | 17 +- drivers/mmc/host/wmt-sdmmc.c | 4 - drivers/mtd/maps/physmap-core.c | 2 +- drivers/mtd/maps/sun_uflash.c | 2 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 12 +- drivers/mtd/nand/raw/lpc32xx_mlc.c | 5 +- drivers/mtd/nand/spi/esmt.c | 9 +- drivers/net/can/m_can/m_can.c | 23 +- drivers/net/dsa/microchip/ksz_common.c | 10 +- drivers/net/dsa/mt7530.c | 60 +- drivers/net/dsa/mt7530.h | 22 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 - .../net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 6 +- .../net/ethernet/hisilicon/hns3/hns3_dcbnl.c | 2 +- .../hisilicon/hns3/hns3pf/hclge_main.c | 5 +- .../hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 24 +- drivers/net/ethernet/intel/igb/igb_main.c | 23 +- drivers/net/ethernet/intel/igc/igc_main.c | 12 +- .../net/ethernet/marvell/octeontx2/af/cgx.c | 2 +- .../net/ethernet/marvell/octeontx2/af/mbox.c | 43 +- .../net/ethernet/marvell/octeontx2/af/mbox.h | 6 + .../marvell/octeontx2/af/mcs_rvu_if.c | 17 +- .../net/ethernet/marvell/octeontx2/af/rvu.c | 31 +- .../net/ethernet/marvell/octeontx2/af/rvu.h | 2 + .../ethernet/marvell/octeontx2/af/rvu_cgx.c | 20 +- .../marvell/octeontx2/af/rvu_devlink.c | 20 +- .../marvell/octeontx2/nic/otx2_common.c | 2 +- .../marvell/octeontx2/nic/otx2_common.h | 2 +- .../ethernet/marvell/octeontx2/nic/otx2_pf.c | 119 +- .../ethernet/marvell/octeontx2/nic/otx2_vf.c | 71 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 7 +- drivers/net/ethernet/mediatek/mtk_ppe.c | 18 +- .../ethernet/netronome/nfp/flower/lag_conf.c | 5 + .../net/ethernet/wangxun/txgbe/txgbe_phy.c | 2 +- drivers/net/phy/dp83822.c | 37 +- drivers/net/phy/phy_device.c | 6 +- drivers/net/usb/r8152.c | 2 +- drivers/net/usb/sr9800.c | 4 +- drivers/net/veth.c | 18 - drivers/net/vmxnet3/vmxnet3_xdp.c | 6 +- drivers/net/wireguard/receive.c | 6 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 + drivers/net/wireless/ath/ath11k/core.h | 1 + drivers/net/wireless/ath/ath11k/mac.c | 17 +- drivers/net/wireless/ath/ath11k/reg.c | 249 +++- drivers/net/wireless/ath/ath11k/reg.h | 11 +- drivers/net/wireless/ath/ath11k/wmi.c | 147 +- drivers/net/wireless/ath/ath11k/wmi.h | 1 + drivers/net/wireless/ath/ath12k/core.h | 2 +- drivers/net/wireless/ath/ath12k/hal.c | 6 +- drivers/net/wireless/ath/ath12k/mac.c | 4 +- drivers/net/wireless/ath/ath12k/reg.c | 4 +- drivers/net/wireless/ath/ath9k/htc.h | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_init.c | 4 + drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 4 - drivers/net/wireless/ath/ath9k/wmi.c | 10 +- drivers/net/wireless/broadcom/b43/b43.h | 16 + drivers/net/wireless/broadcom/b43/dma.c | 4 +- drivers/net/wireless/broadcom/b43/main.c | 16 +- drivers/net/wireless/broadcom/b43/pio.c | 6 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 + .../broadcom/brcm80211/brcmsmac/phy/phy_cmn.c | 3 +- .../broadcom/brcm80211/brcmsmac/phy_shim.c | 5 +- .../broadcom/brcm80211/brcmsmac/phy_shim.h | 2 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.h | 2 +- drivers/net/wireless/intel/iwlwifi/fw/pnvm.c | 30 +- .../net/wireless/intel/iwlwifi/fw/runtime.h | 2 +- .../net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 6 + .../wireless/intel/iwlwifi/iwl-nvm-parse.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 12 +- .../net/wireless/intel/iwlwifi/mvm/mac80211.c | 25 +- .../net/wireless/intel/iwlwifi/mvm/mld-key.c | 18 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 26 +- .../wireless/intel/iwlwifi/mvm/time-event.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 +- drivers/net/wireless/marvell/libertas/cmd.c | 13 +- .../net/wireless/marvell/mwifiex/debugfs.c | 3 - .../wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +- .../wireless/mediatek/mt76/mt76_connac_mcu.h | 4 + .../net/wireless/mediatek/mt76/mt7921/mcu.c | 4 +- .../net/wireless/mediatek/mt76/mt7921/pci.c | 1 + .../net/wireless/mediatek/mt76/mt7925/main.c | 26 +- .../net/wireless/mediatek/mt76/mt7925/mcu.c | 176 ++- .../net/wireless/mediatek/mt76/mt7925/mcu.h | 92 +- .../net/wireless/mediatek/mt76/mt7925/pci.c | 3 + .../wireless/mediatek/mt76/mt792x_acpi_sar.c | 26 +- .../net/wireless/mediatek/mt76/mt792x_core.c | 1 + .../net/wireless/mediatek/mt76/mt792x_dma.c | 15 +- .../net/wireless/mediatek/mt76/mt792x_regs.h | 8 + .../net/wireless/mediatek/mt76/mt7996/dma.c | 3 +- .../net/wireless/mediatek/mt76/mt7996/init.c | 7 +- .../net/wireless/mediatek/mt76/mt7996/mac.c | 76 +- .../net/wireless/mediatek/mt76/mt7996/mcu.c | 18 +- .../wireless/mediatek/mt76/mt7996/mt7996.h | 3 +- .../wireless/microchip/wilc1000/cfg80211.c | 12 +- drivers/net/wireless/microchip/wilc1000/hif.c | 40 +- .../net/wireless/microchip/wilc1000/netdev.c | 38 +- drivers/net/wireless/microchip/wilc1000/spi.c | 6 +- .../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 1 + drivers/net/wireless/realtek/rtw88/main.c | 2 - drivers/net/wireless/realtek/rtw88/phy.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8821c.c | 2 +- drivers/net/wireless/realtek/rtw88/usb.c | 40 + drivers/net/wireless/silabs/wfx/sta.c | 15 +- drivers/ntb/core.c | 8 +- drivers/nvme/host/core.c | 6 +- drivers/nvme/host/fabrics.h | 7 - drivers/nvme/host/sysfs.c | 7 +- drivers/opp/debugfs.c | 6 +- drivers/pci/controller/pcie-brcmstb.c | 2 +- drivers/pci/endpoint/functions/pci-epf-vntb.c | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/pci.h | 5 - drivers/pci/pcie/dpc.c | 2 +- drivers/pci/quirks.c | 1 + drivers/pci/switch/switchtec.c | 4 +- drivers/phy/qualcomm/Makefile | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 266 ---- drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 1195 +++++++++++++++++ drivers/pinctrl/mediatek/pinctrl-mt8186.c | 1 - drivers/pinctrl/mediatek/pinctrl-mt8192.c | 1 - drivers/pinctrl/nomadik/pinctrl-nomadik.c | 6 +- drivers/pinctrl/renesas/core.c | 4 +- drivers/pinctrl/renesas/pfc-r8a779g0.c | 14 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 20 +- drivers/platform/x86/amd/pmf/tee-if.c | 4 +- drivers/platform/x86/intel/pmc/arl.c | 2 + drivers/platform/x86/intel/pmc/lnl.c | 40 +- drivers/pmdomain/qcom/rpmhpd.c | 1 - drivers/power/supply/mm8013.c | 13 +- drivers/powercap/dtpm_cpu.c | 2 +- drivers/pwm/pwm-atmel-hlcdc.c | 2 +- drivers/pwm/pwm-dwc.c | 2 +- drivers/pwm/pwm-sti.c | 11 +- drivers/regulator/userspace-consumer.c | 1 + drivers/remoteproc/stm32_rproc.c | 6 +- drivers/rtc/Kconfig | 3 +- drivers/rtc/lib_test.c | 2 +- drivers/rtc/rtc-max31335.c | 2 +- drivers/s390/block/dasd.c | 55 +- drivers/scsi/bfa/bfa.h | 9 +- drivers/scsi/bfa/bfa_core.c | 4 +- drivers/scsi/bfa/bfa_ioc.h | 8 +- drivers/scsi/bfa/bfad_bsg.c | 11 +- drivers/scsi/csiostor/csio_defs.h | 18 +- drivers/scsi/csiostor/csio_lnode.c | 8 +- drivers/scsi/csiostor/csio_lnode.h | 13 - drivers/scsi/hisi_sas/hisi_sas_main.c | 12 +- drivers/soc/fsl/dpio/dpio-service.c | 2 +- drivers/soc/qcom/llcc-qcom.c | 2 + drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/spi-fsl-lpspi.c | 8 +- drivers/spi/spi-imx.c | 4 +- drivers/spi/spi-mem.c | 49 +- drivers/spi/spi-mt65xx.c | 22 +- drivers/spi/spi.c | 94 +- drivers/staging/greybus/light.c | 8 +- .../staging/media/imx/imx-media-csc-scaler.c | 1 + .../media/starfive/camss/stf-capture.c | 8 +- .../staging/media/sunxi/cedrus/cedrus_h265.c | 10 +- drivers/thermal/mediatek/lvts_thermal.c | 4 +- drivers/thermal/qoriq_thermal.c | 12 +- drivers/tty/mips_ejtag_fdc.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 5 +- drivers/tty/serial/max310x.c | 2 +- drivers/tty/serial/samsung_tty.c | 5 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/gadget/udc/net2272.c | 2 +- drivers/usb/host/xhci-mem.c | 2 +- drivers/usb/host/xhci-ring.c | 90 +- drivers/usb/host/xhci.c | 3 + drivers/usb/host/xhci.h | 3 +- drivers/usb/phy/phy-generic.c | 7 + drivers/vdpa/mlx5/net/mlx5_vnet.c | 13 +- drivers/vdpa/vdpa_sim/vdpa_sim.c | 3 +- drivers/video/backlight/da9052_bl.c | 1 + drivers/video/backlight/hx8357.c | 10 +- drivers/video/backlight/ktz8866.c | 6 +- drivers/video/backlight/lm3630a_bl.c | 15 +- drivers/video/backlight/lm3639_bl.c | 1 + drivers/video/backlight/lp8788_bl.c | 1 + drivers/video/fbdev/simplefb.c | 2 +- drivers/virtio/virtio_ring.c | 6 +- drivers/watchdog/starfive-wdt.c | 9 +- drivers/watchdog/stm32_iwdg.c | 3 + drivers/xen/events/events_base.c | 22 +- drivers/xen/evtchn.c | 6 + fs/afs/dir.c | 10 - fs/afs/rotate.c | 21 +- fs/afs/validation.c | 16 +- fs/btrfs/extent_io.c | 221 ++- fs/ceph/file.c | 23 +- fs/erofs/fscache.c | 15 +- fs/erofs/internal.h | 1 - fs/erofs/super.c | 30 +- fs/ext2/ext2.h | 2 +- fs/ext2/super.c | 2 +- fs/ext4/ext4.h | 2 +- fs/ext4/super.c | 2 +- fs/f2fs/checkpoint.c | 5 +- fs/f2fs/compress.c | 41 +- fs/f2fs/data.c | 36 +- fs/f2fs/dir.c | 5 +- fs/f2fs/f2fs.h | 72 +- fs/f2fs/file.c | 76 +- fs/f2fs/namei.c | 25 +- fs/f2fs/node.c | 20 +- fs/f2fs/recovery.c | 33 +- fs/f2fs/segment.c | 11 +- fs/f2fs/segment.h | 17 +- fs/f2fs/super.c | 17 +- fs/fcntl.c | 12 +- fs/fhandle.c | 2 +- fs/hfsplus/wrapper.c | 2 +- fs/iomap/buffered-io.c | 18 +- fs/jfs/jfs_incore.h | 2 +- fs/jfs/super.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 2 +- fs/nfs/fscache.c | 9 +- fs/nfs/nfs42.h | 7 +- fs/nfs/nfs4proc.c | 16 +- fs/nfs/nfsroot.c | 4 +- fs/nfs/pnfs_nfs.c | 44 +- fs/ocfs2/inode.h | 2 +- fs/ocfs2/super.c | 2 +- fs/overlayfs/copy_up.c | 6 +- fs/overlayfs/params.c | 14 +- fs/pstore/inode.c | 10 +- fs/quota/dquot.c | 159 ++- fs/reiserfs/reiserfs.h | 2 +- fs/reiserfs/super.c | 2 +- fs/select.c | 2 +- fs/smb/client/file.c | 283 ++-- include/drm/drm_fixed.h | 5 +- include/drm/drm_kunit_helpers.h | 2 + include/dt-bindings/clock/r8a779g0-cpg-mssr.h | 1 + include/linux/dm-io.h | 3 +- include/linux/f2fs_fs.h | 1 + include/linux/filter.h | 21 +- include/linux/fs.h | 11 +- include/linux/iommu.h | 1 + include/linux/moduleloader.h | 8 + include/linux/netdevice.h | 2 +- include/linux/pci.h | 5 + include/linux/poll.h | 4 - include/linux/rcupdate.h | 31 + include/linux/shmem_fs.h | 2 +- include/linux/workqueue.h | 35 +- include/media/videobuf2-core.h | 13 +- include/net/bluetooth/hci.h | 2 - include/net/bluetooth/hci_core.h | 1 + include/net/bluetooth/hci_sync.h | 2 +- include/net/bluetooth/l2cap.h | 42 - include/soc/qcom/qcom-spmi-pmic.h | 2 +- include/uapi/linux/virtio_pci.h | 10 +- init/main.c | 5 +- io_uring/io_uring.c | 116 +- io_uring/net.c | 260 ++-- io_uring/poll.c | 4 +- kernel/bpf/btf.c | 17 +- kernel/bpf/core.c | 7 +- kernel/bpf/cpumap.c | 3 + kernel/bpf/devmap.c | 11 +- kernel/bpf/hashtab.c | 14 +- kernel/bpf/helpers.c | 4 +- kernel/bpf/stackmap.c | 9 +- kernel/module/main.c | 9 +- kernel/printk/internal.h | 1 + kernel/printk/nbcon.c | 41 +- kernel/printk/printk.c | 74 +- kernel/printk/printk_ringbuffer.c | 313 ++++- kernel/printk/printk_ringbuffer.h | 38 +- kernel/rcu/tree.c | 3 + kernel/rcu/tree_exp.h | 25 +- kernel/sched/fair.c | 16 +- kernel/time/time_test.c | 2 +- kernel/time/timekeeping.c | 24 +- kernel/workqueue.c | 755 +++++++++-- lib/cmdline_kunit.c | 2 +- lib/kunit/device.c | 4 + lib/kunit/executor_test.c | 2 +- lib/memcpy_kunit.c | 4 +- lib/stackdepot.c | 16 +- lib/test_blackhole_dev.c | 3 +- mm/shmem.c | 2 +- net/bluetooth/Kconfig | 8 - net/bluetooth/Makefile | 1 - net/bluetooth/a2mp.c | 1054 --------------- net/bluetooth/a2mp.h | 154 --- net/bluetooth/af_bluetooth.c | 10 +- net/bluetooth/amp.c | 590 -------- net/bluetooth/amp.h | 60 - net/bluetooth/eir.c | 29 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_core.c | 126 +- net/bluetooth/hci_event.c | 43 +- net/bluetooth/hci_request.c | 2 +- net/bluetooth/hci_sync.c | 41 +- net/bluetooth/l2cap_core.c | 1069 +-------------- net/bluetooth/l2cap_sock.c | 18 +- net/bluetooth/mgmt.c | 97 +- net/bluetooth/msft.c | 3 + net/core/dev.c | 8 +- net/core/gso_test.c | 2 +- net/core/skbuff.c | 8 + net/core/sock_diag.c | 10 +- net/devlink/netlink.c | 13 +- net/devlink/netlink_gen.c | 2 +- net/devlink/port.c | 2 +- net/hsr/hsr_framereg.c | 4 + net/hsr/hsr_main.c | 15 +- net/ipv4/inet_diag.c | 6 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/inet_timewait_sock.c | 41 +- net/ipv4/ip_tunnel.c | 15 +- net/ipv4/ipmr.c | 4 +- net/ipv4/raw.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_minisocks.c | 4 - net/ipv4/udp.c | 4 +- net/ipv6/fib6_rules.c | 6 + net/ipv6/mcast.c | 1 - net/kcm/kcmsock.c | 3 +- net/l2tp/l2tp_ppp.c | 4 +- net/mac80211/mlme.c | 4 +- net/mctp/route.c | 3 + net/netfilter/nf_tables_api.c | 29 +- net/netfilter/nft_set_pipapo.c | 5 +- net/packet/af_packet.c | 4 +- net/rds/send.c | 5 +- net/sched/sch_taprio.c | 3 +- net/sunrpc/addr.c | 4 +- net/sunrpc/auth_gss/gss_krb5_mech.c | 11 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 27 +- net/unix/garbage.c | 2 +- net/wireless/scan.c | 161 ++- net/wireless/tests/scan.c | 36 +- net/x25/af_x25.c | 4 +- net/xfrm/xfrm_device.c | 3 +- scripts/coccinelle/api/device_attr_show.cocci | 2 +- scripts/kconfig/lexer.l | 7 +- sound/core/seq/seq_midi.c | 8 +- sound/core/seq/seq_virmidi.c | 9 +- sound/pci/hda/cs35l41_hda_property.c | 16 +- sound/pci/hda/patch_realtek.c | 63 + sound/pci/hda/tas2781_hda_i2c.c | 35 +- sound/soc/amd/acp/acp-sof-mach.c | 14 +- sound/soc/codecs/tlv320adc3xxx.c | 4 +- sound/soc/intel/boards/sof_ssp_common.h | 8 + sound/soc/meson/aiu.c | 19 +- sound/soc/meson/aiu.h | 1 - sound/soc/meson/axg-tdm-interface.c | 29 +- sound/soc/meson/t9015.c | 20 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 352 +---- sound/soc/sh/rz-ssi.c | 2 +- sound/soc/sof/amd/acp-loader.c | 34 +- sound/soc/sof/amd/acp.c | 47 +- sound/soc/sof/amd/acp.h | 7 +- sound/soc/sof/amd/vangogh.c | 9 +- sound/soc/sof/fw-file-profile.c | 18 +- sound/soc/sof/ipc3-loader.c | 2 + sound/usb/mixer_scarlett2.c | 88 +- sound/usb/stream.c | 5 +- tools/bpf/bpftool/link.c | 2 +- tools/bpf/bpftool/prog.c | 2 +- tools/bpf/resolve_btfids/main.c | 70 +- tools/include/linux/btf_ids.h | 9 + tools/lib/bpf/bpf.c | 17 + tools/lib/bpf/bpf.h | 26 +- tools/lib/bpf/btf.c | 11 +- tools/lib/bpf/libbpf.c | 25 +- tools/lib/bpf/libbpf.map | 6 +- tools/lib/bpf/libbpf_internal.h | 14 + tools/lib/bpf/linker.c | 2 +- tools/lib/bpf/netlink.c | 4 +- tools/objtool/check.c | 12 + tools/perf/Makefile.perf | 2 +- tools/perf/builtin-record.c | 7 +- .../pmu-events/arch/x86/amdzen4/cache.json | 56 + tools/perf/pmu-events/jevents.py | 4 + tools/perf/util/data.c | 2 - tools/perf/util/evsel.c | 1 - tools/perf/util/expr.c | 20 +- tools/perf/util/pmu.c | 19 +- tools/perf/util/print-events.c | 27 +- tools/perf/util/srcline.c | 2 + tools/perf/util/stat-display.c | 2 +- tools/perf/util/stat-shadow.c | 7 +- tools/perf/util/thread_map.c | 2 +- .../selftests/bpf/bpf_testmod/bpf_testmod.c | 9 + .../selftests/bpf/prog_tests/lwt_redirect.c | 1 + .../selftests/bpf/prog_tests/tc_redirect.c | 90 +- .../bpf/progs/test_global_func_ctx_args.c | 19 + .../selftests/bpf/progs/test_map_in_map.c | 26 + tools/testing/selftests/bpf/test_maps.c | 6 +- tools/testing/selftests/bpf/trace_helpers.c | 2 +- tools/testing/selftests/net/forwarding/config | 35 + .../net/forwarding/vxlan_bridge_1d_ipv6.sh | 4 +- .../net/forwarding/vxlan_bridge_1q_ipv6.sh | 4 +- 731 files changed, 8821 insertions(+), 7631 deletions(-) rename arch/arm64/boot/dts/qcom/{pm2250.dtsi => pm4125.dtsi} (91%) delete mode 100644 arch/sparc/lib/cmpdi2.c delete mode 100644 arch/sparc/lib/ucmpdi2.c create mode 100644 drivers/phy/qualcomm/phy-qcom-qmp-usbc.c delete mode 100644 net/bluetooth/a2mp.c delete mode 100644 net/bluetooth/a2mp.h delete mode 100644 net/bluetooth/amp.c delete mode 100644 net/bluetooth/amp.h -- 2.43.0

1 year, 5 months

14
739
0 0

[PATCH v3] scsi: sg: Avoid race in error handling & drop bogus warn

by Alexander Wetzel

commit 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") introduced an incorrect WARN_ON_ONCE() and missed a sequence where sg_device_destroy() was used after scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. Drop the incorrect WARN_ON_ONCE() - allowing more than one concurrent access to the sg device - and make sure sg_device_destroy() is not used after scsi_device_put() in the error handling. Link: https://lore.kernel.org/all/5375B275-D137-4D5F-BE25-6AF8ACAE41EF@linux.ibm.… Fixes: 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Wetzel <Alexander(a)wetzel-home.de> --- Changes compared to V1: fixed commit message Changes compared to V2: Fix use-after free --- drivers/scsi/sg.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 386981c6976a..baf870a03ecf 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -285,6 +285,7 @@ sg_open(struct inode *inode, struct file *filp) int dev = iminor(inode); int flags = filp->f_flags; struct request_queue *q; + struct scsi_device *device; Sg_device *sdp; Sg_fd *sfp; int retval; @@ -301,11 +302,12 @@ sg_open(struct inode *inode, struct file *filp) /* This driver's module count bumped by fops_get in <linux/fs.h> */ /* Prevent the device driver from vanishing while we sleep */ - retval = scsi_device_get(sdp->device); + device = sdp->device; + retval = scsi_device_get(device); if (retval) goto sg_put; - retval = scsi_autopm_get_device(sdp->device); + retval = scsi_autopm_get_device(device); if (retval) goto sdp_put; @@ -313,7 +315,7 @@ sg_open(struct inode *inode, struct file *filp) * check if O_NONBLOCK. Permits SCSI commands to be issued * during error recovery. Tread carefully. */ if (!((flags & O_NONBLOCK) || - scsi_block_when_processing_errors(sdp->device))) { + scsi_block_when_processing_errors(device))) { retval = -ENXIO; /* we are in error recovery for this device */ goto error_out; @@ -344,7 +346,7 @@ sg_open(struct inode *inode, struct file *filp) if (sdp->open_cnt < 1) { /* no existing opens */ sdp->sgdebug = 0; - q = sdp->device->request_queue; + q = device->request_queue; sdp->sg_tablesize = queue_max_segments(q); } sfp = sg_add_sfp(sdp); @@ -370,10 +372,11 @@ sg_open(struct inode *inode, struct file *filp) error_mutex_locked: mutex_unlock(&sdp->open_rel_lock); error_out: - scsi_autopm_put_device(sdp->device); + scsi_autopm_put_device(device); sdp_put: - scsi_device_put(sdp->device); - goto sg_put; + kref_put(&sdp->d_ref, sg_device_destroy); + scsi_device_put(device); + return retval; } /* Release resources associated with a successful sg_open() @@ -2233,7 +2236,6 @@ sg_remove_sfp_usercontext(struct work_struct *work) "sg_remove_sfp: sfp=0x%p\n", sfp)); kfree(sfp); - WARN_ON_ONCE(kref_read(&sdp->d_ref) != 1); kref_put(&sdp->d_ref, sg_device_destroy); scsi_device_put(device); module_put(THIS_MODULE); -- 2.44.0

1 year, 5 months

5
6
0 0

[PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend modes[] the same protection or by the time we use it the elements may already be pointing to freed/reused memory. Cc: stable(a)vger.kernel.org Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/drm_client_modeset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 871e4e2129d6..0683a129b362 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -777,6 +777,7 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, unsigned int total_modes_count = 0; struct drm_client_offset *offsets; unsigned int connector_count = 0; + /* points to modes protected by mode_config.mutex */ struct drm_display_mode **modes; struct drm_crtc **crtcs; int i, ret = 0; @@ -845,7 +846,6 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, drm_client_pick_crtcs(client, connectors, connector_count, crtcs, modes, 0, width, height); } - mutex_unlock(&dev->mode_config.mutex); drm_client_modeset_release(client); @@ -875,6 +875,7 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, modeset->y = offset->y; } } + mutex_unlock(&dev->mode_config.mutex); mutex_unlock(&client->modeset_mutex); out: -- 2.43.2

1 year, 5 months

3
4
0 0

Re: [PATCH] ext4: fix i_data_sem unlock order in ext4_ind_migrate()

by Mikhail Ukhin

On 04.04.2024 19:02, Ritesh Harjani (IBM) wrote: > It will be good to know what was the test which identified this though? > > -ritesh Unfortunately syzkaller was not able to generate a reproducer for this issue. - Ukhin Mikhail.

1 year, 5 months

1
0
0 0

[PATCH] scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING

by Bart Van Assche

There is code in the SCSI core that sets the SCMD_FAIL_IF_RECOVERING flag but there is no code that clears this flag. Instead of only clearing SCMD_INITIALIZED in scsi_end_request(), clear all flags. It is never necessary to preserve any command flags inside scsi_end_request(). Cc: stable(a)vger.kernel.org Fixes: 310bcaef6d7e ("scsi: core: Support failing requests while recovering") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/scsi_lib.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index ca48ba9a229a..2fc2b97777ca 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -633,10 +633,9 @@ static bool scsi_end_request(struct request *req, blk_status_t error, if (blk_queue_add_random(q)) add_disk_randomness(req->q->disk); - if (!blk_rq_is_passthrough(req)) { - WARN_ON_ONCE(!(cmd->flags & SCMD_INITIALIZED)); - cmd->flags &= ~SCMD_INITIALIZED; - } + WARN_ON_ONCE(!blk_rq_is_passthrough(req) && + !(cmd->flags & SCMD_INITIALIZED)); + cmd->flags = 0; /* * Calling rcu_barrier() is not necessary here because the

1 year, 5 months

1
1
0 0

[PATCH] ext4: fix i_data_sem unlock order in ext4_ind_migrate()

by Mikhail Ukhin

Fuzzing reports a possible deadlock in jbd2_log_wait_commit. The problem occurs in ext4_ind_migrate due to an incorrect order of unlocking of the journal and write semaphores - the order of unlocking must be the reverse of the order of locking. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> --- fs/ext4/migrate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c index d98ac2af8199..a5e1492bbaaa 100644 --- a/fs/ext4/migrate.c +++ b/fs/ext4/migrate.c @@ -663,8 +663,8 @@ int ext4_ind_migrate(struct inode *inode) if (unlikely(ret2 && !ret)) ret = ret2; errout: - ext4_journal_stop(handle); up_write(&EXT4_I(inode)->i_data_sem); + ext4_journal_stop(handle); out_unlock: ext4_writepages_up_write(inode->i_sb, alloc_ctx); return ret; -- 2.25.1

1 year, 5 months

5
4
0 0

[merged mm-hotfixes-stable] x86-mm-pat-fix-vm_pat-handling-in-cow-mappings.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: x86/mm/pat: fix VM_PAT handling in COW mappings has been removed from the -mm tree. Its filename was x86-mm-pat-fix-vm_pat-handling-in-cow-mappings.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: x86/mm/pat: fix VM_PAT handling in COW mappings Date: Wed, 3 Apr 2024 23:21:30 +0200 PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/mm/pat/memtype.c | 49 +++++++++++++++++++++++++----------- mm/memory.c | 4 ++ 2 files changed, 39 insertions(+), 14 deletions(-) --- a/arch/x86/mm/pat/memtype.c~x86-mm-pat-fix-vm_pat-handling-in-cow-mappings +++ a/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, un memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, un int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct * unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct * /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); --- a/mm/memory.c~x86-mm-pat-fix-vm_pat-handling-in-cow-mappings +++ a/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *v goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock; _ Patches currently in -mm which might be from david(a)redhat.com are mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch mm-madvise-dont-perform-madvise-vma-walk-for-madv_populate_readwrite.patch mm-userfaultfd-dont-place-zeropages-when-zeropages-are-disallowed.patch s390-mm-re-enable-the-shared-zeropage-for-pv-and-skeys-kvm-guests.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared-fix.patch selftests-memfd_secret-add-vmsplice-test.patch mm-merge-folio_is_secretmem-and-folio_fast_pin_allowed-into-gup_fast_folio_allowed.patch mm-optimize-config_per_vma_lock-member-placement-in-vm_area_struct.patch mm-remove-prot-parameter-from-move_pte.patch mm-gup-consistently-name-gup-fast-functions.patch mm-treewide-rename-config_have_fast_gup-to-config_have_gup_fast.patch mm-use-gup-fast-instead-fast-gup-in-remaining-comments.patch

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-include-stringsh-for-ffsl.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: include strings.h for ffsl has been removed from the -mm tree. Its filename was selftests-mm-include-stringsh-for-ffsl.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Edward Liaw <edliaw(a)google.com> Subject: selftests/mm: include strings.h for ffsl Date: Fri, 29 Mar 2024 18:58:10 +0000 Got a compilation error on Android for ffsl after 91b80cc5b39f ("selftests: mm: fix map_hugetlb failure on 64K page size systems") included vm_util.h. Link: https://lkml.kernel.org/r/20240329185814.16304-1-edliaw@google.com Fixes: af605d26a8f2 ("selftests/mm: merge util.h into vm_util.h") Signed-off-by: Edward Liaw <edliaw(a)google.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Mike Rapoport (IBM)" <rppt(a)kernel.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/vm_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/vm_util.h~selftests-mm-include-stringsh-for-ffsl +++ a/tools/testing/selftests/mm/vm_util.h @@ -3,7 +3,7 @@ #include <stdbool.h> #include <sys/mman.h> #include <err.h> -#include <string.h> /* ffsl() */ +#include <strings.h> /* ffsl() */ #include <unistd.h> /* _SC_PAGESIZE */ #define BIT_ULL(nr) (1ULL << (nr)) _ Patches currently in -mm which might be from edliaw(a)google.com are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/secretmem: fix GUP-fast succeeding on secretmem folios has been removed from the -mm tree. Its filename was mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/secretmem: fix GUP-fast succeeding on secretmem folios Date: Tue, 26 Mar 2024 15:32:08 +0100 folio_is_secretmem() currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or temporarily have their LRU flag cleared. Consequently, the LRU flag is unreliable for this purpose. In particular, this is the case when secretmem_fault() allocates a fresh page and calls filemap_add_folio()->folio_add_lru(). The folio might be added to the per-cpu folio batch and won't get the LRU flag set until the batch was drained using e.g., lru_add_drain(). Consequently, folio_is_secretmem() might not detect secretmem folios and GUP-fast can succeed in grabbing a secretmem folio, crashing the kernel when we would later try reading/writing to the folio, because the folio has been unmapped from the directmap. Fix it by removing that unreliable check. Link: https://lkml.kernel.org/r/20240326143210.291116-2-david@redhat.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/secretmem.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/include/linux/secretmem.h~mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios +++ a/include/linux/secretmem.h @@ -13,10 +13,10 @@ static inline bool folio_is_secretmem(st /* * Using folio_mapping() is quite slow because of the actual call * instruction. - * We know that secretmem pages are not compound and LRU so we can + * We know that secretmem pages are not compound, so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio)) return false; mapping = (struct address_space *) _ Patches currently in -mm which might be from david(a)redhat.com are mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch mm-madvise-dont-perform-madvise-vma-walk-for-madv_populate_readwrite.patch mm-userfaultfd-dont-place-zeropages-when-zeropages-are-disallowed.patch s390-mm-re-enable-the-shared-zeropage-for-pv-and-skeys-kvm-guests.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared-fix.patch selftests-memfd_secret-add-vmsplice-test.patch mm-merge-folio_is_secretmem-and-folio_fast_pin_allowed-into-gup_fast_folio_allowed.patch mm-optimize-config_per_vma_lock-member-placement-in-vm_area_struct.patch mm-remove-prot-parameter-from-move_pte.patch mm-gup-consistently-name-gup-fast-functions.patch mm-treewide-rename-config_have_fast_gup-to-config_have_gup_fast.patch mm-use-gup-fast-instead-fast-gup-in-remaining-comments.patch

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040524-stitch-resolute-ead5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040523-handling-conceded-2895@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 5 months

2
1
0 0

[PATCH] ASoC: qcom: Fix out of bounds access

by Mikhail Kobuk

Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 77d0ffef793d ("ASoC: qcom: Add macro for lpass DAI id's max limit") Cc: <stable(a)vger.kernel.org> Signed-off-by: Mikhail Kobuk <m.kobuk(a)ispras.ru> --- sound/soc/qcom/lpass.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/qcom/lpass.h b/sound/soc/qcom/lpass.h index 27a2bf9a6613..10a507c95312 100644 --- a/sound/soc/qcom/lpass.h +++ b/sound/soc/qcom/lpass.h @@ -13,10 +13,11 @@ #include <linux/platform_device.h> #include <linux/regmap.h> #include <dt-bindings/sound/qcom,lpass.h> +#include <dt-bindings/sound/qcom,q6dsp-lpass-ports.h> #include "lpass-hdmi.h" #define LPASS_AHBIX_CLOCK_FREQUENCY 131072000 -#define LPASS_MAX_PORTS (LPASS_CDC_DMA_VA_TX8 + 1) +#define LPASS_MAX_PORTS (QUINARY_MI2S_TX + 1) #define LPASS_MAX_MI2S_PORTS (8) #define LPASS_MAX_DMA_CHANNELS (8) #define LPASS_MAX_HDMI_DMA_CHANNELS (4) -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH v2 1/2] phy: tegra: xusb: Add API to retrieve the port number of phy

by Wayne Chang

This patch introduces a new API, tegra_xusb_padctl_get_port_number, to the Tegra XUSB Pad Controller driver. This API is used to identify the USB port that is associated with a given PHY. The function takes a PHY pointer for either a USB2 PHY or USB3 PHY as input and returns the corresponding port number. If the PHY pointer is invalid, it returns -ENODEV. Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- V1 -> V2:cc stable drivers/phy/tegra/xusb.c | 13 +++++++++++++ include/linux/phy/tegra/xusb.h | 1 + 2 files changed, 14 insertions(+) diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c index 142ebe0247cc..983a6e6173bd 100644 --- a/drivers/phy/tegra/xusb.c +++ b/drivers/phy/tegra/xusb.c @@ -1531,6 +1531,19 @@ int tegra_xusb_padctl_get_usb3_companion(struct tegra_xusb_padctl *padctl, } EXPORT_SYMBOL_GPL(tegra_xusb_padctl_get_usb3_companion); +int tegra_xusb_padctl_get_port_number(struct phy *phy) +{ + struct tegra_xusb_lane *lane; + + if (!phy) + return -ENODEV; + + lane = phy_get_drvdata(phy); + + return lane->index; +} +EXPORT_SYMBOL_GPL(tegra_xusb_padctl_get_port_number); + MODULE_AUTHOR("Thierry Reding <treding(a)nvidia.com>"); MODULE_DESCRIPTION("Tegra XUSB Pad Controller driver"); MODULE_LICENSE("GPL v2"); diff --git a/include/linux/phy/tegra/xusb.h b/include/linux/phy/tegra/xusb.h index 70998e6dd6fd..6ca51e0080ec 100644 --- a/include/linux/phy/tegra/xusb.h +++ b/include/linux/phy/tegra/xusb.h @@ -26,6 +26,7 @@ void tegra_phy_xusb_utmi_pad_power_down(struct phy *phy); int tegra_phy_xusb_utmi_port_reset(struct phy *phy); int tegra_xusb_padctl_get_usb3_companion(struct tegra_xusb_padctl *padctl, unsigned int port); +int tegra_xusb_padctl_get_port_number(struct phy *phy); int tegra_xusb_padctl_enable_phy_sleepwalk(struct tegra_xusb_padctl *padctl, struct phy *phy, enum usb_device_speed speed); int tegra_xusb_padctl_disable_phy_sleepwalk(struct tegra_xusb_padctl *padctl, struct phy *phy); -- 2.25.1

1 year, 5 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040522-tremor-freehand-618e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] bpf: support deferring bpf_link dealloc to after RCU grace" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040527-propeller-immovably-a6d8@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce Mon Sep 17 00:00:00 2001 From: Andrii Nakryiko <andrii(a)kernel.org> Date: Wed, 27 Mar 2024 22:24:26 -0700 Subject: [PATCH] bpf: support deferring bpf_link dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and multi-uprobes, link is used to fetch BPF cookie values. Because of this runtime dependency, when bpf_link refcnt drops to zero there could still be active BPF programs running accessing link data. This patch adds generic support to defer bpf_link dealloc callback to after RCU GP, if requested. This is done by exposing two different deallocation callbacks, one synchronous and one deferred. If deferred one is provided, bpf_link_free() will schedule dealloc_deferred() callback to happen after RCU GP. BPF is using two flavors of RCU: "classic" non-sleepable one and RCU tasks trace one. The latter is used when sleepable BPF programs are used. bpf_link_free() accommodates that by checking underlying BPF program's sleepable flag, and goes either through normal RCU GP only for non-sleepable, or through RCU tasks trace GP *and* then normal RCU GP (taking into account rcu_trace_implies_rcu_gp() optimization), if BPF program is sleepable. We use this for multi-kprobe and multi-uprobe links, which dereference link during program run. We also preventively switch raw_tp link to use deferred dealloc callback, as upcoming changes in bpf-next tree expose raw_tp link data (specifically, cookie value) to BPF program at runtime as well. Fixes: 0dcac2725406 ("bpf: Add multi kprobe link") Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Reported-by: syzbot+981935d9485a560bfbcb(a)syzkaller.appspotmail.com Reported-by: syzbot+2cb5a6c573e98db598cc(a)syzkaller.appspotmail.com Reported-by: syzbot+62d8b26793e8a2bd0516(a)syzkaller.appspotmail.com Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/r/20240328052426.3042617-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 4f20f62f9d63..890e152d553e 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1574,12 +1574,26 @@ struct bpf_link { enum bpf_link_type type; const struct bpf_link_ops *ops; struct bpf_prog *prog; - struct work_struct work; + /* rcu is used before freeing, work can be used to schedule that + * RCU-based freeing before that, so they never overlap + */ + union { + struct rcu_head rcu; + struct work_struct work; + }; }; struct bpf_link_ops { void (*release)(struct bpf_link *link); + /* deallocate link resources callback, called without RCU grace period + * waiting + */ void (*dealloc)(struct bpf_link *link); + /* deallocate link resources callback, called after RCU grace period; + * if underlying BPF program is sleepable we go through tasks trace + * RCU GP and then "classic" RCU GP + */ + void (*dealloc_deferred)(struct bpf_link *link); int (*detach)(struct bpf_link *link); int (*update_prog)(struct bpf_link *link, struct bpf_prog *new_prog, struct bpf_prog *old_prog); diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index ae2ff73bde7e..c287925471f6 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -3024,17 +3024,46 @@ void bpf_link_inc(struct bpf_link *link) atomic64_inc(&link->refcnt); } +static void bpf_link_defer_dealloc_rcu_gp(struct rcu_head *rcu) +{ + struct bpf_link *link = container_of(rcu, struct bpf_link, rcu); + + /* free bpf_link and its containing memory */ + link->ops->dealloc_deferred(link); +} + +static void bpf_link_defer_dealloc_mult_rcu_gp(struct rcu_head *rcu) +{ + if (rcu_trace_implies_rcu_gp()) + bpf_link_defer_dealloc_rcu_gp(rcu); + else + call_rcu(rcu, bpf_link_defer_dealloc_rcu_gp); +} + /* bpf_link_free is guaranteed to be called from process context */ static void bpf_link_free(struct bpf_link *link) { + bool sleepable = false; + bpf_link_free_id(link->id); if (link->prog) { + sleepable = link->prog->sleepable; /* detach BPF program, clean up used resources */ link->ops->release(link); bpf_prog_put(link->prog); } - /* free bpf_link and its containing memory */ - link->ops->dealloc(link); + if (link->ops->dealloc_deferred) { + /* schedule BPF link deallocation; if underlying BPF program + * is sleepable, we need to first wait for RCU tasks trace + * sync, then go through "classic" RCU grace period + */ + if (sleepable) + call_rcu_tasks_trace(&link->rcu, bpf_link_defer_dealloc_mult_rcu_gp); + else + call_rcu(&link->rcu, bpf_link_defer_dealloc_rcu_gp); + } + if (link->ops->dealloc) + link->ops->dealloc(link); } static void bpf_link_put_deferred(struct work_struct *work) @@ -3544,7 +3573,7 @@ static int bpf_raw_tp_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_raw_tp_link_lops = { .release = bpf_raw_tp_link_release, - .dealloc = bpf_raw_tp_link_dealloc, + .dealloc_deferred = bpf_raw_tp_link_dealloc, .show_fdinfo = bpf_raw_tp_link_show_fdinfo, .fill_link_info = bpf_raw_tp_link_fill_link_info, }; diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 0b73fe5f7206..9dc605f08a23 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2728,7 +2728,7 @@ static int bpf_kprobe_multi_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_kprobe_multi_link_lops = { .release = bpf_kprobe_multi_link_release, - .dealloc = bpf_kprobe_multi_link_dealloc, + .dealloc_deferred = bpf_kprobe_multi_link_dealloc, .fill_link_info = bpf_kprobe_multi_link_fill_link_info, }; @@ -3242,7 +3242,7 @@ static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_uprobe_multi_link_lops = { .release = bpf_uprobe_multi_link_release, - .dealloc = bpf_uprobe_multi_link_dealloc, + .dealloc_deferred = bpf_uprobe_multi_link_dealloc, .fill_link_info = bpf_uprobe_multi_link_fill_link_info, };

1 year, 5 months

4
5
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: fix dev in check_endpoint" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 40061817d95bce6dd5634a61a65cd5922e6ccc92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040506-skinny-unsuited-f487@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40061817d95bce6dd5634a61a65cd5922e6ccc92 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Fri, 29 Mar 2024 13:08:53 +0100 Subject: [PATCH] selftests: mptcp: join: fix dev in check_endpoint There's a bug in pm_nl_check_endpoint(), 'dev' didn't be parsed correctly. If calling it in the 2nd test of endpoint_tests() too, it fails with an error like this: creation [FAIL] expected '10.0.2.2 id 2 subflow dev dev' \ found '10.0.2.2 id 2 subflow dev ns2eth2' The reason is '$2' should be set to 'dev', not '$1'. This patch fixes it. Fixes: 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-2-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 5e9211e89825..e4403236f655 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -729,7 +729,7 @@ pm_nl_check_endpoint() [ -n "$_flags" ]; flags="flags $_flags" shift elif [ $1 = "dev" ]; then - [ -n "$2" ]; dev="dev $1" + [ -n "$2" ]; dev="dev $2" shift elif [ $1 = "id" ]; then _id=$2 @@ -3610,6 +3610,8 @@ endpoint_tests() local tests_pid=$! wait_mpj $ns2 + pm_nl_check_endpoint "creation" \ + $ns2 10.0.2.2 id 2 flags subflow dev ns2eth2 chk_subflow_nr "before delete" 2 chk_mptcp_info subflows 1 subflows 1

1 year, 5 months

2
1
0 0

[PATCH 8/8] accel/ivpu: Fix deadlock in context_xa

by Jacek Lawrynowicz

ivpu_device->context_xa is locked both in kernel thread and IRQ context. It requires XA_FLAGS_LOCK_IRQ flag to be passed during initialization otherwise the lock could be acquired from a thread and interrupted by an IRQ that locks it for the second time causing the deadlock. This deadlock was reported by lockdep and observed in internal tests. Fixes: 35b137630f08 ("accel/ivpu: Introduce a new DRM driver for Intel VPU") Cc: <stable(a)vger.kernel.org> # v6.3+ Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/accel/ivpu/ivpu_drv.c b/drivers/accel/ivpu/ivpu_drv.c index 77283daaedd1..51d3f1a55d02 100644 --- a/drivers/accel/ivpu/ivpu_drv.c +++ b/drivers/accel/ivpu/ivpu_drv.c @@ -517,7 +517,7 @@ static int ivpu_dev_init(struct ivpu_device *vdev) vdev->context_xa_limit.min = IVPU_USER_CONTEXT_MIN_SSID; vdev->context_xa_limit.max = IVPU_USER_CONTEXT_MAX_SSID; atomic64_set(&vdev->unique_id_counter, 0); - xa_init_flags(&vdev->context_xa, XA_FLAGS_ALLOC); + xa_init_flags(&vdev->context_xa, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ); xa_init_flags(&vdev->submitted_jobs_xa, XA_FLAGS_ALLOC1); xa_init_flags(&vdev->db_xa, XA_FLAGS_ALLOC1); lockdep_set_class(&vdev->submitted_jobs_xa.xa_lock, &submitted_jobs_xa_lock_class_key); -- 2.43.2

1 year, 5 months

2
1
0 0

[PATCH 4/8] accel/ivpu: Put NPU back to D3hot after failed resume

by Jacek Lawrynowicz

Put NPU in D3hot after ivpu_resume() fails to power up the device. This will assure that D3->D0 power cycle will be performed before the next resume and also will minimize power usage in this corner case. Fixes: 28083ff18d3f ("accel/ivpu: Fix DevTLB errors on suspend/resume and recovery") Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_pm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/accel/ivpu/ivpu_pm.c b/drivers/accel/ivpu/ivpu_pm.c index 325b82f8d971..ba51781b5896 100644 --- a/drivers/accel/ivpu/ivpu_pm.c +++ b/drivers/accel/ivpu/ivpu_pm.c @@ -97,6 +97,7 @@ static int ivpu_resume(struct ivpu_device *vdev) ivpu_mmu_disable(vdev); err_power_down: ivpu_hw_power_down(vdev); + pci_set_power_state(to_pci_dev(vdev->drm.dev), PCI_D3hot); if (!ivpu_fw_is_cold_boot(vdev)) { ivpu_pm_prepare_cold_boot(vdev); -- 2.43.2

1 year, 5 months

2
1
0 0

[PATCH 3/8] accel/ivpu: Fix PCI D0 state entry in resume

by Jacek Lawrynowicz

From: "Wachowski, Karol" <karol.wachowski(a)intel.com> In case of failed power up we end up left in PCI D3hot state making it impossible to access NPU registers on retry. Enter D0 state on retry before proceeding with power up sequence. Fixes: 28083ff18d3f ("accel/ivpu: Fix DevTLB errors on suspend/resume and recovery") Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Wachowski, Karol <karol.wachowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_pm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/accel/ivpu/ivpu_pm.c b/drivers/accel/ivpu/ivpu_pm.c index 9cbd7af6576b..325b82f8d971 100644 --- a/drivers/accel/ivpu/ivpu_pm.c +++ b/drivers/accel/ivpu/ivpu_pm.c @@ -71,10 +71,10 @@ static int ivpu_resume(struct ivpu_device *vdev) { int ret; - pci_set_power_state(to_pci_dev(vdev->drm.dev), PCI_D0); +retry: pci_restore_state(to_pci_dev(vdev->drm.dev)); + pci_set_power_state(to_pci_dev(vdev->drm.dev), PCI_D0); -retry: ret = ivpu_hw_power_up(vdev); if (ret) { ivpu_err(vdev, "Failed to power up HW: %d\n", ret); -- 2.43.2

1 year, 5 months

2
1
0 0

[PATCH 1/8] accel/ivpu: Check return code of ipc->lock init

by Jacek Lawrynowicz

From: "Wachowski, Karol" <karol.wachowski(a)intel.com> Return value of drmm_mutex_init(ipc->lock) was unchecked. Fixes: 5d7422cfb498 ("accel/ivpu: Add IPC driver and JSM messages") Cc: <stable(a)vger.kernel.org> # v6.3+ Signed-off-by: Wachowski, Karol <karol.wachowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_ipc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/accel/ivpu/ivpu_ipc.c b/drivers/accel/ivpu/ivpu_ipc.c index 04ac4b9840fb..56ff067f63e2 100644 --- a/drivers/accel/ivpu/ivpu_ipc.c +++ b/drivers/accel/ivpu/ivpu_ipc.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Copyright (C) 2020-2023 Intel Corporation + * Copyright (C) 2020-2024 Intel Corporation */ #include <linux/genalloc.h> @@ -501,7 +501,11 @@ int ivpu_ipc_init(struct ivpu_device *vdev) spin_lock_init(&ipc->cons_lock); INIT_LIST_HEAD(&ipc->cons_list); INIT_LIST_HEAD(&ipc->cb_msg_list); - drmm_mutex_init(&vdev->drm, &ipc->lock); + ret = drmm_mutex_init(&vdev->drm, &ipc->lock); + if (ret) { + ivpu_err(vdev, "Failed to initialize ipc->lock, ret %d\n", ret); + goto err_free_rx; + } ivpu_ipc_reset(vdev); return 0; -- 2.43.2

1 year, 5 months

2
1
0 0

[PATCH v2] drm/vmwgfx: Don't memcmp equivalent pointers

by Ian Forbes

These pointers are frequently the same and memcmp does not compare the pointers before comparing their contents so this was wasting cycles comparing 16 KiB of memory which will always be equal. Fixes: bb6780aa5a1d ("drm/vmwgfx: Diff cursors when using cmds") Signed-off-by: Ian Forbes <ian.forbes(a)broadcom.com> Cc: <stable(a)vger.kernel.org> # v6.2+ --- v2: Fix code and commit message formatting. -- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index cd4925346ed4..ef0af10c4968 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -216,7 +216,7 @@ static bool vmw_du_cursor_plane_has_changed(struct vmw_plane_state *old_vps, new_image = vmw_du_cursor_plane_acquire_image(new_vps); changed = false; - if (old_image && new_image) + if (old_image && new_image && old_image != new_image) changed = memcmp(old_image, new_image, size) != 0; return changed; -- 2.34.1

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040519-palpable-barrel-9103@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 5 months

2
4
0 0

[PATCH] perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> A non-0 retire latency can be observed on a Raptorlake which doesn't support the retire latency feature. By design, the retire latency shares the PERF_SAMPLE_WEIGHT_STRUCT sample type with other types of latency. That could avoid adding too many different sample types to support all kinds of latency. For the machine which doesn't support some kind of latency, 0 should be returned. Perf doesn’t clear/init all the fields of a sample data for the sake of performance. It expects the later perf_{prepare,output}_sample() to update the uninitialized field. However, the current implementation doesn't touch the field of the retire latency if the feature is not supported. The memory garbage is dumped into the perf data. Clear the retire latency if the feature is not supported. Fixes: c87a31093c70 ("perf/x86: Support Retire Latency") Reported-by: "Bayduraev, Alexey V" <alexey.v.bayduraev(a)intel.com> Tested-by: "Bayduraev, Alexey V" <alexey.v.bayduraev(a)intel.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/ds.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index f95cca6b632a..838f3e23bce9 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -1989,8 +1989,12 @@ static void setup_pebs_adaptive_sample_data(struct perf_event *event, set_linear_ip(regs, basic->ip); regs->flags = PERF_EFLAGS_EXACT; - if ((sample_type & PERF_SAMPLE_WEIGHT_STRUCT) && (x86_pmu.flags & PMU_FL_RETIRE_LATENCY)) - data->weight.var3_w = format_size >> PEBS_RETIRE_LATENCY_OFFSET & PEBS_LATENCY_MASK; + if (sample_type & PERF_SAMPLE_WEIGHT_STRUCT) { + if (x86_pmu.flags & PMU_FL_RETIRE_LATENCY) + data->weight.var3_w = format_size >> PEBS_RETIRE_LATENCY_OFFSET & PEBS_LATENCY_MASK; + else + data->weight.var3_w = 0; + } /* * The record for MEMINFO is in front of GP -- 2.35.1

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4535e1a4174c4111d92c5a9a21e542d232e0fcaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033032-confess-monument-a6db@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4535e1a4174c4111d92c5a9a21e542d232e0fcaa Mon Sep 17 00:00:00 2001 From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Date: Thu, 28 Mar 2024 13:59:05 +0100 Subject: [PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4 The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly. However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro- architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now. Reshuffle the alternative macros to accomplish that. Fixes: e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 076bf8dee702..25466c4d2134 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -14,6 +14,7 @@ #include <asm/asm.h> #include <asm/fred.h> #include <asm/gsseg.h> +#include <asm/nospec-branch.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index fc3a8a3c7ffe..170c89ed22fc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -262,11 +262,20 @@ .Lskip_rsb_\@: .endm +/* + * The CALL to srso_alias_untrain_ret() must be patched in directly at + * the spot where untraining must be done, ie., srso_alias_untrain_ret() + * must be the target of a CALL instruction instead of indirectly + * jumping to a wrapper which then calls it. Therefore, this macro is + * called outside of __UNTRAIN_RET below, for the time being, before the + * kernel can support nested alternatives with arbitrary nesting. + */ +.macro CALL_UNTRAIN_RET #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) -#define CALL_UNTRAIN_RET "call entry_untrain_ret" -#else -#define CALL_UNTRAIN_RET "" + ALTERNATIVE_2 "", "call entry_untrain_ret", X86_FEATURE_UNRET, \ + "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS #endif +.endm /* * Mitigate RETBleed for AMD/Hygon Zen uarch. Requires KERNEL CR3 because the @@ -282,8 +291,8 @@ .macro __UNTRAIN_RET ibpb_feature, call_depth_insns #if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY) VALIDATE_UNRET_END - ALTERNATIVE_3 "", \ - CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \ + CALL_UNTRAIN_RET + ALTERNATIVE_2 "", \ "call entry_ibpb", \ibpb_feature, \ __stringify(\call_depth_insns), X86_FEATURE_CALL_DEPTH #endif @@ -342,6 +351,8 @@ extern void retbleed_return_thunk(void); static inline void retbleed_return_thunk(void) {} #endif +extern void srso_alias_untrain_ret(void); + #ifdef CONFIG_MITIGATION_SRSO extern void srso_return_thunk(void); extern void srso_alias_return_thunk(void); diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 721b528da9ac..02cde194a99e 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -163,6 +163,7 @@ SYM_CODE_START_NOALIGN(srso_alias_untrain_ret) lfence jmp srso_alias_return_thunk SYM_FUNC_END(srso_alias_untrain_ret) +__EXPORT_THUNK(srso_alias_untrain_ret) .popsection .pushsection .text..__x86.rethunk_safe @@ -224,10 +225,12 @@ SYM_CODE_START(srso_return_thunk) SYM_CODE_END(srso_return_thunk) #define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret" #else /* !CONFIG_MITIGATION_SRSO */ +/* Dummy for the alternative in CALL_UNTRAIN_RET. */ +SYM_CODE_START(srso_alias_untrain_ret) + RET +SYM_FUNC_END(srso_alias_untrain_ret) #define JMP_SRSO_UNTRAIN_RET "ud2" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2" #endif /* CONFIG_MITIGATION_SRSO */ #ifdef CONFIG_MITIGATION_UNRET_ENTRY @@ -319,9 +322,7 @@ SYM_FUNC_END(retbleed_untrain_ret) #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) SYM_FUNC_START(entry_untrain_ret) - ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \ - JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO, \ - JMP_SRSO_ALIAS_UNTRAIN_RET, X86_FEATURE_SRSO_ALIAS + ALTERNATIVE JMP_RETBLEED_UNTRAIN_RET, JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO SYM_FUNC_END(entry_untrain_ret) __EXPORT_THUNK(entry_untrain_ret)

1 year, 5 months

2
2
0 0

[PATCH] x86/mm/ident_map: Use full gbpages in identity maps except on UV platform.

by Steve Wahl

Some systems have ACPI tables that don't include everything that needs to be mapped for a successful kexec. These systems rely on identity maps that include the full gigabyte surrounding any smaller region requested for kexec success. Without this, they fail to kexec and end up doing a full firmware reboot. So, reduce the use of GB pages only on systems where this is known to be necessary (specifically, UV systems). Signed-off-by: Steve Wahl <steve.wahl(a)hpe.com> Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") Reported-by: Pavin Joseph <me(a)pavinjoseph.com> Closes: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Tested-by: Pavin Joseph <me(a)pavinjoseph.com> Tested-by: Eric Hagberg <ehagberg(a)gmail.com> Tested-by: Sarah Brofeldt <srhb(a)dbc.dk> --- arch/x86/include/asm/init.h | 1 + arch/x86/kernel/machine_kexec_64.c | 3 +++ arch/x86/mm/ident_map.c | 13 +++++++------ 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/init.h b/arch/x86/include/asm/init.h index cc9ccf61b6bd..4ae843e8fefb 100644 --- a/arch/x86/include/asm/init.h +++ b/arch/x86/include/asm/init.h @@ -10,6 +10,7 @@ struct x86_mapping_info { unsigned long page_flag; /* page flag for PMD or PUD entry */ unsigned long offset; /* ident mapping offset */ bool direct_gbpages; /* PUD level 1GB page support */ + bool direct_gbpages_always; /* use 1GB pages exclusively */ unsigned long kernpg_flag; /* kernel pagetable flag override */ }; diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index b180d8e497c3..1e1c6633bbec 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -28,6 +28,7 @@ #include <asm/setup.h> #include <asm/set_memory.h> #include <asm/cpu.h> +#include <asm/uv/uv.h> #ifdef CONFIG_ACPI /* @@ -212,6 +213,8 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable) if (direct_gbpages) info.direct_gbpages = true; + if (!is_uv_system()) + info.direct_gbpages_always = true; for (i = 0; i < nr_pfn_mapped; i++) { mstart = pfn_mapped[i].start << PAGE_SHIFT; diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..8039498b9713 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -39,12 +39,13 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, /* Is using a gbpage allowed? */ use_gbpage = info->direct_gbpages; - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - + if (!info->direct_gbpages_always) { + /* Don't use gbpage if it maps more than the requested region. */ + /* at the beginning: */ + use_gbpage &= ((addr & ~PUD_MASK) == 0); + /* ... or at the end: */ + use_gbpage &= ((next & ~PUD_MASK) == 0); + } /* Never overwrite existing mappings */ use_gbpage &= !pud_present(*pud); -- 2.26.2

1 year, 5 months

8
28
0 0

FAILED: patch "[PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040512-graves-stipend-babf@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 Mon Sep 17 00:00:00 2001 From: Duoming Zhou <duoming(a)zju.edu.cn> Date: Fri, 29 Mar 2024 09:50:23 +0800 Subject: [PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Duoming Zhou <duoming(a)zju.edu.cn> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://lore.kernel.org/r/20240329015023.9223-1-duoming@zju.edu.cn Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c index c5462486dbca..282ec581c072 100644 --- a/net/ax25/ax25_dev.c +++ b/net/ax25/ax25_dev.c @@ -105,7 +105,7 @@ void ax25_dev_device_down(struct net_device *dev) spin_lock_bh(&ax25_dev_lock); #ifdef CONFIG_AX25_DAMA_SLAVE - ax25_ds_del_timer(ax25_dev); + timer_shutdown_sync(&ax25_dev->dama.slave_timer); #endif /*

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040511-chamber-yelp-2ec9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 Mon Sep 17 00:00:00 2001 From: Duoming Zhou <duoming(a)zju.edu.cn> Date: Fri, 29 Mar 2024 09:50:23 +0800 Subject: [PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Duoming Zhou <duoming(a)zju.edu.cn> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://lore.kernel.org/r/20240329015023.9223-1-duoming@zju.edu.cn Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c index c5462486dbca..282ec581c072 100644 --- a/net/ax25/ax25_dev.c +++ b/net/ax25/ax25_dev.c @@ -105,7 +105,7 @@ void ax25_dev_device_down(struct net_device *dev) spin_lock_bh(&ax25_dev_lock); #ifdef CONFIG_AX25_DAMA_SLAVE - ax25_ds_del_timer(ax25_dev); + timer_shutdown_sync(&ax25_dev->dama.slave_timer); #endif /*

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040509-monetize-joyride-107c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 Mon Sep 17 00:00:00 2001 From: Duoming Zhou <duoming(a)zju.edu.cn> Date: Fri, 29 Mar 2024 09:50:23 +0800 Subject: [PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Duoming Zhou <duoming(a)zju.edu.cn> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://lore.kernel.org/r/20240329015023.9223-1-duoming@zju.edu.cn Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c index c5462486dbca..282ec581c072 100644 --- a/net/ax25/ax25_dev.c +++ b/net/ax25/ax25_dev.c @@ -105,7 +105,7 @@ void ax25_dev_device_down(struct net_device *dev) spin_lock_bh(&ax25_dev_lock); #ifdef CONFIG_AX25_DAMA_SLAVE - ax25_ds_del_timer(ax25_dev); + timer_shutdown_sync(&ax25_dev->dama.slave_timer); #endif /*

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040506-earmark-skydiver-ab1c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 Mon Sep 17 00:00:00 2001 From: Duoming Zhou <duoming(a)zju.edu.cn> Date: Fri, 29 Mar 2024 09:50:23 +0800 Subject: [PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Duoming Zhou <duoming(a)zju.edu.cn> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://lore.kernel.org/r/20240329015023.9223-1-duoming@zju.edu.cn Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c index c5462486dbca..282ec581c072 100644 --- a/net/ax25/ax25_dev.c +++ b/net/ax25/ax25_dev.c @@ -105,7 +105,7 @@ void ax25_dev_device_down(struct net_device *dev) spin_lock_bh(&ax25_dev_lock); #ifdef CONFIG_AX25_DAMA_SLAVE - ax25_ds_del_timer(ax25_dev); + timer_shutdown_sync(&ax25_dev->dama.slave_timer); #endif /*

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040503-tropical-fascism-219c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd819ad3ecf6f3c232a06b27423ce9ed8c20da89 Mon Sep 17 00:00:00 2001 From: Duoming Zhou <duoming(a)zju.edu.cn> Date: Fri, 29 Mar 2024 09:50:23 +0800 Subject: [PATCH] ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Duoming Zhou <duoming(a)zju.edu.cn> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://lore.kernel.org/r/20240329015023.9223-1-duoming@zju.edu.cn Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c index c5462486dbca..282ec581c072 100644 --- a/net/ax25/ax25_dev.c +++ b/net/ax25/ax25_dev.c @@ -105,7 +105,7 @@ void ax25_dev_device_down(struct net_device *dev) spin_lock_bh(&ax25_dev_lock); #ifdef CONFIG_AX25_DAMA_SLAVE - ax25_ds_del_timer(ax25_dev); + timer_shutdown_sync(&ax25_dev->dama.slave_timer); #endif /*

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] i40e: Enforce software interrupt during busy-poll exit" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ea558de7238bb12c3435c47f0631e9d17bf4a09f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040510-impose-yonder-1ce4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea558de7238bb12c3435c47f0631e9d17bf4a09f Mon Sep 17 00:00:00 2001 From: Ivan Vecera <ivecera(a)redhat.com> Date: Sat, 16 Mar 2024 12:38:29 +0100 Subject: [PATCH] i40e: Enforce software interrupt during busy-poll exit As for ice bug fixed by commit b7306b42beaf ("ice: manage interrupts during poll exit") followed by commit 23be7075b318 ("ice: fix software generating extra interrupts") I'm seeing the similar issue also with i40e driver. In certain situation when busy-loop is enabled together with adaptive coalescing, the driver occasionally misses that there are outstanding descriptors to clean when exiting busy poll. Try to catch the remaining work by triggering a software interrupt when exiting busy poll. No extra interrupts will be generated when busy polling is not used. The issue was found when running sockperf ping-pong tcp test with adaptive coalescing and busy poll enabled (50 as value busy_pool and busy_read sysctl knobs) and results in huge latency spikes with more than 100000us. The fix is inspired from the ice driver and do the following: 1) During napi poll exit in case of busy-poll (napo_complete_done() returns false) this is recorded to q_vector that we were in busy loop. 2) Extends i40e_buildreg_itr() to be able to add an enforced software interrupt into built value 2) In i40e_update_enable_itr() enforces a software interrupt trigger if we are exiting busy poll to catch any pending clean-ups 3) Reuses unused 3rd ITR (interrupt throttle) index and set it to 20K interrupts per second to limit the number of these sw interrupts. Test results ============ Prior: [root@dell-per640-07 net]# sockperf ping-pong -i 10.9.9.1 --tcp -m 1000 --mps=max -t 120 sockperf: == version #3.10-no.git == sockperf[CLIENT] send on:sockperf: using recvfrom() to block on socket(s) [ 0] IP = 10.9.9.1 PORT = 11111 # TCP sockperf: Warmup stage (sending a few dummy messages)... sockperf: Starting test... sockperf: Test end (interrupted by timer) sockperf: Test ended sockperf: [Total Run] RunTime=119.999 sec; Warm up time=400 msec; SentMessages=2438563; ReceivedMessages=2438562 sockperf: ========= Printing statistics for Server No: 0 sockperf: [Valid Duration] RunTime=119.549 sec; SentMessages=2429473; ReceivedMessages=2429473 sockperf: ====> avg-latency=24.571 (std-dev=93.297, mean-ad=4.904, median-ad=1.510, siqr=1.063, cv=3.797, std-error=0.060, 99.0% ci=[24.417, 24.725]) sockperf: # dropped messages = 0; # duplicated messages = 0; # out-of-order messages = 0 sockperf: Summary: Latency is 24.571 usec sockperf: Total 2429473 observations; each percentile contains 24294.73 observations sockperf: ---> <MAX> observation = 103294.331 sockperf: ---> percentile 99.999 = 45.633 sockperf: ---> percentile 99.990 = 37.013 sockperf: ---> percentile 99.900 = 35.910 sockperf: ---> percentile 99.000 = 33.390 sockperf: ---> percentile 90.000 = 28.626 sockperf: ---> percentile 75.000 = 27.741 sockperf: ---> percentile 50.000 = 26.743 sockperf: ---> percentile 25.000 = 25.614 sockperf: ---> <MIN> observation = 12.220 After: [root@dell-per640-07 net]# sockperf ping-pong -i 10.9.9.1 --tcp -m 1000 --mps=max -t 120 sockperf: == version #3.10-no.git == sockperf[CLIENT] send on:sockperf: using recvfrom() to block on socket(s) [ 0] IP = 10.9.9.1 PORT = 11111 # TCP sockperf: Warmup stage (sending a few dummy messages)... sockperf: Starting test... sockperf: Test end (interrupted by timer) sockperf: Test ended sockperf: [Total Run] RunTime=119.999 sec; Warm up time=400 msec; SentMessages=2400055; ReceivedMessages=2400054 sockperf: ========= Printing statistics for Server No: 0 sockperf: [Valid Duration] RunTime=119.549 sec; SentMessages=2391186; ReceivedMessages=2391186 sockperf: ====> avg-latency=24.965 (std-dev=5.934, mean-ad=4.642, median-ad=1.485, siqr=1.067, cv=0.238, std-error=0.004, 99.0% ci=[24.955, 24.975]) sockperf: # dropped messages = 0; # duplicated messages = 0; # out-of-order messages = 0 sockperf: Summary: Latency is 24.965 usec sockperf: Total 2391186 observations; each percentile contains 23911.86 observations sockperf: ---> <MAX> observation = 195.841 sockperf: ---> percentile 99.999 = 45.026 sockperf: ---> percentile 99.990 = 39.009 sockperf: ---> percentile 99.900 = 35.922 sockperf: ---> percentile 99.000 = 33.482 sockperf: ---> percentile 90.000 = 28.902 sockperf: ---> percentile 75.000 = 27.821 sockperf: ---> percentile 50.000 = 26.860 sockperf: ---> percentile 25.000 = 25.685 sockperf: ---> <MIN> observation = 12.277 Fixes: 0bcd952feec7 ("ethernet/intel: consolidate NAPI and NAPI exit") Reported-by: Hugo Ferreira <hferreir(a)redhat.com> Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com> Signed-off-by: Ivan Vecera <ivecera(a)redhat.com> Reviewed-by: Jesse Brandeburg <jesse.brandeburg(a)intel.com> Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha(a)intel.com> (A Contingent worker at Intel) Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/i40e/i40e.h b/drivers/net/ethernet/intel/i40e/i40e.h index ba24f3fa92c3..2fbabcdb5bb5 100644 --- a/drivers/net/ethernet/intel/i40e/i40e.h +++ b/drivers/net/ethernet/intel/i40e/i40e.h @@ -955,6 +955,7 @@ struct i40e_q_vector { struct rcu_head rcu; /* to avoid race with update stats on free */ char name[I40E_INT_NAME_STR_LEN]; bool arm_wb_state; + bool in_busy_poll; int irq_num; /* IRQ assigned to this q_vector */ } ____cacheline_internodealigned_in_smp; diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index f86578857e8a..6576a0081093 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -3911,6 +3911,12 @@ static void i40e_vsi_configure_msix(struct i40e_vsi *vsi) q_vector->tx.target_itr >> 1); q_vector->tx.current_itr = q_vector->tx.target_itr; + /* Set ITR for software interrupts triggered after exiting + * busy-loop polling. + */ + wr32(hw, I40E_PFINT_ITRN(I40E_SW_ITR, vector - 1), + I40E_ITR_20K); + wr32(hw, I40E_PFINT_RATEN(vector - 1), i40e_intrl_usec_to_reg(vsi->int_rate_limit)); diff --git a/drivers/net/ethernet/intel/i40e/i40e_register.h b/drivers/net/ethernet/intel/i40e/i40e_register.h index 14ab642cafdb..432afbb64201 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_register.h +++ b/drivers/net/ethernet/intel/i40e/i40e_register.h @@ -333,8 +333,11 @@ #define I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT 3 #define I40E_PFINT_DYN_CTLN_ITR_INDX_MASK I40E_MASK(0x3, I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT) #define I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT 5 +#define I40E_PFINT_DYN_CTLN_INTERVAL_MASK I40E_MASK(0xFFF, I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT) #define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_SHIFT 24 #define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_MASK I40E_MASK(0x1, I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_SHIFT) +#define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_SHIFT 25 +#define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_MASK I40E_MASK(0x3, I40E_PFINT_DYN_CTLN_SW_ITR_INDX_SHIFT) #define I40E_PFINT_ICR0 0x00038780 /* Reset: CORER */ #define I40E_PFINT_ICR0_INTEVENT_SHIFT 0 #define I40E_PFINT_ICR0_INTEVENT_MASK I40E_MASK(0x1, I40E_PFINT_ICR0_INTEVENT_SHIFT) diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.c b/drivers/net/ethernet/intel/i40e/i40e_txrx.c index 0d7177083708..1a12b732818e 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.c +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.c @@ -2630,7 +2630,22 @@ static int i40e_clean_rx_irq(struct i40e_ring *rx_ring, int budget, return failure ? budget : (int)total_rx_packets; } -static inline u32 i40e_buildreg_itr(const int type, u16 itr) +/** + * i40e_buildreg_itr - build a value for writing to I40E_PFINT_DYN_CTLN register + * @itr_idx: interrupt throttling index + * @interval: interrupt throttling interval value in usecs + * @force_swint: force software interrupt + * + * The function builds a value for I40E_PFINT_DYN_CTLN register that + * is used to update interrupt throttling interval for specified ITR index + * and optionally enforces a software interrupt. If the @itr_idx is equal + * to I40E_ITR_NONE then no interval change is applied and only @force_swint + * parameter is taken into account. If the interval change and enforced + * software interrupt are not requested then the built value just enables + * appropriate vector interrupt. + **/ +static u32 i40e_buildreg_itr(enum i40e_dyn_idx itr_idx, u16 interval, + bool force_swint) { u32 val; @@ -2644,23 +2659,33 @@ static inline u32 i40e_buildreg_itr(const int type, u16 itr) * an event in the PBA anyway so we need to rely on the automask * to hold pending events for us until the interrupt is re-enabled * - * The itr value is reported in microseconds, and the register - * value is recorded in 2 microsecond units. For this reason we - * only need to shift by the interval shift - 1 instead of the - * full value. + * We have to shift the given value as it is reported in microseconds + * and the register value is recorded in 2 microsecond units. */ - itr &= I40E_ITR_MASK; + interval >>= 1; + /* 1. Enable vector interrupt + * 2. Update the interval for the specified ITR index + * (I40E_ITR_NONE in the register is used to indicate that + * no interval update is requested) + */ val = I40E_PFINT_DYN_CTLN_INTENA_MASK | - (type << I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT) | - (itr << (I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT - 1)); + FIELD_PREP(I40E_PFINT_DYN_CTLN_ITR_INDX_MASK, itr_idx) | + FIELD_PREP(I40E_PFINT_DYN_CTLN_INTERVAL_MASK, interval); + + /* 3. Enforce software interrupt trigger if requested + * (These software interrupts rate is limited by ITR2 that is + * set to 20K interrupts per second) + */ + if (force_swint) + val |= I40E_PFINT_DYN_CTLN_SWINT_TRIG_MASK | + I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_MASK | + FIELD_PREP(I40E_PFINT_DYN_CTLN_SW_ITR_INDX_MASK, + I40E_SW_ITR); return val; } -/* a small macro to shorten up some long lines */ -#define INTREG I40E_PFINT_DYN_CTLN - /* The act of updating the ITR will cause it to immediately trigger. In order * to prevent this from throwing off adaptive update statistics we defer the * update so that it can only happen so often. So after either Tx or Rx are @@ -2679,8 +2704,10 @@ static inline u32 i40e_buildreg_itr(const int type, u16 itr) static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, struct i40e_q_vector *q_vector) { + enum i40e_dyn_idx itr_idx = I40E_ITR_NONE; struct i40e_hw *hw = &vsi->back->hw; - u32 intval; + u16 interval = 0; + u32 itr_val; /* If we don't have MSIX, then we only need to re-enable icr0 */ if (!test_bit(I40E_FLAG_MSIX_ENA, vsi->back->flags)) { @@ -2702,8 +2729,8 @@ static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, */ if (q_vector->rx.target_itr < q_vector->rx.current_itr) { /* Rx ITR needs to be reduced, this is highest priority */ - intval = i40e_buildreg_itr(I40E_RX_ITR, - q_vector->rx.target_itr); + itr_idx = I40E_RX_ITR; + interval = q_vector->rx.target_itr; q_vector->rx.current_itr = q_vector->rx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else if ((q_vector->tx.target_itr < q_vector->tx.current_itr) || @@ -2712,25 +2739,36 @@ static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, /* Tx ITR needs to be reduced, this is second priority * Tx ITR needs to be increased more than Rx, fourth priority */ - intval = i40e_buildreg_itr(I40E_TX_ITR, - q_vector->tx.target_itr); + itr_idx = I40E_TX_ITR; + interval = q_vector->tx.target_itr; q_vector->tx.current_itr = q_vector->tx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else if (q_vector->rx.current_itr != q_vector->rx.target_itr) { /* Rx ITR needs to be increased, third priority */ - intval = i40e_buildreg_itr(I40E_RX_ITR, - q_vector->rx.target_itr); + itr_idx = I40E_RX_ITR; + interval = q_vector->rx.target_itr; q_vector->rx.current_itr = q_vector->rx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else { /* No ITR update, lowest priority */ - intval = i40e_buildreg_itr(I40E_ITR_NONE, 0); if (q_vector->itr_countdown) q_vector->itr_countdown--; } - if (!test_bit(__I40E_VSI_DOWN, vsi->state)) - wr32(hw, INTREG(q_vector->reg_idx), intval); + /* Do not update interrupt control register if VSI is down */ + if (test_bit(__I40E_VSI_DOWN, vsi->state)) + return; + + /* Update ITR interval if necessary and enforce software interrupt + * if we are exiting busy poll. + */ + if (q_vector->in_busy_poll) { + itr_val = i40e_buildreg_itr(itr_idx, interval, true); + q_vector->in_busy_poll = false; + } else { + itr_val = i40e_buildreg_itr(itr_idx, interval, false); + } + wr32(hw, I40E_PFINT_DYN_CTLN(q_vector->reg_idx), itr_val); } /** @@ -2845,6 +2883,8 @@ int i40e_napi_poll(struct napi_struct *napi, int budget) */ if (likely(napi_complete_done(napi, work_done))) i40e_update_enable_itr(vsi, q_vector); + else + q_vector->in_busy_poll = true; return min(work_done, budget - 1); } diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.h b/drivers/net/ethernet/intel/i40e/i40e_txrx.h index abf15067eb5d..2cdc7de6301c 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.h +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.h @@ -68,6 +68,7 @@ enum i40e_dyn_idx { /* these are indexes into ITRN registers */ #define I40E_RX_ITR I40E_IDX_ITR0 #define I40E_TX_ITR I40E_IDX_ITR1 +#define I40E_SW_ITR I40E_IDX_ITR2 /* Supported RSS offloads */ #define I40E_DEFAULT_RSS_HENA ( \

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] i40e: Enforce software interrupt during busy-poll exit" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ea558de7238bb12c3435c47f0631e9d17bf4a09f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040507-email-pried-bb87@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea558de7238bb12c3435c47f0631e9d17bf4a09f Mon Sep 17 00:00:00 2001 From: Ivan Vecera <ivecera(a)redhat.com> Date: Sat, 16 Mar 2024 12:38:29 +0100 Subject: [PATCH] i40e: Enforce software interrupt during busy-poll exit As for ice bug fixed by commit b7306b42beaf ("ice: manage interrupts during poll exit") followed by commit 23be7075b318 ("ice: fix software generating extra interrupts") I'm seeing the similar issue also with i40e driver. In certain situation when busy-loop is enabled together with adaptive coalescing, the driver occasionally misses that there are outstanding descriptors to clean when exiting busy poll. Try to catch the remaining work by triggering a software interrupt when exiting busy poll. No extra interrupts will be generated when busy polling is not used. The issue was found when running sockperf ping-pong tcp test with adaptive coalescing and busy poll enabled (50 as value busy_pool and busy_read sysctl knobs) and results in huge latency spikes with more than 100000us. The fix is inspired from the ice driver and do the following: 1) During napi poll exit in case of busy-poll (napo_complete_done() returns false) this is recorded to q_vector that we were in busy loop. 2) Extends i40e_buildreg_itr() to be able to add an enforced software interrupt into built value 2) In i40e_update_enable_itr() enforces a software interrupt trigger if we are exiting busy poll to catch any pending clean-ups 3) Reuses unused 3rd ITR (interrupt throttle) index and set it to 20K interrupts per second to limit the number of these sw interrupts. Test results ============ Prior: [root@dell-per640-07 net]# sockperf ping-pong -i 10.9.9.1 --tcp -m 1000 --mps=max -t 120 sockperf: == version #3.10-no.git == sockperf[CLIENT] send on:sockperf: using recvfrom() to block on socket(s) [ 0] IP = 10.9.9.1 PORT = 11111 # TCP sockperf: Warmup stage (sending a few dummy messages)... sockperf: Starting test... sockperf: Test end (interrupted by timer) sockperf: Test ended sockperf: [Total Run] RunTime=119.999 sec; Warm up time=400 msec; SentMessages=2438563; ReceivedMessages=2438562 sockperf: ========= Printing statistics for Server No: 0 sockperf: [Valid Duration] RunTime=119.549 sec; SentMessages=2429473; ReceivedMessages=2429473 sockperf: ====> avg-latency=24.571 (std-dev=93.297, mean-ad=4.904, median-ad=1.510, siqr=1.063, cv=3.797, std-error=0.060, 99.0% ci=[24.417, 24.725]) sockperf: # dropped messages = 0; # duplicated messages = 0; # out-of-order messages = 0 sockperf: Summary: Latency is 24.571 usec sockperf: Total 2429473 observations; each percentile contains 24294.73 observations sockperf: ---> <MAX> observation = 103294.331 sockperf: ---> percentile 99.999 = 45.633 sockperf: ---> percentile 99.990 = 37.013 sockperf: ---> percentile 99.900 = 35.910 sockperf: ---> percentile 99.000 = 33.390 sockperf: ---> percentile 90.000 = 28.626 sockperf: ---> percentile 75.000 = 27.741 sockperf: ---> percentile 50.000 = 26.743 sockperf: ---> percentile 25.000 = 25.614 sockperf: ---> <MIN> observation = 12.220 After: [root@dell-per640-07 net]# sockperf ping-pong -i 10.9.9.1 --tcp -m 1000 --mps=max -t 120 sockperf: == version #3.10-no.git == sockperf[CLIENT] send on:sockperf: using recvfrom() to block on socket(s) [ 0] IP = 10.9.9.1 PORT = 11111 # TCP sockperf: Warmup stage (sending a few dummy messages)... sockperf: Starting test... sockperf: Test end (interrupted by timer) sockperf: Test ended sockperf: [Total Run] RunTime=119.999 sec; Warm up time=400 msec; SentMessages=2400055; ReceivedMessages=2400054 sockperf: ========= Printing statistics for Server No: 0 sockperf: [Valid Duration] RunTime=119.549 sec; SentMessages=2391186; ReceivedMessages=2391186 sockperf: ====> avg-latency=24.965 (std-dev=5.934, mean-ad=4.642, median-ad=1.485, siqr=1.067, cv=0.238, std-error=0.004, 99.0% ci=[24.955, 24.975]) sockperf: # dropped messages = 0; # duplicated messages = 0; # out-of-order messages = 0 sockperf: Summary: Latency is 24.965 usec sockperf: Total 2391186 observations; each percentile contains 23911.86 observations sockperf: ---> <MAX> observation = 195.841 sockperf: ---> percentile 99.999 = 45.026 sockperf: ---> percentile 99.990 = 39.009 sockperf: ---> percentile 99.900 = 35.922 sockperf: ---> percentile 99.000 = 33.482 sockperf: ---> percentile 90.000 = 28.902 sockperf: ---> percentile 75.000 = 27.821 sockperf: ---> percentile 50.000 = 26.860 sockperf: ---> percentile 25.000 = 25.685 sockperf: ---> <MIN> observation = 12.277 Fixes: 0bcd952feec7 ("ethernet/intel: consolidate NAPI and NAPI exit") Reported-by: Hugo Ferreira <hferreir(a)redhat.com> Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com> Signed-off-by: Ivan Vecera <ivecera(a)redhat.com> Reviewed-by: Jesse Brandeburg <jesse.brandeburg(a)intel.com> Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha(a)intel.com> (A Contingent worker at Intel) Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/i40e/i40e.h b/drivers/net/ethernet/intel/i40e/i40e.h index ba24f3fa92c3..2fbabcdb5bb5 100644 --- a/drivers/net/ethernet/intel/i40e/i40e.h +++ b/drivers/net/ethernet/intel/i40e/i40e.h @@ -955,6 +955,7 @@ struct i40e_q_vector { struct rcu_head rcu; /* to avoid race with update stats on free */ char name[I40E_INT_NAME_STR_LEN]; bool arm_wb_state; + bool in_busy_poll; int irq_num; /* IRQ assigned to this q_vector */ } ____cacheline_internodealigned_in_smp; diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index f86578857e8a..6576a0081093 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -3911,6 +3911,12 @@ static void i40e_vsi_configure_msix(struct i40e_vsi *vsi) q_vector->tx.target_itr >> 1); q_vector->tx.current_itr = q_vector->tx.target_itr; + /* Set ITR for software interrupts triggered after exiting + * busy-loop polling. + */ + wr32(hw, I40E_PFINT_ITRN(I40E_SW_ITR, vector - 1), + I40E_ITR_20K); + wr32(hw, I40E_PFINT_RATEN(vector - 1), i40e_intrl_usec_to_reg(vsi->int_rate_limit)); diff --git a/drivers/net/ethernet/intel/i40e/i40e_register.h b/drivers/net/ethernet/intel/i40e/i40e_register.h index 14ab642cafdb..432afbb64201 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_register.h +++ b/drivers/net/ethernet/intel/i40e/i40e_register.h @@ -333,8 +333,11 @@ #define I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT 3 #define I40E_PFINT_DYN_CTLN_ITR_INDX_MASK I40E_MASK(0x3, I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT) #define I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT 5 +#define I40E_PFINT_DYN_CTLN_INTERVAL_MASK I40E_MASK(0xFFF, I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT) #define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_SHIFT 24 #define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_MASK I40E_MASK(0x1, I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_SHIFT) +#define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_SHIFT 25 +#define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_MASK I40E_MASK(0x3, I40E_PFINT_DYN_CTLN_SW_ITR_INDX_SHIFT) #define I40E_PFINT_ICR0 0x00038780 /* Reset: CORER */ #define I40E_PFINT_ICR0_INTEVENT_SHIFT 0 #define I40E_PFINT_ICR0_INTEVENT_MASK I40E_MASK(0x1, I40E_PFINT_ICR0_INTEVENT_SHIFT) diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.c b/drivers/net/ethernet/intel/i40e/i40e_txrx.c index 0d7177083708..1a12b732818e 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.c +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.c @@ -2630,7 +2630,22 @@ static int i40e_clean_rx_irq(struct i40e_ring *rx_ring, int budget, return failure ? budget : (int)total_rx_packets; } -static inline u32 i40e_buildreg_itr(const int type, u16 itr) +/** + * i40e_buildreg_itr - build a value for writing to I40E_PFINT_DYN_CTLN register + * @itr_idx: interrupt throttling index + * @interval: interrupt throttling interval value in usecs + * @force_swint: force software interrupt + * + * The function builds a value for I40E_PFINT_DYN_CTLN register that + * is used to update interrupt throttling interval for specified ITR index + * and optionally enforces a software interrupt. If the @itr_idx is equal + * to I40E_ITR_NONE then no interval change is applied and only @force_swint + * parameter is taken into account. If the interval change and enforced + * software interrupt are not requested then the built value just enables + * appropriate vector interrupt. + **/ +static u32 i40e_buildreg_itr(enum i40e_dyn_idx itr_idx, u16 interval, + bool force_swint) { u32 val; @@ -2644,23 +2659,33 @@ static inline u32 i40e_buildreg_itr(const int type, u16 itr) * an event in the PBA anyway so we need to rely on the automask * to hold pending events for us until the interrupt is re-enabled * - * The itr value is reported in microseconds, and the register - * value is recorded in 2 microsecond units. For this reason we - * only need to shift by the interval shift - 1 instead of the - * full value. + * We have to shift the given value as it is reported in microseconds + * and the register value is recorded in 2 microsecond units. */ - itr &= I40E_ITR_MASK; + interval >>= 1; + /* 1. Enable vector interrupt + * 2. Update the interval for the specified ITR index + * (I40E_ITR_NONE in the register is used to indicate that + * no interval update is requested) + */ val = I40E_PFINT_DYN_CTLN_INTENA_MASK | - (type << I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT) | - (itr << (I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT - 1)); + FIELD_PREP(I40E_PFINT_DYN_CTLN_ITR_INDX_MASK, itr_idx) | + FIELD_PREP(I40E_PFINT_DYN_CTLN_INTERVAL_MASK, interval); + + /* 3. Enforce software interrupt trigger if requested + * (These software interrupts rate is limited by ITR2 that is + * set to 20K interrupts per second) + */ + if (force_swint) + val |= I40E_PFINT_DYN_CTLN_SWINT_TRIG_MASK | + I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_MASK | + FIELD_PREP(I40E_PFINT_DYN_CTLN_SW_ITR_INDX_MASK, + I40E_SW_ITR); return val; } -/* a small macro to shorten up some long lines */ -#define INTREG I40E_PFINT_DYN_CTLN - /* The act of updating the ITR will cause it to immediately trigger. In order * to prevent this from throwing off adaptive update statistics we defer the * update so that it can only happen so often. So after either Tx or Rx are @@ -2679,8 +2704,10 @@ static inline u32 i40e_buildreg_itr(const int type, u16 itr) static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, struct i40e_q_vector *q_vector) { + enum i40e_dyn_idx itr_idx = I40E_ITR_NONE; struct i40e_hw *hw = &vsi->back->hw; - u32 intval; + u16 interval = 0; + u32 itr_val; /* If we don't have MSIX, then we only need to re-enable icr0 */ if (!test_bit(I40E_FLAG_MSIX_ENA, vsi->back->flags)) { @@ -2702,8 +2729,8 @@ static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, */ if (q_vector->rx.target_itr < q_vector->rx.current_itr) { /* Rx ITR needs to be reduced, this is highest priority */ - intval = i40e_buildreg_itr(I40E_RX_ITR, - q_vector->rx.target_itr); + itr_idx = I40E_RX_ITR; + interval = q_vector->rx.target_itr; q_vector->rx.current_itr = q_vector->rx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else if ((q_vector->tx.target_itr < q_vector->tx.current_itr) || @@ -2712,25 +2739,36 @@ static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, /* Tx ITR needs to be reduced, this is second priority * Tx ITR needs to be increased more than Rx, fourth priority */ - intval = i40e_buildreg_itr(I40E_TX_ITR, - q_vector->tx.target_itr); + itr_idx = I40E_TX_ITR; + interval = q_vector->tx.target_itr; q_vector->tx.current_itr = q_vector->tx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else if (q_vector->rx.current_itr != q_vector->rx.target_itr) { /* Rx ITR needs to be increased, third priority */ - intval = i40e_buildreg_itr(I40E_RX_ITR, - q_vector->rx.target_itr); + itr_idx = I40E_RX_ITR; + interval = q_vector->rx.target_itr; q_vector->rx.current_itr = q_vector->rx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else { /* No ITR update, lowest priority */ - intval = i40e_buildreg_itr(I40E_ITR_NONE, 0); if (q_vector->itr_countdown) q_vector->itr_countdown--; } - if (!test_bit(__I40E_VSI_DOWN, vsi->state)) - wr32(hw, INTREG(q_vector->reg_idx), intval); + /* Do not update interrupt control register if VSI is down */ + if (test_bit(__I40E_VSI_DOWN, vsi->state)) + return; + + /* Update ITR interval if necessary and enforce software interrupt + * if we are exiting busy poll. + */ + if (q_vector->in_busy_poll) { + itr_val = i40e_buildreg_itr(itr_idx, interval, true); + q_vector->in_busy_poll = false; + } else { + itr_val = i40e_buildreg_itr(itr_idx, interval, false); + } + wr32(hw, I40E_PFINT_DYN_CTLN(q_vector->reg_idx), itr_val); } /** @@ -2845,6 +2883,8 @@ int i40e_napi_poll(struct napi_struct *napi, int budget) */ if (likely(napi_complete_done(napi, work_done))) i40e_update_enable_itr(vsi, q_vector); + else + q_vector->in_busy_poll = true; return min(work_done, budget - 1); } diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.h b/drivers/net/ethernet/intel/i40e/i40e_txrx.h index abf15067eb5d..2cdc7de6301c 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.h +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.h @@ -68,6 +68,7 @@ enum i40e_dyn_idx { /* these are indexes into ITRN registers */ #define I40E_RX_ITR I40E_IDX_ITR0 #define I40E_TX_ITR I40E_IDX_ITR1 +#define I40E_SW_ITR I40E_IDX_ITR2 /* Supported RSS offloads */ #define I40E_DEFAULT_RSS_HENA ( \

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] i40e: Enforce software interrupt during busy-poll exit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ea558de7238bb12c3435c47f0631e9d17bf4a09f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040504-iron-respect-9ff0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea558de7238bb12c3435c47f0631e9d17bf4a09f Mon Sep 17 00:00:00 2001 From: Ivan Vecera <ivecera(a)redhat.com> Date: Sat, 16 Mar 2024 12:38:29 +0100 Subject: [PATCH] i40e: Enforce software interrupt during busy-poll exit As for ice bug fixed by commit b7306b42beaf ("ice: manage interrupts during poll exit") followed by commit 23be7075b318 ("ice: fix software generating extra interrupts") I'm seeing the similar issue also with i40e driver. In certain situation when busy-loop is enabled together with adaptive coalescing, the driver occasionally misses that there are outstanding descriptors to clean when exiting busy poll. Try to catch the remaining work by triggering a software interrupt when exiting busy poll. No extra interrupts will be generated when busy polling is not used. The issue was found when running sockperf ping-pong tcp test with adaptive coalescing and busy poll enabled (50 as value busy_pool and busy_read sysctl knobs) and results in huge latency spikes with more than 100000us. The fix is inspired from the ice driver and do the following: 1) During napi poll exit in case of busy-poll (napo_complete_done() returns false) this is recorded to q_vector that we were in busy loop. 2) Extends i40e_buildreg_itr() to be able to add an enforced software interrupt into built value 2) In i40e_update_enable_itr() enforces a software interrupt trigger if we are exiting busy poll to catch any pending clean-ups 3) Reuses unused 3rd ITR (interrupt throttle) index and set it to 20K interrupts per second to limit the number of these sw interrupts. Test results ============ Prior: [root@dell-per640-07 net]# sockperf ping-pong -i 10.9.9.1 --tcp -m 1000 --mps=max -t 120 sockperf: == version #3.10-no.git == sockperf[CLIENT] send on:sockperf: using recvfrom() to block on socket(s) [ 0] IP = 10.9.9.1 PORT = 11111 # TCP sockperf: Warmup stage (sending a few dummy messages)... sockperf: Starting test... sockperf: Test end (interrupted by timer) sockperf: Test ended sockperf: [Total Run] RunTime=119.999 sec; Warm up time=400 msec; SentMessages=2438563; ReceivedMessages=2438562 sockperf: ========= Printing statistics for Server No: 0 sockperf: [Valid Duration] RunTime=119.549 sec; SentMessages=2429473; ReceivedMessages=2429473 sockperf: ====> avg-latency=24.571 (std-dev=93.297, mean-ad=4.904, median-ad=1.510, siqr=1.063, cv=3.797, std-error=0.060, 99.0% ci=[24.417, 24.725]) sockperf: # dropped messages = 0; # duplicated messages = 0; # out-of-order messages = 0 sockperf: Summary: Latency is 24.571 usec sockperf: Total 2429473 observations; each percentile contains 24294.73 observations sockperf: ---> <MAX> observation = 103294.331 sockperf: ---> percentile 99.999 = 45.633 sockperf: ---> percentile 99.990 = 37.013 sockperf: ---> percentile 99.900 = 35.910 sockperf: ---> percentile 99.000 = 33.390 sockperf: ---> percentile 90.000 = 28.626 sockperf: ---> percentile 75.000 = 27.741 sockperf: ---> percentile 50.000 = 26.743 sockperf: ---> percentile 25.000 = 25.614 sockperf: ---> <MIN> observation = 12.220 After: [root@dell-per640-07 net]# sockperf ping-pong -i 10.9.9.1 --tcp -m 1000 --mps=max -t 120 sockperf: == version #3.10-no.git == sockperf[CLIENT] send on:sockperf: using recvfrom() to block on socket(s) [ 0] IP = 10.9.9.1 PORT = 11111 # TCP sockperf: Warmup stage (sending a few dummy messages)... sockperf: Starting test... sockperf: Test end (interrupted by timer) sockperf: Test ended sockperf: [Total Run] RunTime=119.999 sec; Warm up time=400 msec; SentMessages=2400055; ReceivedMessages=2400054 sockperf: ========= Printing statistics for Server No: 0 sockperf: [Valid Duration] RunTime=119.549 sec; SentMessages=2391186; ReceivedMessages=2391186 sockperf: ====> avg-latency=24.965 (std-dev=5.934, mean-ad=4.642, median-ad=1.485, siqr=1.067, cv=0.238, std-error=0.004, 99.0% ci=[24.955, 24.975]) sockperf: # dropped messages = 0; # duplicated messages = 0; # out-of-order messages = 0 sockperf: Summary: Latency is 24.965 usec sockperf: Total 2391186 observations; each percentile contains 23911.86 observations sockperf: ---> <MAX> observation = 195.841 sockperf: ---> percentile 99.999 = 45.026 sockperf: ---> percentile 99.990 = 39.009 sockperf: ---> percentile 99.900 = 35.922 sockperf: ---> percentile 99.000 = 33.482 sockperf: ---> percentile 90.000 = 28.902 sockperf: ---> percentile 75.000 = 27.821 sockperf: ---> percentile 50.000 = 26.860 sockperf: ---> percentile 25.000 = 25.685 sockperf: ---> <MIN> observation = 12.277 Fixes: 0bcd952feec7 ("ethernet/intel: consolidate NAPI and NAPI exit") Reported-by: Hugo Ferreira <hferreir(a)redhat.com> Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com> Signed-off-by: Ivan Vecera <ivecera(a)redhat.com> Reviewed-by: Jesse Brandeburg <jesse.brandeburg(a)intel.com> Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha(a)intel.com> (A Contingent worker at Intel) Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/i40e/i40e.h b/drivers/net/ethernet/intel/i40e/i40e.h index ba24f3fa92c3..2fbabcdb5bb5 100644 --- a/drivers/net/ethernet/intel/i40e/i40e.h +++ b/drivers/net/ethernet/intel/i40e/i40e.h @@ -955,6 +955,7 @@ struct i40e_q_vector { struct rcu_head rcu; /* to avoid race with update stats on free */ char name[I40E_INT_NAME_STR_LEN]; bool arm_wb_state; + bool in_busy_poll; int irq_num; /* IRQ assigned to this q_vector */ } ____cacheline_internodealigned_in_smp; diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index f86578857e8a..6576a0081093 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -3911,6 +3911,12 @@ static void i40e_vsi_configure_msix(struct i40e_vsi *vsi) q_vector->tx.target_itr >> 1); q_vector->tx.current_itr = q_vector->tx.target_itr; + /* Set ITR for software interrupts triggered after exiting + * busy-loop polling. + */ + wr32(hw, I40E_PFINT_ITRN(I40E_SW_ITR, vector - 1), + I40E_ITR_20K); + wr32(hw, I40E_PFINT_RATEN(vector - 1), i40e_intrl_usec_to_reg(vsi->int_rate_limit)); diff --git a/drivers/net/ethernet/intel/i40e/i40e_register.h b/drivers/net/ethernet/intel/i40e/i40e_register.h index 14ab642cafdb..432afbb64201 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_register.h +++ b/drivers/net/ethernet/intel/i40e/i40e_register.h @@ -333,8 +333,11 @@ #define I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT 3 #define I40E_PFINT_DYN_CTLN_ITR_INDX_MASK I40E_MASK(0x3, I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT) #define I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT 5 +#define I40E_PFINT_DYN_CTLN_INTERVAL_MASK I40E_MASK(0xFFF, I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT) #define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_SHIFT 24 #define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_MASK I40E_MASK(0x1, I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_SHIFT) +#define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_SHIFT 25 +#define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_MASK I40E_MASK(0x3, I40E_PFINT_DYN_CTLN_SW_ITR_INDX_SHIFT) #define I40E_PFINT_ICR0 0x00038780 /* Reset: CORER */ #define I40E_PFINT_ICR0_INTEVENT_SHIFT 0 #define I40E_PFINT_ICR0_INTEVENT_MASK I40E_MASK(0x1, I40E_PFINT_ICR0_INTEVENT_SHIFT) diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.c b/drivers/net/ethernet/intel/i40e/i40e_txrx.c index 0d7177083708..1a12b732818e 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.c +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.c @@ -2630,7 +2630,22 @@ static int i40e_clean_rx_irq(struct i40e_ring *rx_ring, int budget, return failure ? budget : (int)total_rx_packets; } -static inline u32 i40e_buildreg_itr(const int type, u16 itr) +/** + * i40e_buildreg_itr - build a value for writing to I40E_PFINT_DYN_CTLN register + * @itr_idx: interrupt throttling index + * @interval: interrupt throttling interval value in usecs + * @force_swint: force software interrupt + * + * The function builds a value for I40E_PFINT_DYN_CTLN register that + * is used to update interrupt throttling interval for specified ITR index + * and optionally enforces a software interrupt. If the @itr_idx is equal + * to I40E_ITR_NONE then no interval change is applied and only @force_swint + * parameter is taken into account. If the interval change and enforced + * software interrupt are not requested then the built value just enables + * appropriate vector interrupt. + **/ +static u32 i40e_buildreg_itr(enum i40e_dyn_idx itr_idx, u16 interval, + bool force_swint) { u32 val; @@ -2644,23 +2659,33 @@ static inline u32 i40e_buildreg_itr(const int type, u16 itr) * an event in the PBA anyway so we need to rely on the automask * to hold pending events for us until the interrupt is re-enabled * - * The itr value is reported in microseconds, and the register - * value is recorded in 2 microsecond units. For this reason we - * only need to shift by the interval shift - 1 instead of the - * full value. + * We have to shift the given value as it is reported in microseconds + * and the register value is recorded in 2 microsecond units. */ - itr &= I40E_ITR_MASK; + interval >>= 1; + /* 1. Enable vector interrupt + * 2. Update the interval for the specified ITR index + * (I40E_ITR_NONE in the register is used to indicate that + * no interval update is requested) + */ val = I40E_PFINT_DYN_CTLN_INTENA_MASK | - (type << I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT) | - (itr << (I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT - 1)); + FIELD_PREP(I40E_PFINT_DYN_CTLN_ITR_INDX_MASK, itr_idx) | + FIELD_PREP(I40E_PFINT_DYN_CTLN_INTERVAL_MASK, interval); + + /* 3. Enforce software interrupt trigger if requested + * (These software interrupts rate is limited by ITR2 that is + * set to 20K interrupts per second) + */ + if (force_swint) + val |= I40E_PFINT_DYN_CTLN_SWINT_TRIG_MASK | + I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_MASK | + FIELD_PREP(I40E_PFINT_DYN_CTLN_SW_ITR_INDX_MASK, + I40E_SW_ITR); return val; } -/* a small macro to shorten up some long lines */ -#define INTREG I40E_PFINT_DYN_CTLN - /* The act of updating the ITR will cause it to immediately trigger. In order * to prevent this from throwing off adaptive update statistics we defer the * update so that it can only happen so often. So after either Tx or Rx are @@ -2679,8 +2704,10 @@ static inline u32 i40e_buildreg_itr(const int type, u16 itr) static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, struct i40e_q_vector *q_vector) { + enum i40e_dyn_idx itr_idx = I40E_ITR_NONE; struct i40e_hw *hw = &vsi->back->hw; - u32 intval; + u16 interval = 0; + u32 itr_val; /* If we don't have MSIX, then we only need to re-enable icr0 */ if (!test_bit(I40E_FLAG_MSIX_ENA, vsi->back->flags)) { @@ -2702,8 +2729,8 @@ static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, */ if (q_vector->rx.target_itr < q_vector->rx.current_itr) { /* Rx ITR needs to be reduced, this is highest priority */ - intval = i40e_buildreg_itr(I40E_RX_ITR, - q_vector->rx.target_itr); + itr_idx = I40E_RX_ITR; + interval = q_vector->rx.target_itr; q_vector->rx.current_itr = q_vector->rx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else if ((q_vector->tx.target_itr < q_vector->tx.current_itr) || @@ -2712,25 +2739,36 @@ static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, /* Tx ITR needs to be reduced, this is second priority * Tx ITR needs to be increased more than Rx, fourth priority */ - intval = i40e_buildreg_itr(I40E_TX_ITR, - q_vector->tx.target_itr); + itr_idx = I40E_TX_ITR; + interval = q_vector->tx.target_itr; q_vector->tx.current_itr = q_vector->tx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else if (q_vector->rx.current_itr != q_vector->rx.target_itr) { /* Rx ITR needs to be increased, third priority */ - intval = i40e_buildreg_itr(I40E_RX_ITR, - q_vector->rx.target_itr); + itr_idx = I40E_RX_ITR; + interval = q_vector->rx.target_itr; q_vector->rx.current_itr = q_vector->rx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else { /* No ITR update, lowest priority */ - intval = i40e_buildreg_itr(I40E_ITR_NONE, 0); if (q_vector->itr_countdown) q_vector->itr_countdown--; } - if (!test_bit(__I40E_VSI_DOWN, vsi->state)) - wr32(hw, INTREG(q_vector->reg_idx), intval); + /* Do not update interrupt control register if VSI is down */ + if (test_bit(__I40E_VSI_DOWN, vsi->state)) + return; + + /* Update ITR interval if necessary and enforce software interrupt + * if we are exiting busy poll. + */ + if (q_vector->in_busy_poll) { + itr_val = i40e_buildreg_itr(itr_idx, interval, true); + q_vector->in_busy_poll = false; + } else { + itr_val = i40e_buildreg_itr(itr_idx, interval, false); + } + wr32(hw, I40E_PFINT_DYN_CTLN(q_vector->reg_idx), itr_val); } /** @@ -2845,6 +2883,8 @@ int i40e_napi_poll(struct napi_struct *napi, int budget) */ if (likely(napi_complete_done(napi, work_done))) i40e_update_enable_itr(vsi, q_vector); + else + q_vector->in_busy_poll = true; return min(work_done, budget - 1); } diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.h b/drivers/net/ethernet/intel/i40e/i40e_txrx.h index abf15067eb5d..2cdc7de6301c 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.h +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.h @@ -68,6 +68,7 @@ enum i40e_dyn_idx { /* these are indexes into ITRN registers */ #define I40E_RX_ITR I40E_IDX_ITR0 #define I40E_TX_ITR I40E_IDX_ITR1 +#define I40E_SW_ITR I40E_IDX_ITR2 /* Supported RSS offloads */ #define I40E_DEFAULT_RSS_HENA ( \

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] i40e: Enforce software interrupt during busy-poll exit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ea558de7238bb12c3435c47f0631e9d17bf4a09f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040500-scalping-relatable-1383@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea558de7238bb12c3435c47f0631e9d17bf4a09f Mon Sep 17 00:00:00 2001 From: Ivan Vecera <ivecera(a)redhat.com> Date: Sat, 16 Mar 2024 12:38:29 +0100 Subject: [PATCH] i40e: Enforce software interrupt during busy-poll exit As for ice bug fixed by commit b7306b42beaf ("ice: manage interrupts during poll exit") followed by commit 23be7075b318 ("ice: fix software generating extra interrupts") I'm seeing the similar issue also with i40e driver. In certain situation when busy-loop is enabled together with adaptive coalescing, the driver occasionally misses that there are outstanding descriptors to clean when exiting busy poll. Try to catch the remaining work by triggering a software interrupt when exiting busy poll. No extra interrupts will be generated when busy polling is not used. The issue was found when running sockperf ping-pong tcp test with adaptive coalescing and busy poll enabled (50 as value busy_pool and busy_read sysctl knobs) and results in huge latency spikes with more than 100000us. The fix is inspired from the ice driver and do the following: 1) During napi poll exit in case of busy-poll (napo_complete_done() returns false) this is recorded to q_vector that we were in busy loop. 2) Extends i40e_buildreg_itr() to be able to add an enforced software interrupt into built value 2) In i40e_update_enable_itr() enforces a software interrupt trigger if we are exiting busy poll to catch any pending clean-ups 3) Reuses unused 3rd ITR (interrupt throttle) index and set it to 20K interrupts per second to limit the number of these sw interrupts. Test results ============ Prior: [root@dell-per640-07 net]# sockperf ping-pong -i 10.9.9.1 --tcp -m 1000 --mps=max -t 120 sockperf: == version #3.10-no.git == sockperf[CLIENT] send on:sockperf: using recvfrom() to block on socket(s) [ 0] IP = 10.9.9.1 PORT = 11111 # TCP sockperf: Warmup stage (sending a few dummy messages)... sockperf: Starting test... sockperf: Test end (interrupted by timer) sockperf: Test ended sockperf: [Total Run] RunTime=119.999 sec; Warm up time=400 msec; SentMessages=2438563; ReceivedMessages=2438562 sockperf: ========= Printing statistics for Server No: 0 sockperf: [Valid Duration] RunTime=119.549 sec; SentMessages=2429473; ReceivedMessages=2429473 sockperf: ====> avg-latency=24.571 (std-dev=93.297, mean-ad=4.904, median-ad=1.510, siqr=1.063, cv=3.797, std-error=0.060, 99.0% ci=[24.417, 24.725]) sockperf: # dropped messages = 0; # duplicated messages = 0; # out-of-order messages = 0 sockperf: Summary: Latency is 24.571 usec sockperf: Total 2429473 observations; each percentile contains 24294.73 observations sockperf: ---> <MAX> observation = 103294.331 sockperf: ---> percentile 99.999 = 45.633 sockperf: ---> percentile 99.990 = 37.013 sockperf: ---> percentile 99.900 = 35.910 sockperf: ---> percentile 99.000 = 33.390 sockperf: ---> percentile 90.000 = 28.626 sockperf: ---> percentile 75.000 = 27.741 sockperf: ---> percentile 50.000 = 26.743 sockperf: ---> percentile 25.000 = 25.614 sockperf: ---> <MIN> observation = 12.220 After: [root@dell-per640-07 net]# sockperf ping-pong -i 10.9.9.1 --tcp -m 1000 --mps=max -t 120 sockperf: == version #3.10-no.git == sockperf[CLIENT] send on:sockperf: using recvfrom() to block on socket(s) [ 0] IP = 10.9.9.1 PORT = 11111 # TCP sockperf: Warmup stage (sending a few dummy messages)... sockperf: Starting test... sockperf: Test end (interrupted by timer) sockperf: Test ended sockperf: [Total Run] RunTime=119.999 sec; Warm up time=400 msec; SentMessages=2400055; ReceivedMessages=2400054 sockperf: ========= Printing statistics for Server No: 0 sockperf: [Valid Duration] RunTime=119.549 sec; SentMessages=2391186; ReceivedMessages=2391186 sockperf: ====> avg-latency=24.965 (std-dev=5.934, mean-ad=4.642, median-ad=1.485, siqr=1.067, cv=0.238, std-error=0.004, 99.0% ci=[24.955, 24.975]) sockperf: # dropped messages = 0; # duplicated messages = 0; # out-of-order messages = 0 sockperf: Summary: Latency is 24.965 usec sockperf: Total 2391186 observations; each percentile contains 23911.86 observations sockperf: ---> <MAX> observation = 195.841 sockperf: ---> percentile 99.999 = 45.026 sockperf: ---> percentile 99.990 = 39.009 sockperf: ---> percentile 99.900 = 35.922 sockperf: ---> percentile 99.000 = 33.482 sockperf: ---> percentile 90.000 = 28.902 sockperf: ---> percentile 75.000 = 27.821 sockperf: ---> percentile 50.000 = 26.860 sockperf: ---> percentile 25.000 = 25.685 sockperf: ---> <MIN> observation = 12.277 Fixes: 0bcd952feec7 ("ethernet/intel: consolidate NAPI and NAPI exit") Reported-by: Hugo Ferreira <hferreir(a)redhat.com> Reviewed-by: Michal Schmidt <mschmidt(a)redhat.com> Signed-off-by: Ivan Vecera <ivecera(a)redhat.com> Reviewed-by: Jesse Brandeburg <jesse.brandeburg(a)intel.com> Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha(a)intel.com> (A Contingent worker at Intel) Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/i40e/i40e.h b/drivers/net/ethernet/intel/i40e/i40e.h index ba24f3fa92c3..2fbabcdb5bb5 100644 --- a/drivers/net/ethernet/intel/i40e/i40e.h +++ b/drivers/net/ethernet/intel/i40e/i40e.h @@ -955,6 +955,7 @@ struct i40e_q_vector { struct rcu_head rcu; /* to avoid race with update stats on free */ char name[I40E_INT_NAME_STR_LEN]; bool arm_wb_state; + bool in_busy_poll; int irq_num; /* IRQ assigned to this q_vector */ } ____cacheline_internodealigned_in_smp; diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index f86578857e8a..6576a0081093 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -3911,6 +3911,12 @@ static void i40e_vsi_configure_msix(struct i40e_vsi *vsi) q_vector->tx.target_itr >> 1); q_vector->tx.current_itr = q_vector->tx.target_itr; + /* Set ITR for software interrupts triggered after exiting + * busy-loop polling. + */ + wr32(hw, I40E_PFINT_ITRN(I40E_SW_ITR, vector - 1), + I40E_ITR_20K); + wr32(hw, I40E_PFINT_RATEN(vector - 1), i40e_intrl_usec_to_reg(vsi->int_rate_limit)); diff --git a/drivers/net/ethernet/intel/i40e/i40e_register.h b/drivers/net/ethernet/intel/i40e/i40e_register.h index 14ab642cafdb..432afbb64201 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_register.h +++ b/drivers/net/ethernet/intel/i40e/i40e_register.h @@ -333,8 +333,11 @@ #define I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT 3 #define I40E_PFINT_DYN_CTLN_ITR_INDX_MASK I40E_MASK(0x3, I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT) #define I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT 5 +#define I40E_PFINT_DYN_CTLN_INTERVAL_MASK I40E_MASK(0xFFF, I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT) #define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_SHIFT 24 #define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_MASK I40E_MASK(0x1, I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_SHIFT) +#define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_SHIFT 25 +#define I40E_PFINT_DYN_CTLN_SW_ITR_INDX_MASK I40E_MASK(0x3, I40E_PFINT_DYN_CTLN_SW_ITR_INDX_SHIFT) #define I40E_PFINT_ICR0 0x00038780 /* Reset: CORER */ #define I40E_PFINT_ICR0_INTEVENT_SHIFT 0 #define I40E_PFINT_ICR0_INTEVENT_MASK I40E_MASK(0x1, I40E_PFINT_ICR0_INTEVENT_SHIFT) diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.c b/drivers/net/ethernet/intel/i40e/i40e_txrx.c index 0d7177083708..1a12b732818e 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.c +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.c @@ -2630,7 +2630,22 @@ static int i40e_clean_rx_irq(struct i40e_ring *rx_ring, int budget, return failure ? budget : (int)total_rx_packets; } -static inline u32 i40e_buildreg_itr(const int type, u16 itr) +/** + * i40e_buildreg_itr - build a value for writing to I40E_PFINT_DYN_CTLN register + * @itr_idx: interrupt throttling index + * @interval: interrupt throttling interval value in usecs + * @force_swint: force software interrupt + * + * The function builds a value for I40E_PFINT_DYN_CTLN register that + * is used to update interrupt throttling interval for specified ITR index + * and optionally enforces a software interrupt. If the @itr_idx is equal + * to I40E_ITR_NONE then no interval change is applied and only @force_swint + * parameter is taken into account. If the interval change and enforced + * software interrupt are not requested then the built value just enables + * appropriate vector interrupt. + **/ +static u32 i40e_buildreg_itr(enum i40e_dyn_idx itr_idx, u16 interval, + bool force_swint) { u32 val; @@ -2644,23 +2659,33 @@ static inline u32 i40e_buildreg_itr(const int type, u16 itr) * an event in the PBA anyway so we need to rely on the automask * to hold pending events for us until the interrupt is re-enabled * - * The itr value is reported in microseconds, and the register - * value is recorded in 2 microsecond units. For this reason we - * only need to shift by the interval shift - 1 instead of the - * full value. + * We have to shift the given value as it is reported in microseconds + * and the register value is recorded in 2 microsecond units. */ - itr &= I40E_ITR_MASK; + interval >>= 1; + /* 1. Enable vector interrupt + * 2. Update the interval for the specified ITR index + * (I40E_ITR_NONE in the register is used to indicate that + * no interval update is requested) + */ val = I40E_PFINT_DYN_CTLN_INTENA_MASK | - (type << I40E_PFINT_DYN_CTLN_ITR_INDX_SHIFT) | - (itr << (I40E_PFINT_DYN_CTLN_INTERVAL_SHIFT - 1)); + FIELD_PREP(I40E_PFINT_DYN_CTLN_ITR_INDX_MASK, itr_idx) | + FIELD_PREP(I40E_PFINT_DYN_CTLN_INTERVAL_MASK, interval); + + /* 3. Enforce software interrupt trigger if requested + * (These software interrupts rate is limited by ITR2 that is + * set to 20K interrupts per second) + */ + if (force_swint) + val |= I40E_PFINT_DYN_CTLN_SWINT_TRIG_MASK | + I40E_PFINT_DYN_CTLN_SW_ITR_INDX_ENA_MASK | + FIELD_PREP(I40E_PFINT_DYN_CTLN_SW_ITR_INDX_MASK, + I40E_SW_ITR); return val; } -/* a small macro to shorten up some long lines */ -#define INTREG I40E_PFINT_DYN_CTLN - /* The act of updating the ITR will cause it to immediately trigger. In order * to prevent this from throwing off adaptive update statistics we defer the * update so that it can only happen so often. So after either Tx or Rx are @@ -2679,8 +2704,10 @@ static inline u32 i40e_buildreg_itr(const int type, u16 itr) static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, struct i40e_q_vector *q_vector) { + enum i40e_dyn_idx itr_idx = I40E_ITR_NONE; struct i40e_hw *hw = &vsi->back->hw; - u32 intval; + u16 interval = 0; + u32 itr_val; /* If we don't have MSIX, then we only need to re-enable icr0 */ if (!test_bit(I40E_FLAG_MSIX_ENA, vsi->back->flags)) { @@ -2702,8 +2729,8 @@ static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, */ if (q_vector->rx.target_itr < q_vector->rx.current_itr) { /* Rx ITR needs to be reduced, this is highest priority */ - intval = i40e_buildreg_itr(I40E_RX_ITR, - q_vector->rx.target_itr); + itr_idx = I40E_RX_ITR; + interval = q_vector->rx.target_itr; q_vector->rx.current_itr = q_vector->rx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else if ((q_vector->tx.target_itr < q_vector->tx.current_itr) || @@ -2712,25 +2739,36 @@ static inline void i40e_update_enable_itr(struct i40e_vsi *vsi, /* Tx ITR needs to be reduced, this is second priority * Tx ITR needs to be increased more than Rx, fourth priority */ - intval = i40e_buildreg_itr(I40E_TX_ITR, - q_vector->tx.target_itr); + itr_idx = I40E_TX_ITR; + interval = q_vector->tx.target_itr; q_vector->tx.current_itr = q_vector->tx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else if (q_vector->rx.current_itr != q_vector->rx.target_itr) { /* Rx ITR needs to be increased, third priority */ - intval = i40e_buildreg_itr(I40E_RX_ITR, - q_vector->rx.target_itr); + itr_idx = I40E_RX_ITR; + interval = q_vector->rx.target_itr; q_vector->rx.current_itr = q_vector->rx.target_itr; q_vector->itr_countdown = ITR_COUNTDOWN_START; } else { /* No ITR update, lowest priority */ - intval = i40e_buildreg_itr(I40E_ITR_NONE, 0); if (q_vector->itr_countdown) q_vector->itr_countdown--; } - if (!test_bit(__I40E_VSI_DOWN, vsi->state)) - wr32(hw, INTREG(q_vector->reg_idx), intval); + /* Do not update interrupt control register if VSI is down */ + if (test_bit(__I40E_VSI_DOWN, vsi->state)) + return; + + /* Update ITR interval if necessary and enforce software interrupt + * if we are exiting busy poll. + */ + if (q_vector->in_busy_poll) { + itr_val = i40e_buildreg_itr(itr_idx, interval, true); + q_vector->in_busy_poll = false; + } else { + itr_val = i40e_buildreg_itr(itr_idx, interval, false); + } + wr32(hw, I40E_PFINT_DYN_CTLN(q_vector->reg_idx), itr_val); } /** @@ -2845,6 +2883,8 @@ int i40e_napi_poll(struct napi_struct *napi, int budget) */ if (likely(napi_complete_done(napi, work_done))) i40e_update_enable_itr(vsi, q_vector); + else + q_vector->in_busy_poll = true; return min(work_done, budget - 1); } diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.h b/drivers/net/ethernet/intel/i40e/i40e_txrx.h index abf15067eb5d..2cdc7de6301c 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.h +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.h @@ -68,6 +68,7 @@ enum i40e_dyn_idx { /* these are indexes into ITRN registers */ #define I40E_RX_ITR I40E_IDX_ITR0 #define I40E_TX_ITR I40E_IDX_ITR1 +#define I40E_SW_ITR I40E_IDX_ITR2 /* Supported RSS offloads */ #define I40E_DEFAULT_RSS_HENA ( \

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] octeontx2-af: Add array index check" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ef15ddeeb6bee87c044bf7754fac524545bf71e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040558-trustee-garage-e392@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ef15ddeeb6bee87c044bf7754fac524545bf71e8 Mon Sep 17 00:00:00 2001 From: Aleksandr Mishin <amishin(a)t-argos.ru> Date: Thu, 28 Mar 2024 19:55:05 +0300 Subject: [PATCH] octeontx2-af: Add array index check In rvu_map_cgx_lmac_pf() the 'iter', which is used as an array index, can reach value (up to 14) that exceed the size (MAX_LMAC_COUNT = 8) of the array. Fix this bug by adding 'iter' value check. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 91c6945ea1f9 ("octeontx2-af: cn10k: Add RPM MAC support") Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c index 72e060cf6b61..e9bf9231b018 100644 --- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c +++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c @@ -160,6 +160,8 @@ static int rvu_map_cgx_lmac_pf(struct rvu *rvu) continue; lmac_bmap = cgx_get_lmac_bmap(rvu_cgx_pdata(cgx, rvu)); for_each_set_bit(iter, &lmac_bmap, rvu->hw->lmac_per_cgx) { + if (iter >= MAX_LMAC_COUNT) + continue; lmac = cgx_get_lmacid(rvu_cgx_pdata(cgx, rvu), iter); rvu->pf2cgxlmac_map[pf] = cgxlmac_id_to_bmap(cgx, lmac);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: move force SMBUS from enable ulp function to avoid" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 861e8086029e003305750b4126ecd6617465f5c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040539-fiber-dormitory-6321@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 861e8086029e003305750b4126ecd6617465f5c7 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Sun, 3 Mar 2024 12:51:32 +0200 Subject: [PATCH] e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Forcing SMBUS inside the ULP enabling flow leads to sporadic PHY loss on some systems. It is suspected to be caused by initiating PHY transactions before the interface settles. Separating this configuration from the ULP enabling flow and moving it to the shutdown function allows enough time for the interface to settle and avoids adding a delay. Fixes: 6607c99e7034 ("e1000e: i219 - fix to enable both ULP and EEE in Sx state") Co-developed-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index d8e97669f31b..f9e94be36e97 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -1165,25 +1165,6 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; - /* Switching PHY interface always returns MDI error - * so disable retry mechanism to avoid wasting time - */ - e1000e_disable_phy_retry(hw); - - /* Force SMBus mode in PHY */ - ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); - if (ret_val) - goto release; - phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; - e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); - - e1000e_enable_phy_retry(hw); - - /* Force SMBus mode in MAC */ - mac_reg = er32(CTRL_EXT); - mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; - ew32(CTRL_EXT, mac_reg); - /* Si workaround for ULP entry flow on i127/rev6 h/w. Enable * LPLU and disable Gig speed when entering ULP */ diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index cc8c531ec3df..3692fce20195 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -6623,6 +6623,7 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) struct e1000_hw *hw = &adapter->hw; u32 ctrl, ctrl_ext, rctl, status, wufc; int retval = 0; + u16 smb_ctrl; /* Runtime suspend should only enable wakeup for link changes */ if (runtime) @@ -6696,6 +6697,23 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) if (retval) return retval; } + + /* Force SMBUS to allow WOL */ + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + + e1e_rphy(hw, CV_SMB_CTRL, &smb_ctrl); + smb_ctrl |= CV_SMB_CTRL_FORCE_SMBUS; + e1e_wphy(hw, CV_SMB_CTRL, smb_ctrl); + + e1000e_enable_phy_retry(hw); + + /* Force SMBus mode in MAC */ + ctrl_ext = er32(CTRL_EXT); + ctrl_ext |= E1000_CTRL_EXT_FORCE_SMBUS; + ew32(CTRL_EXT, ctrl_ext); } /* Ensure that the appropriate bits are set in LPI_CTRL

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: move force SMBUS from enable ulp function to avoid" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 861e8086029e003305750b4126ecd6617465f5c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040536-paying-life-0a32@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 861e8086029e003305750b4126ecd6617465f5c7 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Sun, 3 Mar 2024 12:51:32 +0200 Subject: [PATCH] e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Forcing SMBUS inside the ULP enabling flow leads to sporadic PHY loss on some systems. It is suspected to be caused by initiating PHY transactions before the interface settles. Separating this configuration from the ULP enabling flow and moving it to the shutdown function allows enough time for the interface to settle and avoids adding a delay. Fixes: 6607c99e7034 ("e1000e: i219 - fix to enable both ULP and EEE in Sx state") Co-developed-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index d8e97669f31b..f9e94be36e97 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -1165,25 +1165,6 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; - /* Switching PHY interface always returns MDI error - * so disable retry mechanism to avoid wasting time - */ - e1000e_disable_phy_retry(hw); - - /* Force SMBus mode in PHY */ - ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); - if (ret_val) - goto release; - phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; - e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); - - e1000e_enable_phy_retry(hw); - - /* Force SMBus mode in MAC */ - mac_reg = er32(CTRL_EXT); - mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; - ew32(CTRL_EXT, mac_reg); - /* Si workaround for ULP entry flow on i127/rev6 h/w. Enable * LPLU and disable Gig speed when entering ULP */ diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index cc8c531ec3df..3692fce20195 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -6623,6 +6623,7 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) struct e1000_hw *hw = &adapter->hw; u32 ctrl, ctrl_ext, rctl, status, wufc; int retval = 0; + u16 smb_ctrl; /* Runtime suspend should only enable wakeup for link changes */ if (runtime) @@ -6696,6 +6697,23 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) if (retval) return retval; } + + /* Force SMBUS to allow WOL */ + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + + e1e_rphy(hw, CV_SMB_CTRL, &smb_ctrl); + smb_ctrl |= CV_SMB_CTRL_FORCE_SMBUS; + e1e_wphy(hw, CV_SMB_CTRL, smb_ctrl); + + e1000e_enable_phy_retry(hw); + + /* Force SMBus mode in MAC */ + ctrl_ext = er32(CTRL_EXT); + ctrl_ext |= E1000_CTRL_EXT_FORCE_SMBUS; + ew32(CTRL_EXT, ctrl_ext); } /* Ensure that the appropriate bits are set in LPI_CTRL

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: move force SMBUS from enable ulp function to avoid" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 861e8086029e003305750b4126ecd6617465f5c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040531-scuba-germinate-e982@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 861e8086029e003305750b4126ecd6617465f5c7 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Sun, 3 Mar 2024 12:51:32 +0200 Subject: [PATCH] e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Forcing SMBUS inside the ULP enabling flow leads to sporadic PHY loss on some systems. It is suspected to be caused by initiating PHY transactions before the interface settles. Separating this configuration from the ULP enabling flow and moving it to the shutdown function allows enough time for the interface to settle and avoids adding a delay. Fixes: 6607c99e7034 ("e1000e: i219 - fix to enable both ULP and EEE in Sx state") Co-developed-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index d8e97669f31b..f9e94be36e97 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -1165,25 +1165,6 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; - /* Switching PHY interface always returns MDI error - * so disable retry mechanism to avoid wasting time - */ - e1000e_disable_phy_retry(hw); - - /* Force SMBus mode in PHY */ - ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); - if (ret_val) - goto release; - phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; - e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); - - e1000e_enable_phy_retry(hw); - - /* Force SMBus mode in MAC */ - mac_reg = er32(CTRL_EXT); - mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; - ew32(CTRL_EXT, mac_reg); - /* Si workaround for ULP entry flow on i127/rev6 h/w. Enable * LPLU and disable Gig speed when entering ULP */ diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index cc8c531ec3df..3692fce20195 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -6623,6 +6623,7 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) struct e1000_hw *hw = &adapter->hw; u32 ctrl, ctrl_ext, rctl, status, wufc; int retval = 0; + u16 smb_ctrl; /* Runtime suspend should only enable wakeup for link changes */ if (runtime) @@ -6696,6 +6697,23 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) if (retval) return retval; } + + /* Force SMBUS to allow WOL */ + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + + e1e_rphy(hw, CV_SMB_CTRL, &smb_ctrl); + smb_ctrl |= CV_SMB_CTRL_FORCE_SMBUS; + e1e_wphy(hw, CV_SMB_CTRL, smb_ctrl); + + e1000e_enable_phy_retry(hw); + + /* Force SMBus mode in MAC */ + ctrl_ext = er32(CTRL_EXT); + ctrl_ext |= E1000_CTRL_EXT_FORCE_SMBUS; + ew32(CTRL_EXT, ctrl_ext); } /* Ensure that the appropriate bits are set in LPI_CTRL

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: move force SMBUS from enable ulp function to avoid" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 861e8086029e003305750b4126ecd6617465f5c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040528-comply-variety-c87f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 861e8086029e003305750b4126ecd6617465f5c7 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Sun, 3 Mar 2024 12:51:32 +0200 Subject: [PATCH] e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Forcing SMBUS inside the ULP enabling flow leads to sporadic PHY loss on some systems. It is suspected to be caused by initiating PHY transactions before the interface settles. Separating this configuration from the ULP enabling flow and moving it to the shutdown function allows enough time for the interface to settle and avoids adding a delay. Fixes: 6607c99e7034 ("e1000e: i219 - fix to enable both ULP and EEE in Sx state") Co-developed-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index d8e97669f31b..f9e94be36e97 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -1165,25 +1165,6 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; - /* Switching PHY interface always returns MDI error - * so disable retry mechanism to avoid wasting time - */ - e1000e_disable_phy_retry(hw); - - /* Force SMBus mode in PHY */ - ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); - if (ret_val) - goto release; - phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; - e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); - - e1000e_enable_phy_retry(hw); - - /* Force SMBus mode in MAC */ - mac_reg = er32(CTRL_EXT); - mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; - ew32(CTRL_EXT, mac_reg); - /* Si workaround for ULP entry flow on i127/rev6 h/w. Enable * LPLU and disable Gig speed when entering ULP */ diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index cc8c531ec3df..3692fce20195 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -6623,6 +6623,7 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) struct e1000_hw *hw = &adapter->hw; u32 ctrl, ctrl_ext, rctl, status, wufc; int retval = 0; + u16 smb_ctrl; /* Runtime suspend should only enable wakeup for link changes */ if (runtime) @@ -6696,6 +6697,23 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) if (retval) return retval; } + + /* Force SMBUS to allow WOL */ + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + + e1e_rphy(hw, CV_SMB_CTRL, &smb_ctrl); + smb_ctrl |= CV_SMB_CTRL_FORCE_SMBUS; + e1e_wphy(hw, CV_SMB_CTRL, smb_ctrl); + + e1000e_enable_phy_retry(hw); + + /* Force SMBus mode in MAC */ + ctrl_ext = er32(CTRL_EXT); + ctrl_ext |= E1000_CTRL_EXT_FORCE_SMBUS; + ew32(CTRL_EXT, ctrl_ext); } /* Ensure that the appropriate bits are set in LPI_CTRL

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: move force SMBUS from enable ulp function to avoid" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 861e8086029e003305750b4126ecd6617465f5c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040524-olive-outbreak-88c8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 861e8086029e003305750b4126ecd6617465f5c7 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Sun, 3 Mar 2024 12:51:32 +0200 Subject: [PATCH] e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Forcing SMBUS inside the ULP enabling flow leads to sporadic PHY loss on some systems. It is suspected to be caused by initiating PHY transactions before the interface settles. Separating this configuration from the ULP enabling flow and moving it to the shutdown function allows enough time for the interface to settle and avoids adding a delay. Fixes: 6607c99e7034 ("e1000e: i219 - fix to enable both ULP and EEE in Sx state") Co-developed-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index d8e97669f31b..f9e94be36e97 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -1165,25 +1165,6 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; - /* Switching PHY interface always returns MDI error - * so disable retry mechanism to avoid wasting time - */ - e1000e_disable_phy_retry(hw); - - /* Force SMBus mode in PHY */ - ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); - if (ret_val) - goto release; - phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; - e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); - - e1000e_enable_phy_retry(hw); - - /* Force SMBus mode in MAC */ - mac_reg = er32(CTRL_EXT); - mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; - ew32(CTRL_EXT, mac_reg); - /* Si workaround for ULP entry flow on i127/rev6 h/w. Enable * LPLU and disable Gig speed when entering ULP */ diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index cc8c531ec3df..3692fce20195 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -6623,6 +6623,7 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) struct e1000_hw *hw = &adapter->hw; u32 ctrl, ctrl_ext, rctl, status, wufc; int retval = 0; + u16 smb_ctrl; /* Runtime suspend should only enable wakeup for link changes */ if (runtime) @@ -6696,6 +6697,23 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) if (retval) return retval; } + + /* Force SMBUS to allow WOL */ + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + + e1e_rphy(hw, CV_SMB_CTRL, &smb_ctrl); + smb_ctrl |= CV_SMB_CTRL_FORCE_SMBUS; + e1e_wphy(hw, CV_SMB_CTRL, smb_ctrl); + + e1000e_enable_phy_retry(hw); + + /* Force SMBus mode in MAC */ + ctrl_ext = er32(CTRL_EXT); + ctrl_ext |= E1000_CTRL_EXT_FORCE_SMBUS; + ew32(CTRL_EXT, ctrl_ext); } /* Ensure that the appropriate bits are set in LPI_CTRL

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: move force SMBUS from enable ulp function to avoid" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 861e8086029e003305750b4126ecd6617465f5c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040521-deduce-blast-00e2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 861e8086029e003305750b4126ecd6617465f5c7 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Sun, 3 Mar 2024 12:51:32 +0200 Subject: [PATCH] e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Forcing SMBUS inside the ULP enabling flow leads to sporadic PHY loss on some systems. It is suspected to be caused by initiating PHY transactions before the interface settles. Separating this configuration from the ULP enabling flow and moving it to the shutdown function allows enough time for the interface to settle and avoids adding a delay. Fixes: 6607c99e7034 ("e1000e: i219 - fix to enable both ULP and EEE in Sx state") Co-developed-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Dima Ruinskiy <dima.ruinskiy(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index d8e97669f31b..f9e94be36e97 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -1165,25 +1165,6 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; - /* Switching PHY interface always returns MDI error - * so disable retry mechanism to avoid wasting time - */ - e1000e_disable_phy_retry(hw); - - /* Force SMBus mode in PHY */ - ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); - if (ret_val) - goto release; - phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; - e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); - - e1000e_enable_phy_retry(hw); - - /* Force SMBus mode in MAC */ - mac_reg = er32(CTRL_EXT); - mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; - ew32(CTRL_EXT, mac_reg); - /* Si workaround for ULP entry flow on i127/rev6 h/w. Enable * LPLU and disable Gig speed when entering ULP */ diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index cc8c531ec3df..3692fce20195 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -6623,6 +6623,7 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) struct e1000_hw *hw = &adapter->hw; u32 ctrl, ctrl_ext, rctl, status, wufc; int retval = 0; + u16 smb_ctrl; /* Runtime suspend should only enable wakeup for link changes */ if (runtime) @@ -6696,6 +6697,23 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) if (retval) return retval; } + + /* Force SMBUS to allow WOL */ + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + + e1e_rphy(hw, CV_SMB_CTRL, &smb_ctrl); + smb_ctrl |= CV_SMB_CTRL_FORCE_SMBUS; + e1e_wphy(hw, CV_SMB_CTRL, smb_ctrl); + + e1000e_enable_phy_retry(hw); + + /* Force SMBus mode in MAC */ + ctrl_ext = er32(CTRL_EXT); + ctrl_ext |= E1000_CTRL_EXT_FORCE_SMBUS; + ew32(CTRL_EXT, ctrl_ext); } /* Ensure that the appropriate bits are set in LPI_CTRL

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: Workaround for sporadic MDI error on Meteor Lake" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6dbdd4de0362c37e54e8b049781402e5a409e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040508-thesaurus-stingray-e04e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dbdd4de0362c37e54e8b049781402e5a409e7d0 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Thu, 4 Jan 2024 16:16:52 +0200 Subject: [PATCH] e1000e: Workaround for sporadic MDI error on Meteor Lake systems On some Meteor Lake systems accessing the PHY via the MDIO interface may result in an MDI error. This issue happens sporadically and in most cases a second access to the PHY via the MDIO interface results in success. As a workaround, introduce a retry counter which is set to 3 on Meteor Lake systems. The driver will only return an error if 3 consecutive PHY access attempts fail. The retry mechanism is disabled in specific flows, where MDI errors are expected. Fixes: cc23f4f0b6b9 ("e1000e: Add support for Meteor Lake") Suggested-by: Nikolay Mushayev <nikolay.mushayev(a)intel.com> Co-developed-by: Nir Efrati <nir.efrati(a)intel.com> Signed-off-by: Nir Efrati <nir.efrati(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h index 1fef6bb5a5fb..4b6e7536170a 100644 --- a/drivers/net/ethernet/intel/e1000e/hw.h +++ b/drivers/net/ethernet/intel/e1000e/hw.h @@ -628,6 +628,7 @@ struct e1000_phy_info { u32 id; u32 reset_delay_us; /* in usec */ u32 revision; + u32 retry_count; enum e1000_media_type media_type; @@ -644,6 +645,7 @@ struct e1000_phy_info { bool polarity_correction; bool speed_downgraded; bool autoneg_wait_to_complete; + bool retry_enabled; }; struct e1000_nvm_info { diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index 19e450a5bd31..d8e97669f31b 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -222,11 +222,18 @@ static bool e1000_phy_is_accessible_pchlan(struct e1000_hw *hw) if (hw->mac.type >= e1000_pch_lpt) { /* Only unforce SMBus if ME is not active */ if (!(er32(FWSM) & E1000_ICH_FWSM_FW_VALID)) { + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Unforce SMBus mode in PHY */ e1e_rphy_locked(hw, CV_SMB_CTRL, &phy_reg); phy_reg &= ~CV_SMB_CTRL_FORCE_SMBUS; e1e_wphy_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Unforce SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg &= ~E1000_CTRL_EXT_FORCE_SMBUS; @@ -310,6 +317,11 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) goto out; } + /* There is no guarantee that the PHY is accessible at this time + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* The MAC-PHY interconnect may be in SMBus mode. If the PHY is * inaccessible and resetting the PHY is not blocked, toggle the * LANPHYPC Value bit to force the interconnect to PCIe mode. @@ -380,6 +392,8 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) break; } + e1000e_enable_phy_retry(hw); + hw->phy.ops.release(hw); if (!ret_val) { @@ -449,6 +463,11 @@ static s32 e1000_init_phy_params_pchlan(struct e1000_hw *hw) phy->id = e1000_phy_unknown; + if (hw->mac.type == e1000_pch_mtp) { + phy->retry_count = 2; + e1000e_enable_phy_retry(hw); + } + ret_val = e1000_init_phy_workarounds_pchlan(hw); if (ret_val) return ret_val; @@ -1146,6 +1165,11 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Force SMBus mode in PHY */ ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); if (ret_val) @@ -1153,6 +1177,8 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Force SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; @@ -1313,6 +1339,11 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) /* Toggle LANPHYPC Value bit */ e1000_toggle_lanphypc_pch_lpt(hw); + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Unforce SMBus mode in PHY */ ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); if (ret_val) { @@ -1333,6 +1364,8 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) phy_reg &= ~CV_SMB_CTRL_FORCE_SMBUS; e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Unforce SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg &= ~E1000_CTRL_EXT_FORCE_SMBUS; diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c index 5e329156d1ba..93544f1cc2a5 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.c +++ b/drivers/net/ethernet/intel/e1000e/phy.c @@ -107,6 +107,16 @@ s32 e1000e_phy_reset_dsp(struct e1000_hw *hw) return e1e_wphy(hw, M88E1000_PHY_GEN_CONTROL, 0); } +void e1000e_disable_phy_retry(struct e1000_hw *hw) +{ + hw->phy.retry_enabled = false; +} + +void e1000e_enable_phy_retry(struct e1000_hw *hw) +{ + hw->phy.retry_enabled = true; +} + /** * e1000e_read_phy_reg_mdic - Read MDI control register * @hw: pointer to the HW structure @@ -118,55 +128,73 @@ s32 e1000e_phy_reset_dsp(struct e1000_hw *hw) **/ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) { + u32 i, mdic = 0, retry_counter, retry_max; struct e1000_phy_info *phy = &hw->phy; - u32 i, mdic = 0; + bool success; if (offset > MAX_PHY_REG_ADDRESS) { e_dbg("PHY Address %d is out of range\n", offset); return -E1000_ERR_PARAM; } + retry_max = phy->retry_enabled ? phy->retry_count : 0; + /* Set up Op-code, Phy Address, and register offset in the MDI * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ - mdic = ((offset << E1000_MDIC_REG_SHIFT) | - (phy->addr << E1000_MDIC_PHY_SHIFT) | - (E1000_MDIC_OP_READ)); + for (retry_counter = 0; retry_counter <= retry_max; retry_counter++) { + success = true; - ew32(MDIC, mdic); + mdic = ((offset << E1000_MDIC_REG_SHIFT) | + (phy->addr << E1000_MDIC_PHY_SHIFT) | + (E1000_MDIC_OP_READ)); - /* Poll the ready bit to see if the MDI read completed - * Increasing the time out as testing showed failures with - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; - } - if (!(mdic & E1000_MDIC_READY)) { - e_dbg("MDI Read PHY Reg Address %d did not complete\n", offset); - return -E1000_ERR_PHY; - } - if (mdic & E1000_MDIC_ERROR) { - e_dbg("MDI Read PHY Reg Address %d Error\n", offset); - return -E1000_ERR_PHY; - } - if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { - e_dbg("MDI Read offset error - requested %d, returned %d\n", - offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); - return -E1000_ERR_PHY; - } - *data = (u16)mdic; + ew32(MDIC, mdic); - /* Allow some time after each MDIC transaction to avoid - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) - udelay(100); - return 0; + /* Poll the ready bit to see if the MDI read completed + * Increasing the time out as testing showed failures with + * the lower time out + */ + for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { + usleep_range(50, 60); + mdic = er32(MDIC); + if (mdic & E1000_MDIC_READY) + break; + } + if (!(mdic & E1000_MDIC_READY)) { + e_dbg("MDI Read PHY Reg Address %d did not complete\n", + offset); + success = false; + } + if (mdic & E1000_MDIC_ERROR) { + e_dbg("MDI Read PHY Reg Address %d Error\n", offset); + success = false; + } + if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { + e_dbg("MDI Read offset error - requested %d, returned %d\n", + offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); + success = false; + } + + /* Allow some time after each MDIC transaction to avoid + * reading duplicate data in the next MDIC transaction. + */ + if (hw->mac.type == e1000_pch2lan) + usleep_range(100, 150); + + if (success) { + *data = (u16)mdic; + return 0; + } + + if (retry_counter != retry_max) { + e_dbg("Perform retry on PHY transaction...\n"); + mdelay(10); + } + } + + return -E1000_ERR_PHY; } /** @@ -179,56 +207,72 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) **/ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) { + u32 i, mdic = 0, retry_counter, retry_max; struct e1000_phy_info *phy = &hw->phy; - u32 i, mdic = 0; + bool success; if (offset > MAX_PHY_REG_ADDRESS) { e_dbg("PHY Address %d is out of range\n", offset); return -E1000_ERR_PARAM; } + retry_max = phy->retry_enabled ? phy->retry_count : 0; + /* Set up Op-code, Phy Address, and register offset in the MDI * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ - mdic = (((u32)data) | - (offset << E1000_MDIC_REG_SHIFT) | - (phy->addr << E1000_MDIC_PHY_SHIFT) | - (E1000_MDIC_OP_WRITE)); + for (retry_counter = 0; retry_counter <= retry_max; retry_counter++) { + success = true; - ew32(MDIC, mdic); + mdic = (((u32)data) | + (offset << E1000_MDIC_REG_SHIFT) | + (phy->addr << E1000_MDIC_PHY_SHIFT) | + (E1000_MDIC_OP_WRITE)); - /* Poll the ready bit to see if the MDI read completed - * Increasing the time out as testing showed failures with - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; - } - if (!(mdic & E1000_MDIC_READY)) { - e_dbg("MDI Write PHY Reg Address %d did not complete\n", offset); - return -E1000_ERR_PHY; - } - if (mdic & E1000_MDIC_ERROR) { - e_dbg("MDI Write PHY Red Address %d Error\n", offset); - return -E1000_ERR_PHY; - } - if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { - e_dbg("MDI Write offset error - requested %d, returned %d\n", - offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); - return -E1000_ERR_PHY; + ew32(MDIC, mdic); + + /* Poll the ready bit to see if the MDI read completed + * Increasing the time out as testing showed failures with + * the lower time out + */ + for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { + usleep_range(50, 60); + mdic = er32(MDIC); + if (mdic & E1000_MDIC_READY) + break; + } + if (!(mdic & E1000_MDIC_READY)) { + e_dbg("MDI Write PHY Reg Address %d did not complete\n", + offset); + success = false; + } + if (mdic & E1000_MDIC_ERROR) { + e_dbg("MDI Write PHY Reg Address %d Error\n", offset); + success = false; + } + if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { + e_dbg("MDI Write offset error - requested %d, returned %d\n", + offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); + success = false; + } + + /* Allow some time after each MDIC transaction to avoid + * reading duplicate data in the next MDIC transaction. + */ + if (hw->mac.type == e1000_pch2lan) + usleep_range(100, 150); + + if (success) + return 0; + + if (retry_counter != retry_max) { + e_dbg("Perform retry on PHY transaction...\n"); + mdelay(10); + } } - /* Allow some time after each MDIC transaction to avoid - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) - udelay(100); - - return 0; + return -E1000_ERR_PHY; } /** diff --git a/drivers/net/ethernet/intel/e1000e/phy.h b/drivers/net/ethernet/intel/e1000e/phy.h index c48777d09523..049bb325b4b1 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.h +++ b/drivers/net/ethernet/intel/e1000e/phy.h @@ -51,6 +51,8 @@ s32 e1000e_read_phy_reg_bm2(struct e1000_hw *hw, u32 offset, u16 *data); s32 e1000e_write_phy_reg_bm2(struct e1000_hw *hw, u32 offset, u16 data); void e1000_power_up_phy_copper(struct e1000_hw *hw); void e1000_power_down_phy_copper(struct e1000_hw *hw); +void e1000e_disable_phy_retry(struct e1000_hw *hw); +void e1000e_enable_phy_retry(struct e1000_hw *hw); s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data); s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data); s32 e1000_read_phy_reg_hv(struct e1000_hw *hw, u32 offset, u16 *data);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: Workaround for sporadic MDI error on Meteor Lake" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6dbdd4de0362c37e54e8b049781402e5a409e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040504-unedited-capture-9d05@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dbdd4de0362c37e54e8b049781402e5a409e7d0 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Thu, 4 Jan 2024 16:16:52 +0200 Subject: [PATCH] e1000e: Workaround for sporadic MDI error on Meteor Lake systems On some Meteor Lake systems accessing the PHY via the MDIO interface may result in an MDI error. This issue happens sporadically and in most cases a second access to the PHY via the MDIO interface results in success. As a workaround, introduce a retry counter which is set to 3 on Meteor Lake systems. The driver will only return an error if 3 consecutive PHY access attempts fail. The retry mechanism is disabled in specific flows, where MDI errors are expected. Fixes: cc23f4f0b6b9 ("e1000e: Add support for Meteor Lake") Suggested-by: Nikolay Mushayev <nikolay.mushayev(a)intel.com> Co-developed-by: Nir Efrati <nir.efrati(a)intel.com> Signed-off-by: Nir Efrati <nir.efrati(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h index 1fef6bb5a5fb..4b6e7536170a 100644 --- a/drivers/net/ethernet/intel/e1000e/hw.h +++ b/drivers/net/ethernet/intel/e1000e/hw.h @@ -628,6 +628,7 @@ struct e1000_phy_info { u32 id; u32 reset_delay_us; /* in usec */ u32 revision; + u32 retry_count; enum e1000_media_type media_type; @@ -644,6 +645,7 @@ struct e1000_phy_info { bool polarity_correction; bool speed_downgraded; bool autoneg_wait_to_complete; + bool retry_enabled; }; struct e1000_nvm_info { diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index 19e450a5bd31..d8e97669f31b 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -222,11 +222,18 @@ static bool e1000_phy_is_accessible_pchlan(struct e1000_hw *hw) if (hw->mac.type >= e1000_pch_lpt) { /* Only unforce SMBus if ME is not active */ if (!(er32(FWSM) & E1000_ICH_FWSM_FW_VALID)) { + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Unforce SMBus mode in PHY */ e1e_rphy_locked(hw, CV_SMB_CTRL, &phy_reg); phy_reg &= ~CV_SMB_CTRL_FORCE_SMBUS; e1e_wphy_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Unforce SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg &= ~E1000_CTRL_EXT_FORCE_SMBUS; @@ -310,6 +317,11 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) goto out; } + /* There is no guarantee that the PHY is accessible at this time + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* The MAC-PHY interconnect may be in SMBus mode. If the PHY is * inaccessible and resetting the PHY is not blocked, toggle the * LANPHYPC Value bit to force the interconnect to PCIe mode. @@ -380,6 +392,8 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) break; } + e1000e_enable_phy_retry(hw); + hw->phy.ops.release(hw); if (!ret_val) { @@ -449,6 +463,11 @@ static s32 e1000_init_phy_params_pchlan(struct e1000_hw *hw) phy->id = e1000_phy_unknown; + if (hw->mac.type == e1000_pch_mtp) { + phy->retry_count = 2; + e1000e_enable_phy_retry(hw); + } + ret_val = e1000_init_phy_workarounds_pchlan(hw); if (ret_val) return ret_val; @@ -1146,6 +1165,11 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Force SMBus mode in PHY */ ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); if (ret_val) @@ -1153,6 +1177,8 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Force SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; @@ -1313,6 +1339,11 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) /* Toggle LANPHYPC Value bit */ e1000_toggle_lanphypc_pch_lpt(hw); + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Unforce SMBus mode in PHY */ ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); if (ret_val) { @@ -1333,6 +1364,8 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) phy_reg &= ~CV_SMB_CTRL_FORCE_SMBUS; e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Unforce SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg &= ~E1000_CTRL_EXT_FORCE_SMBUS; diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c index 5e329156d1ba..93544f1cc2a5 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.c +++ b/drivers/net/ethernet/intel/e1000e/phy.c @@ -107,6 +107,16 @@ s32 e1000e_phy_reset_dsp(struct e1000_hw *hw) return e1e_wphy(hw, M88E1000_PHY_GEN_CONTROL, 0); } +void e1000e_disable_phy_retry(struct e1000_hw *hw) +{ + hw->phy.retry_enabled = false; +} + +void e1000e_enable_phy_retry(struct e1000_hw *hw) +{ + hw->phy.retry_enabled = true; +} + /** * e1000e_read_phy_reg_mdic - Read MDI control register * @hw: pointer to the HW structure @@ -118,55 +128,73 @@ s32 e1000e_phy_reset_dsp(struct e1000_hw *hw) **/ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) { + u32 i, mdic = 0, retry_counter, retry_max; struct e1000_phy_info *phy = &hw->phy; - u32 i, mdic = 0; + bool success; if (offset > MAX_PHY_REG_ADDRESS) { e_dbg("PHY Address %d is out of range\n", offset); return -E1000_ERR_PARAM; } + retry_max = phy->retry_enabled ? phy->retry_count : 0; + /* Set up Op-code, Phy Address, and register offset in the MDI * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ - mdic = ((offset << E1000_MDIC_REG_SHIFT) | - (phy->addr << E1000_MDIC_PHY_SHIFT) | - (E1000_MDIC_OP_READ)); + for (retry_counter = 0; retry_counter <= retry_max; retry_counter++) { + success = true; - ew32(MDIC, mdic); + mdic = ((offset << E1000_MDIC_REG_SHIFT) | + (phy->addr << E1000_MDIC_PHY_SHIFT) | + (E1000_MDIC_OP_READ)); - /* Poll the ready bit to see if the MDI read completed - * Increasing the time out as testing showed failures with - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; - } - if (!(mdic & E1000_MDIC_READY)) { - e_dbg("MDI Read PHY Reg Address %d did not complete\n", offset); - return -E1000_ERR_PHY; - } - if (mdic & E1000_MDIC_ERROR) { - e_dbg("MDI Read PHY Reg Address %d Error\n", offset); - return -E1000_ERR_PHY; - } - if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { - e_dbg("MDI Read offset error - requested %d, returned %d\n", - offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); - return -E1000_ERR_PHY; - } - *data = (u16)mdic; + ew32(MDIC, mdic); - /* Allow some time after each MDIC transaction to avoid - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) - udelay(100); - return 0; + /* Poll the ready bit to see if the MDI read completed + * Increasing the time out as testing showed failures with + * the lower time out + */ + for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { + usleep_range(50, 60); + mdic = er32(MDIC); + if (mdic & E1000_MDIC_READY) + break; + } + if (!(mdic & E1000_MDIC_READY)) { + e_dbg("MDI Read PHY Reg Address %d did not complete\n", + offset); + success = false; + } + if (mdic & E1000_MDIC_ERROR) { + e_dbg("MDI Read PHY Reg Address %d Error\n", offset); + success = false; + } + if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { + e_dbg("MDI Read offset error - requested %d, returned %d\n", + offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); + success = false; + } + + /* Allow some time after each MDIC transaction to avoid + * reading duplicate data in the next MDIC transaction. + */ + if (hw->mac.type == e1000_pch2lan) + usleep_range(100, 150); + + if (success) { + *data = (u16)mdic; + return 0; + } + + if (retry_counter != retry_max) { + e_dbg("Perform retry on PHY transaction...\n"); + mdelay(10); + } + } + + return -E1000_ERR_PHY; } /** @@ -179,56 +207,72 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) **/ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) { + u32 i, mdic = 0, retry_counter, retry_max; struct e1000_phy_info *phy = &hw->phy; - u32 i, mdic = 0; + bool success; if (offset > MAX_PHY_REG_ADDRESS) { e_dbg("PHY Address %d is out of range\n", offset); return -E1000_ERR_PARAM; } + retry_max = phy->retry_enabled ? phy->retry_count : 0; + /* Set up Op-code, Phy Address, and register offset in the MDI * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ - mdic = (((u32)data) | - (offset << E1000_MDIC_REG_SHIFT) | - (phy->addr << E1000_MDIC_PHY_SHIFT) | - (E1000_MDIC_OP_WRITE)); + for (retry_counter = 0; retry_counter <= retry_max; retry_counter++) { + success = true; - ew32(MDIC, mdic); + mdic = (((u32)data) | + (offset << E1000_MDIC_REG_SHIFT) | + (phy->addr << E1000_MDIC_PHY_SHIFT) | + (E1000_MDIC_OP_WRITE)); - /* Poll the ready bit to see if the MDI read completed - * Increasing the time out as testing showed failures with - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; - } - if (!(mdic & E1000_MDIC_READY)) { - e_dbg("MDI Write PHY Reg Address %d did not complete\n", offset); - return -E1000_ERR_PHY; - } - if (mdic & E1000_MDIC_ERROR) { - e_dbg("MDI Write PHY Red Address %d Error\n", offset); - return -E1000_ERR_PHY; - } - if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { - e_dbg("MDI Write offset error - requested %d, returned %d\n", - offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); - return -E1000_ERR_PHY; + ew32(MDIC, mdic); + + /* Poll the ready bit to see if the MDI read completed + * Increasing the time out as testing showed failures with + * the lower time out + */ + for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { + usleep_range(50, 60); + mdic = er32(MDIC); + if (mdic & E1000_MDIC_READY) + break; + } + if (!(mdic & E1000_MDIC_READY)) { + e_dbg("MDI Write PHY Reg Address %d did not complete\n", + offset); + success = false; + } + if (mdic & E1000_MDIC_ERROR) { + e_dbg("MDI Write PHY Reg Address %d Error\n", offset); + success = false; + } + if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { + e_dbg("MDI Write offset error - requested %d, returned %d\n", + offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); + success = false; + } + + /* Allow some time after each MDIC transaction to avoid + * reading duplicate data in the next MDIC transaction. + */ + if (hw->mac.type == e1000_pch2lan) + usleep_range(100, 150); + + if (success) + return 0; + + if (retry_counter != retry_max) { + e_dbg("Perform retry on PHY transaction...\n"); + mdelay(10); + } } - /* Allow some time after each MDIC transaction to avoid - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) - udelay(100); - - return 0; + return -E1000_ERR_PHY; } /** diff --git a/drivers/net/ethernet/intel/e1000e/phy.h b/drivers/net/ethernet/intel/e1000e/phy.h index c48777d09523..049bb325b4b1 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.h +++ b/drivers/net/ethernet/intel/e1000e/phy.h @@ -51,6 +51,8 @@ s32 e1000e_read_phy_reg_bm2(struct e1000_hw *hw, u32 offset, u16 *data); s32 e1000e_write_phy_reg_bm2(struct e1000_hw *hw, u32 offset, u16 data); void e1000_power_up_phy_copper(struct e1000_hw *hw); void e1000_power_down_phy_copper(struct e1000_hw *hw); +void e1000e_disable_phy_retry(struct e1000_hw *hw); +void e1000e_enable_phy_retry(struct e1000_hw *hw); s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data); s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data); s32 e1000_read_phy_reg_hv(struct e1000_hw *hw, u32 offset, u16 *data);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: Workaround for sporadic MDI error on Meteor Lake" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6dbdd4de0362c37e54e8b049781402e5a409e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040500-earthy-bulldog-1291@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dbdd4de0362c37e54e8b049781402e5a409e7d0 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Thu, 4 Jan 2024 16:16:52 +0200 Subject: [PATCH] e1000e: Workaround for sporadic MDI error on Meteor Lake systems On some Meteor Lake systems accessing the PHY via the MDIO interface may result in an MDI error. This issue happens sporadically and in most cases a second access to the PHY via the MDIO interface results in success. As a workaround, introduce a retry counter which is set to 3 on Meteor Lake systems. The driver will only return an error if 3 consecutive PHY access attempts fail. The retry mechanism is disabled in specific flows, where MDI errors are expected. Fixes: cc23f4f0b6b9 ("e1000e: Add support for Meteor Lake") Suggested-by: Nikolay Mushayev <nikolay.mushayev(a)intel.com> Co-developed-by: Nir Efrati <nir.efrati(a)intel.com> Signed-off-by: Nir Efrati <nir.efrati(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h index 1fef6bb5a5fb..4b6e7536170a 100644 --- a/drivers/net/ethernet/intel/e1000e/hw.h +++ b/drivers/net/ethernet/intel/e1000e/hw.h @@ -628,6 +628,7 @@ struct e1000_phy_info { u32 id; u32 reset_delay_us; /* in usec */ u32 revision; + u32 retry_count; enum e1000_media_type media_type; @@ -644,6 +645,7 @@ struct e1000_phy_info { bool polarity_correction; bool speed_downgraded; bool autoneg_wait_to_complete; + bool retry_enabled; }; struct e1000_nvm_info { diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index 19e450a5bd31..d8e97669f31b 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -222,11 +222,18 @@ static bool e1000_phy_is_accessible_pchlan(struct e1000_hw *hw) if (hw->mac.type >= e1000_pch_lpt) { /* Only unforce SMBus if ME is not active */ if (!(er32(FWSM) & E1000_ICH_FWSM_FW_VALID)) { + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Unforce SMBus mode in PHY */ e1e_rphy_locked(hw, CV_SMB_CTRL, &phy_reg); phy_reg &= ~CV_SMB_CTRL_FORCE_SMBUS; e1e_wphy_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Unforce SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg &= ~E1000_CTRL_EXT_FORCE_SMBUS; @@ -310,6 +317,11 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) goto out; } + /* There is no guarantee that the PHY is accessible at this time + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* The MAC-PHY interconnect may be in SMBus mode. If the PHY is * inaccessible and resetting the PHY is not blocked, toggle the * LANPHYPC Value bit to force the interconnect to PCIe mode. @@ -380,6 +392,8 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) break; } + e1000e_enable_phy_retry(hw); + hw->phy.ops.release(hw); if (!ret_val) { @@ -449,6 +463,11 @@ static s32 e1000_init_phy_params_pchlan(struct e1000_hw *hw) phy->id = e1000_phy_unknown; + if (hw->mac.type == e1000_pch_mtp) { + phy->retry_count = 2; + e1000e_enable_phy_retry(hw); + } + ret_val = e1000_init_phy_workarounds_pchlan(hw); if (ret_val) return ret_val; @@ -1146,6 +1165,11 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Force SMBus mode in PHY */ ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); if (ret_val) @@ -1153,6 +1177,8 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Force SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; @@ -1313,6 +1339,11 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) /* Toggle LANPHYPC Value bit */ e1000_toggle_lanphypc_pch_lpt(hw); + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Unforce SMBus mode in PHY */ ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); if (ret_val) { @@ -1333,6 +1364,8 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) phy_reg &= ~CV_SMB_CTRL_FORCE_SMBUS; e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Unforce SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg &= ~E1000_CTRL_EXT_FORCE_SMBUS; diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c index 5e329156d1ba..93544f1cc2a5 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.c +++ b/drivers/net/ethernet/intel/e1000e/phy.c @@ -107,6 +107,16 @@ s32 e1000e_phy_reset_dsp(struct e1000_hw *hw) return e1e_wphy(hw, M88E1000_PHY_GEN_CONTROL, 0); } +void e1000e_disable_phy_retry(struct e1000_hw *hw) +{ + hw->phy.retry_enabled = false; +} + +void e1000e_enable_phy_retry(struct e1000_hw *hw) +{ + hw->phy.retry_enabled = true; +} + /** * e1000e_read_phy_reg_mdic - Read MDI control register * @hw: pointer to the HW structure @@ -118,55 +128,73 @@ s32 e1000e_phy_reset_dsp(struct e1000_hw *hw) **/ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) { + u32 i, mdic = 0, retry_counter, retry_max; struct e1000_phy_info *phy = &hw->phy; - u32 i, mdic = 0; + bool success; if (offset > MAX_PHY_REG_ADDRESS) { e_dbg("PHY Address %d is out of range\n", offset); return -E1000_ERR_PARAM; } + retry_max = phy->retry_enabled ? phy->retry_count : 0; + /* Set up Op-code, Phy Address, and register offset in the MDI * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ - mdic = ((offset << E1000_MDIC_REG_SHIFT) | - (phy->addr << E1000_MDIC_PHY_SHIFT) | - (E1000_MDIC_OP_READ)); + for (retry_counter = 0; retry_counter <= retry_max; retry_counter++) { + success = true; - ew32(MDIC, mdic); + mdic = ((offset << E1000_MDIC_REG_SHIFT) | + (phy->addr << E1000_MDIC_PHY_SHIFT) | + (E1000_MDIC_OP_READ)); - /* Poll the ready bit to see if the MDI read completed - * Increasing the time out as testing showed failures with - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; - } - if (!(mdic & E1000_MDIC_READY)) { - e_dbg("MDI Read PHY Reg Address %d did not complete\n", offset); - return -E1000_ERR_PHY; - } - if (mdic & E1000_MDIC_ERROR) { - e_dbg("MDI Read PHY Reg Address %d Error\n", offset); - return -E1000_ERR_PHY; - } - if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { - e_dbg("MDI Read offset error - requested %d, returned %d\n", - offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); - return -E1000_ERR_PHY; - } - *data = (u16)mdic; + ew32(MDIC, mdic); - /* Allow some time after each MDIC transaction to avoid - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) - udelay(100); - return 0; + /* Poll the ready bit to see if the MDI read completed + * Increasing the time out as testing showed failures with + * the lower time out + */ + for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { + usleep_range(50, 60); + mdic = er32(MDIC); + if (mdic & E1000_MDIC_READY) + break; + } + if (!(mdic & E1000_MDIC_READY)) { + e_dbg("MDI Read PHY Reg Address %d did not complete\n", + offset); + success = false; + } + if (mdic & E1000_MDIC_ERROR) { + e_dbg("MDI Read PHY Reg Address %d Error\n", offset); + success = false; + } + if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { + e_dbg("MDI Read offset error - requested %d, returned %d\n", + offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); + success = false; + } + + /* Allow some time after each MDIC transaction to avoid + * reading duplicate data in the next MDIC transaction. + */ + if (hw->mac.type == e1000_pch2lan) + usleep_range(100, 150); + + if (success) { + *data = (u16)mdic; + return 0; + } + + if (retry_counter != retry_max) { + e_dbg("Perform retry on PHY transaction...\n"); + mdelay(10); + } + } + + return -E1000_ERR_PHY; } /** @@ -179,56 +207,72 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) **/ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) { + u32 i, mdic = 0, retry_counter, retry_max; struct e1000_phy_info *phy = &hw->phy; - u32 i, mdic = 0; + bool success; if (offset > MAX_PHY_REG_ADDRESS) { e_dbg("PHY Address %d is out of range\n", offset); return -E1000_ERR_PARAM; } + retry_max = phy->retry_enabled ? phy->retry_count : 0; + /* Set up Op-code, Phy Address, and register offset in the MDI * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ - mdic = (((u32)data) | - (offset << E1000_MDIC_REG_SHIFT) | - (phy->addr << E1000_MDIC_PHY_SHIFT) | - (E1000_MDIC_OP_WRITE)); + for (retry_counter = 0; retry_counter <= retry_max; retry_counter++) { + success = true; - ew32(MDIC, mdic); + mdic = (((u32)data) | + (offset << E1000_MDIC_REG_SHIFT) | + (phy->addr << E1000_MDIC_PHY_SHIFT) | + (E1000_MDIC_OP_WRITE)); - /* Poll the ready bit to see if the MDI read completed - * Increasing the time out as testing showed failures with - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; - } - if (!(mdic & E1000_MDIC_READY)) { - e_dbg("MDI Write PHY Reg Address %d did not complete\n", offset); - return -E1000_ERR_PHY; - } - if (mdic & E1000_MDIC_ERROR) { - e_dbg("MDI Write PHY Red Address %d Error\n", offset); - return -E1000_ERR_PHY; - } - if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { - e_dbg("MDI Write offset error - requested %d, returned %d\n", - offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); - return -E1000_ERR_PHY; + ew32(MDIC, mdic); + + /* Poll the ready bit to see if the MDI read completed + * Increasing the time out as testing showed failures with + * the lower time out + */ + for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { + usleep_range(50, 60); + mdic = er32(MDIC); + if (mdic & E1000_MDIC_READY) + break; + } + if (!(mdic & E1000_MDIC_READY)) { + e_dbg("MDI Write PHY Reg Address %d did not complete\n", + offset); + success = false; + } + if (mdic & E1000_MDIC_ERROR) { + e_dbg("MDI Write PHY Reg Address %d Error\n", offset); + success = false; + } + if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { + e_dbg("MDI Write offset error - requested %d, returned %d\n", + offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); + success = false; + } + + /* Allow some time after each MDIC transaction to avoid + * reading duplicate data in the next MDIC transaction. + */ + if (hw->mac.type == e1000_pch2lan) + usleep_range(100, 150); + + if (success) + return 0; + + if (retry_counter != retry_max) { + e_dbg("Perform retry on PHY transaction...\n"); + mdelay(10); + } } - /* Allow some time after each MDIC transaction to avoid - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) - udelay(100); - - return 0; + return -E1000_ERR_PHY; } /** diff --git a/drivers/net/ethernet/intel/e1000e/phy.h b/drivers/net/ethernet/intel/e1000e/phy.h index c48777d09523..049bb325b4b1 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.h +++ b/drivers/net/ethernet/intel/e1000e/phy.h @@ -51,6 +51,8 @@ s32 e1000e_read_phy_reg_bm2(struct e1000_hw *hw, u32 offset, u16 *data); s32 e1000e_write_phy_reg_bm2(struct e1000_hw *hw, u32 offset, u16 data); void e1000_power_up_phy_copper(struct e1000_hw *hw); void e1000_power_down_phy_copper(struct e1000_hw *hw); +void e1000e_disable_phy_retry(struct e1000_hw *hw); +void e1000e_enable_phy_retry(struct e1000_hw *hw); s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data); s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data); s32 e1000_read_phy_reg_hv(struct e1000_hw *hw, u32 offset, u16 *data);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] e1000e: Workaround for sporadic MDI error on Meteor Lake" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6dbdd4de0362c37e54e8b049781402e5a409e7d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040556-bonus-corporal-beee@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6dbdd4de0362c37e54e8b049781402e5a409e7d0 Mon Sep 17 00:00:00 2001 From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Thu, 4 Jan 2024 16:16:52 +0200 Subject: [PATCH] e1000e: Workaround for sporadic MDI error on Meteor Lake systems On some Meteor Lake systems accessing the PHY via the MDIO interface may result in an MDI error. This issue happens sporadically and in most cases a second access to the PHY via the MDIO interface results in success. As a workaround, introduce a retry counter which is set to 3 on Meteor Lake systems. The driver will only return an error if 3 consecutive PHY access attempts fail. The retry mechanism is disabled in specific flows, where MDI errors are expected. Fixes: cc23f4f0b6b9 ("e1000e: Add support for Meteor Lake") Suggested-by: Nikolay Mushayev <nikolay.mushayev(a)intel.com> Co-developed-by: Nir Efrati <nir.efrati(a)intel.com> Signed-off-by: Nir Efrati <nir.efrati(a)intel.com> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h index 1fef6bb5a5fb..4b6e7536170a 100644 --- a/drivers/net/ethernet/intel/e1000e/hw.h +++ b/drivers/net/ethernet/intel/e1000e/hw.h @@ -628,6 +628,7 @@ struct e1000_phy_info { u32 id; u32 reset_delay_us; /* in usec */ u32 revision; + u32 retry_count; enum e1000_media_type media_type; @@ -644,6 +645,7 @@ struct e1000_phy_info { bool polarity_correction; bool speed_downgraded; bool autoneg_wait_to_complete; + bool retry_enabled; }; struct e1000_nvm_info { diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index 19e450a5bd31..d8e97669f31b 100644 --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c @@ -222,11 +222,18 @@ static bool e1000_phy_is_accessible_pchlan(struct e1000_hw *hw) if (hw->mac.type >= e1000_pch_lpt) { /* Only unforce SMBus if ME is not active */ if (!(er32(FWSM) & E1000_ICH_FWSM_FW_VALID)) { + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Unforce SMBus mode in PHY */ e1e_rphy_locked(hw, CV_SMB_CTRL, &phy_reg); phy_reg &= ~CV_SMB_CTRL_FORCE_SMBUS; e1e_wphy_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Unforce SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg &= ~E1000_CTRL_EXT_FORCE_SMBUS; @@ -310,6 +317,11 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) goto out; } + /* There is no guarantee that the PHY is accessible at this time + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* The MAC-PHY interconnect may be in SMBus mode. If the PHY is * inaccessible and resetting the PHY is not blocked, toggle the * LANPHYPC Value bit to force the interconnect to PCIe mode. @@ -380,6 +392,8 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) break; } + e1000e_enable_phy_retry(hw); + hw->phy.ops.release(hw); if (!ret_val) { @@ -449,6 +463,11 @@ static s32 e1000_init_phy_params_pchlan(struct e1000_hw *hw) phy->id = e1000_phy_unknown; + if (hw->mac.type == e1000_pch_mtp) { + phy->retry_count = 2; + e1000e_enable_phy_retry(hw); + } + ret_val = e1000_init_phy_workarounds_pchlan(hw); if (ret_val) return ret_val; @@ -1146,6 +1165,11 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) if (ret_val) goto out; + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Force SMBus mode in PHY */ ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); if (ret_val) @@ -1153,6 +1177,8 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000_hw *hw, bool to_sx) phy_reg |= CV_SMB_CTRL_FORCE_SMBUS; e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Force SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg |= E1000_CTRL_EXT_FORCE_SMBUS; @@ -1313,6 +1339,11 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) /* Toggle LANPHYPC Value bit */ e1000_toggle_lanphypc_pch_lpt(hw); + /* Switching PHY interface always returns MDI error + * so disable retry mechanism to avoid wasting time + */ + e1000e_disable_phy_retry(hw); + /* Unforce SMBus mode in PHY */ ret_val = e1000_read_phy_reg_hv_locked(hw, CV_SMB_CTRL, &phy_reg); if (ret_val) { @@ -1333,6 +1364,8 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) phy_reg &= ~CV_SMB_CTRL_FORCE_SMBUS; e1000_write_phy_reg_hv_locked(hw, CV_SMB_CTRL, phy_reg); + e1000e_enable_phy_retry(hw); + /* Unforce SMBus mode in MAC */ mac_reg = er32(CTRL_EXT); mac_reg &= ~E1000_CTRL_EXT_FORCE_SMBUS; diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c index 5e329156d1ba..93544f1cc2a5 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.c +++ b/drivers/net/ethernet/intel/e1000e/phy.c @@ -107,6 +107,16 @@ s32 e1000e_phy_reset_dsp(struct e1000_hw *hw) return e1e_wphy(hw, M88E1000_PHY_GEN_CONTROL, 0); } +void e1000e_disable_phy_retry(struct e1000_hw *hw) +{ + hw->phy.retry_enabled = false; +} + +void e1000e_enable_phy_retry(struct e1000_hw *hw) +{ + hw->phy.retry_enabled = true; +} + /** * e1000e_read_phy_reg_mdic - Read MDI control register * @hw: pointer to the HW structure @@ -118,55 +128,73 @@ s32 e1000e_phy_reset_dsp(struct e1000_hw *hw) **/ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) { + u32 i, mdic = 0, retry_counter, retry_max; struct e1000_phy_info *phy = &hw->phy; - u32 i, mdic = 0; + bool success; if (offset > MAX_PHY_REG_ADDRESS) { e_dbg("PHY Address %d is out of range\n", offset); return -E1000_ERR_PARAM; } + retry_max = phy->retry_enabled ? phy->retry_count : 0; + /* Set up Op-code, Phy Address, and register offset in the MDI * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ - mdic = ((offset << E1000_MDIC_REG_SHIFT) | - (phy->addr << E1000_MDIC_PHY_SHIFT) | - (E1000_MDIC_OP_READ)); + for (retry_counter = 0; retry_counter <= retry_max; retry_counter++) { + success = true; - ew32(MDIC, mdic); + mdic = ((offset << E1000_MDIC_REG_SHIFT) | + (phy->addr << E1000_MDIC_PHY_SHIFT) | + (E1000_MDIC_OP_READ)); - /* Poll the ready bit to see if the MDI read completed - * Increasing the time out as testing showed failures with - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; - } - if (!(mdic & E1000_MDIC_READY)) { - e_dbg("MDI Read PHY Reg Address %d did not complete\n", offset); - return -E1000_ERR_PHY; - } - if (mdic & E1000_MDIC_ERROR) { - e_dbg("MDI Read PHY Reg Address %d Error\n", offset); - return -E1000_ERR_PHY; - } - if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { - e_dbg("MDI Read offset error - requested %d, returned %d\n", - offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); - return -E1000_ERR_PHY; - } - *data = (u16)mdic; + ew32(MDIC, mdic); - /* Allow some time after each MDIC transaction to avoid - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) - udelay(100); - return 0; + /* Poll the ready bit to see if the MDI read completed + * Increasing the time out as testing showed failures with + * the lower time out + */ + for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { + usleep_range(50, 60); + mdic = er32(MDIC); + if (mdic & E1000_MDIC_READY) + break; + } + if (!(mdic & E1000_MDIC_READY)) { + e_dbg("MDI Read PHY Reg Address %d did not complete\n", + offset); + success = false; + } + if (mdic & E1000_MDIC_ERROR) { + e_dbg("MDI Read PHY Reg Address %d Error\n", offset); + success = false; + } + if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { + e_dbg("MDI Read offset error - requested %d, returned %d\n", + offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); + success = false; + } + + /* Allow some time after each MDIC transaction to avoid + * reading duplicate data in the next MDIC transaction. + */ + if (hw->mac.type == e1000_pch2lan) + usleep_range(100, 150); + + if (success) { + *data = (u16)mdic; + return 0; + } + + if (retry_counter != retry_max) { + e_dbg("Perform retry on PHY transaction...\n"); + mdelay(10); + } + } + + return -E1000_ERR_PHY; } /** @@ -179,56 +207,72 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data) **/ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data) { + u32 i, mdic = 0, retry_counter, retry_max; struct e1000_phy_info *phy = &hw->phy; - u32 i, mdic = 0; + bool success; if (offset > MAX_PHY_REG_ADDRESS) { e_dbg("PHY Address %d is out of range\n", offset); return -E1000_ERR_PARAM; } + retry_max = phy->retry_enabled ? phy->retry_count : 0; + /* Set up Op-code, Phy Address, and register offset in the MDI * Control register. The MAC will take care of interfacing with the * PHY to retrieve the desired data. */ - mdic = (((u32)data) | - (offset << E1000_MDIC_REG_SHIFT) | - (phy->addr << E1000_MDIC_PHY_SHIFT) | - (E1000_MDIC_OP_WRITE)); + for (retry_counter = 0; retry_counter <= retry_max; retry_counter++) { + success = true; - ew32(MDIC, mdic); + mdic = (((u32)data) | + (offset << E1000_MDIC_REG_SHIFT) | + (phy->addr << E1000_MDIC_PHY_SHIFT) | + (E1000_MDIC_OP_WRITE)); - /* Poll the ready bit to see if the MDI read completed - * Increasing the time out as testing showed failures with - * the lower time out - */ - for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { - udelay(50); - mdic = er32(MDIC); - if (mdic & E1000_MDIC_READY) - break; - } - if (!(mdic & E1000_MDIC_READY)) { - e_dbg("MDI Write PHY Reg Address %d did not complete\n", offset); - return -E1000_ERR_PHY; - } - if (mdic & E1000_MDIC_ERROR) { - e_dbg("MDI Write PHY Red Address %d Error\n", offset); - return -E1000_ERR_PHY; - } - if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { - e_dbg("MDI Write offset error - requested %d, returned %d\n", - offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); - return -E1000_ERR_PHY; + ew32(MDIC, mdic); + + /* Poll the ready bit to see if the MDI read completed + * Increasing the time out as testing showed failures with + * the lower time out + */ + for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) { + usleep_range(50, 60); + mdic = er32(MDIC); + if (mdic & E1000_MDIC_READY) + break; + } + if (!(mdic & E1000_MDIC_READY)) { + e_dbg("MDI Write PHY Reg Address %d did not complete\n", + offset); + success = false; + } + if (mdic & E1000_MDIC_ERROR) { + e_dbg("MDI Write PHY Reg Address %d Error\n", offset); + success = false; + } + if (FIELD_GET(E1000_MDIC_REG_MASK, mdic) != offset) { + e_dbg("MDI Write offset error - requested %d, returned %d\n", + offset, FIELD_GET(E1000_MDIC_REG_MASK, mdic)); + success = false; + } + + /* Allow some time after each MDIC transaction to avoid + * reading duplicate data in the next MDIC transaction. + */ + if (hw->mac.type == e1000_pch2lan) + usleep_range(100, 150); + + if (success) + return 0; + + if (retry_counter != retry_max) { + e_dbg("Perform retry on PHY transaction...\n"); + mdelay(10); + } } - /* Allow some time after each MDIC transaction to avoid - * reading duplicate data in the next MDIC transaction. - */ - if (hw->mac.type == e1000_pch2lan) - udelay(100); - - return 0; + return -E1000_ERR_PHY; } /** diff --git a/drivers/net/ethernet/intel/e1000e/phy.h b/drivers/net/ethernet/intel/e1000e/phy.h index c48777d09523..049bb325b4b1 100644 --- a/drivers/net/ethernet/intel/e1000e/phy.h +++ b/drivers/net/ethernet/intel/e1000e/phy.h @@ -51,6 +51,8 @@ s32 e1000e_read_phy_reg_bm2(struct e1000_hw *hw, u32 offset, u16 *data); s32 e1000e_write_phy_reg_bm2(struct e1000_hw *hw, u32 offset, u16 data); void e1000_power_up_phy_copper(struct e1000_hw *hw); void e1000_power_down_phy_copper(struct e1000_hw *hw); +void e1000e_disable_phy_retry(struct e1000_hw *hw); +void e1000e_enable_phy_retry(struct e1000_hw *hw); s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data); s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data); s32 e1000_read_phy_reg_hv(struct e1000_hw *hw, u32 offset, u16 *data);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] erspan: make sure erspan_base_hdr is present in skb->head" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 17af420545a750f763025149fa7b833a4fc8b8f0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040548-singing-itunes-347d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 17af420545a750f763025149fa7b833a4fc8b8f0 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 28 Mar 2024 11:22:48 +0000 Subject: [PATCH] erspan: make sure erspan_base_hdr is present in skb->head syzbot reported a problem in ip6erspan_rcv() [1] Issue is that ip6erspan_rcv() (and erspan_rcv()) no longer make sure erspan_base_hdr is present in skb linear part (skb->head) before getting @ver field from it. Add the missing pskb_may_pull() calls. v2: Reload iph pointer in erspan_rcv() after pskb_may_pull() because skb->head might have changed. [1] BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2742 [inline] BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2756 [inline] BUG: KMSAN: uninit-value in ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline] BUG: KMSAN: uninit-value in gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610 pskb_may_pull_reason include/linux/skbuff.h:2742 [inline] pskb_may_pull include/linux/skbuff.h:2756 [inline] ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline] gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610 ip6_protocol_deliver_rcu+0x1d4c/0x2ca0 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x955/0x970 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xde/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5538 [inline] __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5652 netif_receive_skb_internal net/core/dev.c:5738 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5798 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1549 tun_get_user+0x5566/0x69e0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2108 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb63/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xe0 fs/read_write.c:652 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1318 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 tun_alloc_skb drivers/net/tun.c:1525 [inline] tun_get_user+0x209a/0x69e0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2108 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb63/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xe0 fs/read_write.c:652 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 CPU: 1 PID: 5045 Comm: syz-executor114 Not tainted 6.9.0-rc1-syzkaller-00021-g962490525cff #0 Fixes: cb73ee40b1b3 ("net: ip_gre: use erspan key field for tunnel lookup") Reported-by: syzbot+1c1cf138518bf0c53d68(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/000000000000772f2c0614b66ef7@google.com/ Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Lorenzo Bianconi <lorenzo(a)kernel.org> Link: https://lore.kernel.org/r/20240328112248.1101491-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 7b16c211b904..57ddcd8c62f6 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -280,8 +280,13 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi, tpi->flags | TUNNEL_NO_KEY, iph->saddr, iph->daddr, 0); } else { + if (unlikely(!pskb_may_pull(skb, + gre_hdr_len + sizeof(*ershdr)))) + return PACKET_REJECT; + ershdr = (struct erspan_base_hdr *)(skb->data + gre_hdr_len); ver = ershdr->ver; + iph = ip_hdr(skb); tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags | TUNNEL_KEY, iph->saddr, iph->daddr, tpi->key); diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index ca7e77e84283..c89aef524df9 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -528,6 +528,9 @@ static int ip6erspan_rcv(struct sk_buff *skb, struct ip6_tnl *tunnel; u8 ver; + if (unlikely(!pskb_may_pull(skb, sizeof(*ershdr)))) + return PACKET_REJECT; + ipv6h = ipv6_hdr(skb); ershdr = (struct erspan_base_hdr *)skb->data; ver = ershdr->ver;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] erspan: make sure erspan_base_hdr is present in skb->head" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 17af420545a750f763025149fa7b833a4fc8b8f0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040546-snooze-purplish-b2df@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 17af420545a750f763025149fa7b833a4fc8b8f0 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 28 Mar 2024 11:22:48 +0000 Subject: [PATCH] erspan: make sure erspan_base_hdr is present in skb->head syzbot reported a problem in ip6erspan_rcv() [1] Issue is that ip6erspan_rcv() (and erspan_rcv()) no longer make sure erspan_base_hdr is present in skb linear part (skb->head) before getting @ver field from it. Add the missing pskb_may_pull() calls. v2: Reload iph pointer in erspan_rcv() after pskb_may_pull() because skb->head might have changed. [1] BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2742 [inline] BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2756 [inline] BUG: KMSAN: uninit-value in ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline] BUG: KMSAN: uninit-value in gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610 pskb_may_pull_reason include/linux/skbuff.h:2742 [inline] pskb_may_pull include/linux/skbuff.h:2756 [inline] ip6erspan_rcv net/ipv6/ip6_gre.c:541 [inline] gre_rcv+0x11f8/0x1930 net/ipv6/ip6_gre.c:610 ip6_protocol_deliver_rcu+0x1d4c/0x2ca0 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x955/0x970 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xde/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5538 [inline] __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5652 netif_receive_skb_internal net/core/dev.c:5738 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5798 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1549 tun_get_user+0x5566/0x69e0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2108 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb63/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xe0 fs/read_write.c:652 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1318 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 tun_alloc_skb drivers/net/tun.c:1525 [inline] tun_get_user+0x209a/0x69e0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2108 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb63/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xe0 fs/read_write.c:652 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 CPU: 1 PID: 5045 Comm: syz-executor114 Not tainted 6.9.0-rc1-syzkaller-00021-g962490525cff #0 Fixes: cb73ee40b1b3 ("net: ip_gre: use erspan key field for tunnel lookup") Reported-by: syzbot+1c1cf138518bf0c53d68(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/000000000000772f2c0614b66ef7@google.com/ Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Lorenzo Bianconi <lorenzo(a)kernel.org> Link: https://lore.kernel.org/r/20240328112248.1101491-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 7b16c211b904..57ddcd8c62f6 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -280,8 +280,13 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi, tpi->flags | TUNNEL_NO_KEY, iph->saddr, iph->daddr, 0); } else { + if (unlikely(!pskb_may_pull(skb, + gre_hdr_len + sizeof(*ershdr)))) + return PACKET_REJECT; + ershdr = (struct erspan_base_hdr *)(skb->data + gre_hdr_len); ver = ershdr->ver; + iph = ip_hdr(skb); tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags | TUNNEL_KEY, iph->saddr, iph->daddr, tpi->key); diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index ca7e77e84283..c89aef524df9 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -528,6 +528,9 @@ static int ip6erspan_rcv(struct sk_buff *skb, struct ip6_tnl *tunnel; u8 ver; + if (unlikely(!pskb_may_pull(skb, sizeof(*ershdr)))) + return PACKET_REJECT; + ipv6h = ipv6_hdr(skb); ershdr = (struct erspan_base_hdr *)skb->data; ver = ershdr->ver;

1 year, 5 months

1
0
0 0

Re: [PATCH v3] rust: make mutually exclusive with CFI_CLANG

by Miguel Ojeda

On Fri, Apr 5, 2024 at 12:34 AM Ramon de C Valle <rcvalle(a)google.com> wrote: > > Sorry about that, I should've done this already. In addition to the link you added above, here's a tracking issue for KCFI support for Rust: > https://github.com/rust-lang/rust/issues/123479 No worries! Thanks for taking the time creating the new tracking issue -- linked now from our issue #2. I also linked your update here and noted the benchmarking needs / regressions report request too. Cheers, Miguel

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4535e1a4174c4111d92c5a9a21e542d232e0fcaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033030-steam-implosion-5c12@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4535e1a4174c4111d92c5a9a21e542d232e0fcaa Mon Sep 17 00:00:00 2001 From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Date: Thu, 28 Mar 2024 13:59:05 +0100 Subject: [PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4 The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly. However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro- architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now. Reshuffle the alternative macros to accomplish that. Fixes: e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 076bf8dee702..25466c4d2134 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -14,6 +14,7 @@ #include <asm/asm.h> #include <asm/fred.h> #include <asm/gsseg.h> +#include <asm/nospec-branch.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index fc3a8a3c7ffe..170c89ed22fc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -262,11 +262,20 @@ .Lskip_rsb_\@: .endm +/* + * The CALL to srso_alias_untrain_ret() must be patched in directly at + * the spot where untraining must be done, ie., srso_alias_untrain_ret() + * must be the target of a CALL instruction instead of indirectly + * jumping to a wrapper which then calls it. Therefore, this macro is + * called outside of __UNTRAIN_RET below, for the time being, before the + * kernel can support nested alternatives with arbitrary nesting. + */ +.macro CALL_UNTRAIN_RET #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) -#define CALL_UNTRAIN_RET "call entry_untrain_ret" -#else -#define CALL_UNTRAIN_RET "" + ALTERNATIVE_2 "", "call entry_untrain_ret", X86_FEATURE_UNRET, \ + "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS #endif +.endm /* * Mitigate RETBleed for AMD/Hygon Zen uarch. Requires KERNEL CR3 because the @@ -282,8 +291,8 @@ .macro __UNTRAIN_RET ibpb_feature, call_depth_insns #if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY) VALIDATE_UNRET_END - ALTERNATIVE_3 "", \ - CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \ + CALL_UNTRAIN_RET + ALTERNATIVE_2 "", \ "call entry_ibpb", \ibpb_feature, \ __stringify(\call_depth_insns), X86_FEATURE_CALL_DEPTH #endif @@ -342,6 +351,8 @@ extern void retbleed_return_thunk(void); static inline void retbleed_return_thunk(void) {} #endif +extern void srso_alias_untrain_ret(void); + #ifdef CONFIG_MITIGATION_SRSO extern void srso_return_thunk(void); extern void srso_alias_return_thunk(void); diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 721b528da9ac..02cde194a99e 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -163,6 +163,7 @@ SYM_CODE_START_NOALIGN(srso_alias_untrain_ret) lfence jmp srso_alias_return_thunk SYM_FUNC_END(srso_alias_untrain_ret) +__EXPORT_THUNK(srso_alias_untrain_ret) .popsection .pushsection .text..__x86.rethunk_safe @@ -224,10 +225,12 @@ SYM_CODE_START(srso_return_thunk) SYM_CODE_END(srso_return_thunk) #define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret" #else /* !CONFIG_MITIGATION_SRSO */ +/* Dummy for the alternative in CALL_UNTRAIN_RET. */ +SYM_CODE_START(srso_alias_untrain_ret) + RET +SYM_FUNC_END(srso_alias_untrain_ret) #define JMP_SRSO_UNTRAIN_RET "ud2" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2" #endif /* CONFIG_MITIGATION_SRSO */ #ifdef CONFIG_MITIGATION_UNRET_ENTRY @@ -319,9 +322,7 @@ SYM_FUNC_END(retbleed_untrain_ret) #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) SYM_FUNC_START(entry_untrain_ret) - ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \ - JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO, \ - JMP_SRSO_ALIAS_UNTRAIN_RET, X86_FEATURE_SRSO_ALIAS + ALTERNATIVE JMP_RETBLEED_UNTRAIN_RET, JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO SYM_FUNC_END(entry_untrain_ret) __EXPORT_THUNK(entry_untrain_ret)

1 year, 5 months

3
4
0 0

FAILED: patch "[PATCH] net: fec: Set mac_managed_pm during probe" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cbc17e7802f5de37c7c262204baadfad3f7f99e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040527-action-late-9749@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbc17e7802f5de37c7c262204baadfad3f7f99e5 Mon Sep 17 00:00:00 2001 From: Wei Fang <wei.fang(a)nxp.com> Date: Thu, 28 Mar 2024 15:59:29 +0000 Subject: [PATCH] net: fec: Set mac_managed_pm during probe Setting mac_managed_pm during interface up is too late. In situations where the link is not brought up yet and the system suspends the regular PHY power management will run. Since the FEC ETHEREN control bit is cleared (automatically) on suspend the controller is off in resume. When the regular PHY power management resume path runs in this context it will write to the MII_DATA register but nothing will be transmitted on the MDIO bus. This can be observed by the following log: fec 5b040000.ethernet eth0: MDIO read timeout Microchip LAN87xx T1 5b040000.ethernet-1:04: PM: dpm_run_callback(): mdio_bus_phy_resume+0x0/0xc8 returns -110 Microchip LAN87xx T1 5b040000.ethernet-1:04: PM: failed to resume: error -110 The data written will however remain in the MII_DATA register. When the link later is set to administrative up it will trigger a call to fec_restart() which will restore the MII_SPEED register. This triggers the quirk explained in f166f890c8f0 ("net: ethernet: fec: Replace interrupt driven MDIO with polled IO") causing an extra MII_EVENT. This extra event desynchronizes all the MDIO register reads, causing them to complete too early. Leading all reads to read as 0 because fec_enet_mdio_wait() returns too early. When a Microchip LAN8700R PHY is connected to the FEC, the 0 reads causes the PHY to be initialized incorrectly and the PHY will not transmit any ethernet signal in this state. It cannot be brought out of this state without a power cycle of the PHY. Fixes: 557d5dc83f68 ("net: fec: use mac-managed PHY PM") Closes: https://lore.kernel.org/netdev/1f45bdbe-eab1-4e59-8f24-add177590d27@actia.s… Signed-off-by: Wei Fang <wei.fang(a)nxp.com> [jernberg: commit message] Signed-off-by: John Ernberg <john.ernberg(a)actia.se> Link: https://lore.kernel.org/r/20240328155909.59613-2-john.ernberg@actia.se Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c index d7693fdf640d..8bd213da8fb6 100644 --- a/drivers/net/ethernet/freescale/fec_main.c +++ b/drivers/net/ethernet/freescale/fec_main.c @@ -2454,8 +2454,6 @@ static int fec_enet_mii_probe(struct net_device *ndev) fep->link = 0; fep->full_duplex = 0; - phy_dev->mac_managed_pm = true; - phy_attached_info(phy_dev); return 0; @@ -2467,10 +2465,12 @@ static int fec_enet_mii_init(struct platform_device *pdev) struct net_device *ndev = platform_get_drvdata(pdev); struct fec_enet_private *fep = netdev_priv(ndev); bool suppress_preamble = false; + struct phy_device *phydev; struct device_node *node; int err = -ENXIO; u32 mii_speed, holdtime; u32 bus_freq; + int addr; /* * The i.MX28 dual fec interfaces are not equal. @@ -2584,6 +2584,13 @@ static int fec_enet_mii_init(struct platform_device *pdev) goto err_out_free_mdiobus; of_node_put(node); + /* find all the PHY devices on the bus and set mac_managed_pm to true */ + for (addr = 0; addr < PHY_MAX_ADDR; addr++) { + phydev = mdiobus_get_phy(fep->mii_bus, addr); + if (phydev) + phydev->mac_managed_pm = true; + } + mii_cnt++; /* save fec0 mii_bus */

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] net: fec: Set mac_managed_pm during probe" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cbc17e7802f5de37c7c262204baadfad3f7f99e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040525-buccaneer-rehab-aa0f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbc17e7802f5de37c7c262204baadfad3f7f99e5 Mon Sep 17 00:00:00 2001 From: Wei Fang <wei.fang(a)nxp.com> Date: Thu, 28 Mar 2024 15:59:29 +0000 Subject: [PATCH] net: fec: Set mac_managed_pm during probe Setting mac_managed_pm during interface up is too late. In situations where the link is not brought up yet and the system suspends the regular PHY power management will run. Since the FEC ETHEREN control bit is cleared (automatically) on suspend the controller is off in resume. When the regular PHY power management resume path runs in this context it will write to the MII_DATA register but nothing will be transmitted on the MDIO bus. This can be observed by the following log: fec 5b040000.ethernet eth0: MDIO read timeout Microchip LAN87xx T1 5b040000.ethernet-1:04: PM: dpm_run_callback(): mdio_bus_phy_resume+0x0/0xc8 returns -110 Microchip LAN87xx T1 5b040000.ethernet-1:04: PM: failed to resume: error -110 The data written will however remain in the MII_DATA register. When the link later is set to administrative up it will trigger a call to fec_restart() which will restore the MII_SPEED register. This triggers the quirk explained in f166f890c8f0 ("net: ethernet: fec: Replace interrupt driven MDIO with polled IO") causing an extra MII_EVENT. This extra event desynchronizes all the MDIO register reads, causing them to complete too early. Leading all reads to read as 0 because fec_enet_mdio_wait() returns too early. When a Microchip LAN8700R PHY is connected to the FEC, the 0 reads causes the PHY to be initialized incorrectly and the PHY will not transmit any ethernet signal in this state. It cannot be brought out of this state without a power cycle of the PHY. Fixes: 557d5dc83f68 ("net: fec: use mac-managed PHY PM") Closes: https://lore.kernel.org/netdev/1f45bdbe-eab1-4e59-8f24-add177590d27@actia.s… Signed-off-by: Wei Fang <wei.fang(a)nxp.com> [jernberg: commit message] Signed-off-by: John Ernberg <john.ernberg(a)actia.se> Link: https://lore.kernel.org/r/20240328155909.59613-2-john.ernberg@actia.se Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c index d7693fdf640d..8bd213da8fb6 100644 --- a/drivers/net/ethernet/freescale/fec_main.c +++ b/drivers/net/ethernet/freescale/fec_main.c @@ -2454,8 +2454,6 @@ static int fec_enet_mii_probe(struct net_device *ndev) fep->link = 0; fep->full_duplex = 0; - phy_dev->mac_managed_pm = true; - phy_attached_info(phy_dev); return 0; @@ -2467,10 +2465,12 @@ static int fec_enet_mii_init(struct platform_device *pdev) struct net_device *ndev = platform_get_drvdata(pdev); struct fec_enet_private *fep = netdev_priv(ndev); bool suppress_preamble = false; + struct phy_device *phydev; struct device_node *node; int err = -ENXIO; u32 mii_speed, holdtime; u32 bus_freq; + int addr; /* * The i.MX28 dual fec interfaces are not equal. @@ -2584,6 +2584,13 @@ static int fec_enet_mii_init(struct platform_device *pdev) goto err_out_free_mdiobus; of_node_put(node); + /* find all the PHY devices on the bus and set mac_managed_pm to true */ + for (addr = 0; addr < PHY_MAX_ADDR; addr++) { + phydev = mdiobus_get_phy(fep->mii_bus, addr); + if (phydev) + phydev->mac_managed_pm = true; + } + mii_cnt++; /* save fec0 mii_bus */

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 4535e1a4174c4111d92c5a9a21e542d232e0fcaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033027-tapered-curly-3516@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4535e1a4174c4111d92c5a9a21e542d232e0fcaa Mon Sep 17 00:00:00 2001 From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Date: Thu, 28 Mar 2024 13:59:05 +0100 Subject: [PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4 The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly. However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro- architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now. Reshuffle the alternative macros to accomplish that. Fixes: e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 076bf8dee702..25466c4d2134 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -14,6 +14,7 @@ #include <asm/asm.h> #include <asm/fred.h> #include <asm/gsseg.h> +#include <asm/nospec-branch.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index fc3a8a3c7ffe..170c89ed22fc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -262,11 +262,20 @@ .Lskip_rsb_\@: .endm +/* + * The CALL to srso_alias_untrain_ret() must be patched in directly at + * the spot where untraining must be done, ie., srso_alias_untrain_ret() + * must be the target of a CALL instruction instead of indirectly + * jumping to a wrapper which then calls it. Therefore, this macro is + * called outside of __UNTRAIN_RET below, for the time being, before the + * kernel can support nested alternatives with arbitrary nesting. + */ +.macro CALL_UNTRAIN_RET #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) -#define CALL_UNTRAIN_RET "call entry_untrain_ret" -#else -#define CALL_UNTRAIN_RET "" + ALTERNATIVE_2 "", "call entry_untrain_ret", X86_FEATURE_UNRET, \ + "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS #endif +.endm /* * Mitigate RETBleed for AMD/Hygon Zen uarch. Requires KERNEL CR3 because the @@ -282,8 +291,8 @@ .macro __UNTRAIN_RET ibpb_feature, call_depth_insns #if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY) VALIDATE_UNRET_END - ALTERNATIVE_3 "", \ - CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \ + CALL_UNTRAIN_RET + ALTERNATIVE_2 "", \ "call entry_ibpb", \ibpb_feature, \ __stringify(\call_depth_insns), X86_FEATURE_CALL_DEPTH #endif @@ -342,6 +351,8 @@ extern void retbleed_return_thunk(void); static inline void retbleed_return_thunk(void) {} #endif +extern void srso_alias_untrain_ret(void); + #ifdef CONFIG_MITIGATION_SRSO extern void srso_return_thunk(void); extern void srso_alias_return_thunk(void); diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 721b528da9ac..02cde194a99e 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -163,6 +163,7 @@ SYM_CODE_START_NOALIGN(srso_alias_untrain_ret) lfence jmp srso_alias_return_thunk SYM_FUNC_END(srso_alias_untrain_ret) +__EXPORT_THUNK(srso_alias_untrain_ret) .popsection .pushsection .text..__x86.rethunk_safe @@ -224,10 +225,12 @@ SYM_CODE_START(srso_return_thunk) SYM_CODE_END(srso_return_thunk) #define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret" #else /* !CONFIG_MITIGATION_SRSO */ +/* Dummy for the alternative in CALL_UNTRAIN_RET. */ +SYM_CODE_START(srso_alias_untrain_ret) + RET +SYM_FUNC_END(srso_alias_untrain_ret) #define JMP_SRSO_UNTRAIN_RET "ud2" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2" #endif /* CONFIG_MITIGATION_SRSO */ #ifdef CONFIG_MITIGATION_UNRET_ENTRY @@ -319,9 +322,7 @@ SYM_FUNC_END(retbleed_untrain_ret) #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) SYM_FUNC_START(entry_untrain_ret) - ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \ - JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO, \ - JMP_SRSO_ALIAS_UNTRAIN_RET, X86_FEATURE_SRSO_ALIAS + ALTERNATIVE JMP_RETBLEED_UNTRAIN_RET, JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO SYM_FUNC_END(entry_untrain_ret) __EXPORT_THUNK(entry_untrain_ret)

1 year, 5 months

3
3
0 0

FAILED: patch "[PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 4535e1a4174c4111d92c5a9a21e542d232e0fcaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033028-lumpiness-pouch-475f@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4535e1a4174c4111d92c5a9a21e542d232e0fcaa Mon Sep 17 00:00:00 2001 From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Date: Thu, 28 Mar 2024 13:59:05 +0100 Subject: [PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4 The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly. However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro- architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now. Reshuffle the alternative macros to accomplish that. Fixes: e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 076bf8dee702..25466c4d2134 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -14,6 +14,7 @@ #include <asm/asm.h> #include <asm/fred.h> #include <asm/gsseg.h> +#include <asm/nospec-branch.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index fc3a8a3c7ffe..170c89ed22fc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -262,11 +262,20 @@ .Lskip_rsb_\@: .endm +/* + * The CALL to srso_alias_untrain_ret() must be patched in directly at + * the spot where untraining must be done, ie., srso_alias_untrain_ret() + * must be the target of a CALL instruction instead of indirectly + * jumping to a wrapper which then calls it. Therefore, this macro is + * called outside of __UNTRAIN_RET below, for the time being, before the + * kernel can support nested alternatives with arbitrary nesting. + */ +.macro CALL_UNTRAIN_RET #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) -#define CALL_UNTRAIN_RET "call entry_untrain_ret" -#else -#define CALL_UNTRAIN_RET "" + ALTERNATIVE_2 "", "call entry_untrain_ret", X86_FEATURE_UNRET, \ + "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS #endif +.endm /* * Mitigate RETBleed for AMD/Hygon Zen uarch. Requires KERNEL CR3 because the @@ -282,8 +291,8 @@ .macro __UNTRAIN_RET ibpb_feature, call_depth_insns #if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY) VALIDATE_UNRET_END - ALTERNATIVE_3 "", \ - CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \ + CALL_UNTRAIN_RET + ALTERNATIVE_2 "", \ "call entry_ibpb", \ibpb_feature, \ __stringify(\call_depth_insns), X86_FEATURE_CALL_DEPTH #endif @@ -342,6 +351,8 @@ extern void retbleed_return_thunk(void); static inline void retbleed_return_thunk(void) {} #endif +extern void srso_alias_untrain_ret(void); + #ifdef CONFIG_MITIGATION_SRSO extern void srso_return_thunk(void); extern void srso_alias_return_thunk(void); diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 721b528da9ac..02cde194a99e 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -163,6 +163,7 @@ SYM_CODE_START_NOALIGN(srso_alias_untrain_ret) lfence jmp srso_alias_return_thunk SYM_FUNC_END(srso_alias_untrain_ret) +__EXPORT_THUNK(srso_alias_untrain_ret) .popsection .pushsection .text..__x86.rethunk_safe @@ -224,10 +225,12 @@ SYM_CODE_START(srso_return_thunk) SYM_CODE_END(srso_return_thunk) #define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret" #else /* !CONFIG_MITIGATION_SRSO */ +/* Dummy for the alternative in CALL_UNTRAIN_RET. */ +SYM_CODE_START(srso_alias_untrain_ret) + RET +SYM_FUNC_END(srso_alias_untrain_ret) #define JMP_SRSO_UNTRAIN_RET "ud2" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2" #endif /* CONFIG_MITIGATION_SRSO */ #ifdef CONFIG_MITIGATION_UNRET_ENTRY @@ -319,9 +322,7 @@ SYM_FUNC_END(retbleed_untrain_ret) #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) SYM_FUNC_START(entry_untrain_ret) - ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \ - JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO, \ - JMP_SRSO_ALIAS_UNTRAIN_RET, X86_FEATURE_SRSO_ALIAS + ALTERNATIVE JMP_RETBLEED_UNTRAIN_RET, JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO SYM_FUNC_END(entry_untrain_ret) __EXPORT_THUNK(entry_untrain_ret)

1 year, 5 months

3
3
0 0

FAILED: patch "[PATCH] netfilter: validate user input for expected length" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0c83842df40f86e529db6842231154772c20edcc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040546-bok-prewar-7294@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0c83842df40f86e529db6842231154772c20edcc Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 4 Apr 2024 12:20:51 +0000 Subject: [PATCH] netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc in cgroup/{s,g}etsockopt") setsockopt() @optlen argument should be taken into account before copying data. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline] BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627 Read of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238 CPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline] do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627 nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101 do_sock_setsockopt+0x3af/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x72/0x7a RIP: 0033:0x7fd22067dde9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000 R10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8 </TASK> Allocated by task 7238: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:4069 [inline] __kmalloc_noprof+0x200/0x410 mm/slub.c:4082 kmalloc_noprof include/linux/slab.h:664 [inline] __cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869 do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x72/0x7a The buggy address belongs to the object at ffff88802cd73da0 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 0 bytes inside of allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73 flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff) page_type: 0xffffefff(slab) raw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122 raw: ffff88802cd73020 000000008080007f 00000001ffffefff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5103, tgid 2119833701 (syz-executor.4), ts 5103, free_ts 70804600828 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1490 prep_new_page mm/page_alloc.c:1498 [inline] get_page_from_freelist+0x2e7e/0x2f40 mm/page_alloc.c:3454 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4712 __alloc_pages_node_noprof include/linux/gfp.h:244 [inline] alloc_pages_node_noprof include/linux/gfp.h:271 [inline] alloc_slab_page+0x5f/0x120 mm/slub.c:2249 allocate_slab+0x5a/0x2e0 mm/slub.c:2412 new_slab mm/slub.c:2465 [inline] ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3615 __slab_alloc+0x58/0xa0 mm/slub.c:3705 __slab_alloc_node mm/slub.c:3758 [inline] slab_alloc_node mm/slub.c:3936 [inline] __do_kmalloc_node mm/slub.c:4068 [inline] kmalloc_node_track_caller_noprof+0x286/0x450 mm/slub.c:4089 kstrdup+0x3a/0x80 mm/util.c:62 device_rename+0xb5/0x1b0 drivers/base/core.c:4558 dev_change_name+0x275/0x860 net/core/dev.c:1232 do_setlink+0xa4b/0x41f0 net/core/rtnetlink.c:2864 __rtnl_newlink net/core/rtnetlink.c:3680 [inline] rtnl_newlink+0x180b/0x20a0 net/core/rtnetlink.c:3727 rtnetlink_rcv_msg+0x89b/0x10d0 net/core/rtnetlink.c:6594 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2559 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361 page last free pid 5146 tgid 5146 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1110 [inline] free_unref_page+0xd3c/0xec0 mm/page_alloc.c:2617 discard_slab mm/slub.c:2511 [inline] __put_partials+0xeb/0x130 mm/slub.c:2980 put_cpu_partial+0x17c/0x250 mm/slub.c:3055 __slab_free+0x2ea/0x3d0 mm/slub.c:4254 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:322 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3888 [inline] slab_alloc_node mm/slub.c:3948 [inline] __do_kmalloc_node mm/slub.c:4068 [inline] __kmalloc_node_noprof+0x1d7/0x450 mm/slub.c:4076 kmalloc_node_noprof include/linux/slab.h:681 [inline] kvmalloc_node_noprof+0x72/0x190 mm/util.c:634 bucket_table_alloc lib/rhashtable.c:186 [inline] rhashtable_rehash_alloc+0x9e/0x290 lib/rhashtable.c:367 rht_deferred_worker+0x4e1/0x2440 lib/rhashtable.c:427 process_one_work kernel/workqueue.c:3218 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3299 worker_thread+0x86d/0xd70 kernel/workqueue.c:3380 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 Memory state around the buggy address: ffff88802cd73c80: 07 fc fc fc 05 fc fc fc 05 fc fc fc fa fc fc fc ffff88802cd73d00: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc >ffff88802cd73d80: fa fc fc fc 01 fc fc fc fa fc fc fc fa fc fc fc ^ ffff88802cd73e00: fa fc fc fc fa fc fc fc 05 fc fc fc 07 fc fc fc ffff88802cd73e80: 07 fc fc fc 07 fc fc fc 07 fc fc fc 07 fc fc fc Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Link: https://lore.kernel.org/r/20240404122051.2303764-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 99d82676f780..cbd0e3586c3f 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1111,6 +1111,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len) struct ebt_table_info *newinfo; struct ebt_replace tmp; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; @@ -1423,6 +1425,8 @@ static int update_counters(struct net *net, sockptr_t arg, unsigned int len) { struct ebt_replace hlp; + if (len < sizeof(hlp)) + return -EINVAL; if (copy_from_sockptr(&hlp, arg, sizeof(hlp))) return -EFAULT; @@ -2352,6 +2356,8 @@ static int compat_update_counters(struct net *net, sockptr_t arg, { struct compat_ebt_replace hlp; + if (len < sizeof(hlp)) + return -EINVAL; if (copy_from_sockptr(&hlp, arg, sizeof(hlp))) return -EFAULT; diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 2407066b0fec..b150c9929b12 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -956,6 +956,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct arpt_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; @@ -1254,6 +1256,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct arpt_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 7da1df4997d0..487670759578 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1108,6 +1108,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ipt_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; @@ -1492,6 +1494,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ipt_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index fd9f049d6d41..636b360311c5 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1125,6 +1125,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ip6t_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; @@ -1501,6 +1503,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ip6t_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: validate user input for expected length" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0c83842df40f86e529db6842231154772c20edcc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040543-paralegal-cabbage-12dc@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0c83842df40f86e529db6842231154772c20edcc Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 4 Apr 2024 12:20:51 +0000 Subject: [PATCH] netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc in cgroup/{s,g}etsockopt") setsockopt() @optlen argument should be taken into account before copying data. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline] BUG: KASAN: slab-out-of-bounds in do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627 Read of size 96 at addr ffff88802cd73da0 by task syz-executor.4/7238 CPU: 1 PID: 7238 Comm: syz-executor.4 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] do_replace net/ipv4/netfilter/ip_tables.c:1111 [inline] do_ipt_set_ctl+0x902/0x3dd0 net/ipv4/netfilter/ip_tables.c:1627 nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101 do_sock_setsockopt+0x3af/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x72/0x7a RIP: 0033:0x7fd22067dde9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd21f9ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fd2207abf80 RCX: 00007fd22067dde9 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007fd2206ca47a R08: 0000000000000001 R09: 0000000000000000 R10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fd2207abf80 R15: 00007ffd2d0170d8 </TASK> Allocated by task 7238: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:4069 [inline] __kmalloc_noprof+0x200/0x410 mm/slub.c:4082 kmalloc_noprof include/linux/slab.h:664 [inline] __cgroup_bpf_run_filter_setsockopt+0xd47/0x1050 kernel/bpf/cgroup.c:1869 do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x72/0x7a The buggy address belongs to the object at ffff88802cd73da0 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 0 bytes inside of allocated 1-byte region [ffff88802cd73da0, ffff88802cd73da1) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802cd73020 pfn:0x2cd73 flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff) page_type: 0xffffefff(slab) raw: 00fff80000000000 ffff888015041280 dead000000000100 dead000000000122 raw: ffff88802cd73020 000000008080007f 00000001ffffefff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5103, tgid 2119833701 (syz-executor.4), ts 5103, free_ts 70804600828 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1490 prep_new_page mm/page_alloc.c:1498 [inline] get_page_from_freelist+0x2e7e/0x2f40 mm/page_alloc.c:3454 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4712 __alloc_pages_node_noprof include/linux/gfp.h:244 [inline] alloc_pages_node_noprof include/linux/gfp.h:271 [inline] alloc_slab_page+0x5f/0x120 mm/slub.c:2249 allocate_slab+0x5a/0x2e0 mm/slub.c:2412 new_slab mm/slub.c:2465 [inline] ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3615 __slab_alloc+0x58/0xa0 mm/slub.c:3705 __slab_alloc_node mm/slub.c:3758 [inline] slab_alloc_node mm/slub.c:3936 [inline] __do_kmalloc_node mm/slub.c:4068 [inline] kmalloc_node_track_caller_noprof+0x286/0x450 mm/slub.c:4089 kstrdup+0x3a/0x80 mm/util.c:62 device_rename+0xb5/0x1b0 drivers/base/core.c:4558 dev_change_name+0x275/0x860 net/core/dev.c:1232 do_setlink+0xa4b/0x41f0 net/core/rtnetlink.c:2864 __rtnl_newlink net/core/rtnetlink.c:3680 [inline] rtnl_newlink+0x180b/0x20a0 net/core/rtnetlink.c:3727 rtnetlink_rcv_msg+0x89b/0x10d0 net/core/rtnetlink.c:6594 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2559 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361 page last free pid 5146 tgid 5146 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1110 [inline] free_unref_page+0xd3c/0xec0 mm/page_alloc.c:2617 discard_slab mm/slub.c:2511 [inline] __put_partials+0xeb/0x130 mm/slub.c:2980 put_cpu_partial+0x17c/0x250 mm/slub.c:3055 __slab_free+0x2ea/0x3d0 mm/slub.c:4254 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:322 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3888 [inline] slab_alloc_node mm/slub.c:3948 [inline] __do_kmalloc_node mm/slub.c:4068 [inline] __kmalloc_node_noprof+0x1d7/0x450 mm/slub.c:4076 kmalloc_node_noprof include/linux/slab.h:681 [inline] kvmalloc_node_noprof+0x72/0x190 mm/util.c:634 bucket_table_alloc lib/rhashtable.c:186 [inline] rhashtable_rehash_alloc+0x9e/0x290 lib/rhashtable.c:367 rht_deferred_worker+0x4e1/0x2440 lib/rhashtable.c:427 process_one_work kernel/workqueue.c:3218 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3299 worker_thread+0x86d/0xd70 kernel/workqueue.c:3380 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 Memory state around the buggy address: ffff88802cd73c80: 07 fc fc fc 05 fc fc fc 05 fc fc fc fa fc fc fc ffff88802cd73d00: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc >ffff88802cd73d80: fa fc fc fc 01 fc fc fc fa fc fc fc fa fc fc fc ^ ffff88802cd73e00: fa fc fc fc fa fc fc fc 05 fc fc fc 07 fc fc fc ffff88802cd73e80: 07 fc fc fc 07 fc fc fc 07 fc fc fc 07 fc fc fc Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Link: https://lore.kernel.org/r/20240404122051.2303764-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 99d82676f780..cbd0e3586c3f 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1111,6 +1111,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len) struct ebt_table_info *newinfo; struct ebt_replace tmp; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; @@ -1423,6 +1425,8 @@ static int update_counters(struct net *net, sockptr_t arg, unsigned int len) { struct ebt_replace hlp; + if (len < sizeof(hlp)) + return -EINVAL; if (copy_from_sockptr(&hlp, arg, sizeof(hlp))) return -EFAULT; @@ -2352,6 +2356,8 @@ static int compat_update_counters(struct net *net, sockptr_t arg, { struct compat_ebt_replace hlp; + if (len < sizeof(hlp)) + return -EINVAL; if (copy_from_sockptr(&hlp, arg, sizeof(hlp))) return -EFAULT; diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 2407066b0fec..b150c9929b12 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -956,6 +956,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct arpt_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; @@ -1254,6 +1256,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct arpt_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 7da1df4997d0..487670759578 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1108,6 +1108,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ipt_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; @@ -1492,6 +1494,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ipt_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index fd9f049d6d41..636b360311c5 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1125,6 +1125,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ip6t_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT; @@ -1501,6 +1503,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ip6t_entry *iter; + if (len < sizeof(tmp)) + return -EINVAL; if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) return -EFAULT;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: discard table flag update with pending" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1bc83a019bbe268be3526406245ec28c2458a518 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040515-cornbread-bottling-0651@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bc83a019bbe268be3526406245ec28c2458a518 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Wed, 3 Apr 2024 19:35:30 +0200 Subject: [PATCH] netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core. Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index e02d0ae4f436..d89d77946719 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1209,10 +1209,11 @@ static bool nft_table_pending_update(const struct nft_ctx *ctx) return true; list_for_each_entry(trans, &nft_net->commit_list, list) { - if ((trans->msg_type == NFT_MSG_NEWCHAIN || - trans->msg_type == NFT_MSG_DELCHAIN) && - trans->ctx.table == ctx->table && - nft_trans_chain_update(trans)) + if (trans->ctx.table == ctx->table && + ((trans->msg_type == NFT_MSG_NEWCHAIN && + nft_trans_chain_update(trans)) || + (trans->msg_type == NFT_MSG_DELCHAIN && + nft_is_base_chain(trans->ctx.chain)))) return true; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: discard table flag update with pending" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1bc83a019bbe268be3526406245ec28c2458a518 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040515-chatroom-cathedral-e974@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bc83a019bbe268be3526406245ec28c2458a518 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Wed, 3 Apr 2024 19:35:30 +0200 Subject: [PATCH] netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core. Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index e02d0ae4f436..d89d77946719 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1209,10 +1209,11 @@ static bool nft_table_pending_update(const struct nft_ctx *ctx) return true; list_for_each_entry(trans, &nft_net->commit_list, list) { - if ((trans->msg_type == NFT_MSG_NEWCHAIN || - trans->msg_type == NFT_MSG_DELCHAIN) && - trans->ctx.table == ctx->table && - nft_trans_chain_update(trans)) + if (trans->ctx.table == ctx->table && + ((trans->msg_type == NFT_MSG_NEWCHAIN && + nft_trans_chain_update(trans)) || + (trans->msg_type == NFT_MSG_DELCHAIN && + nft_is_base_chain(trans->ctx.chain)))) return true; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: discard table flag update with pending" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1bc83a019bbe268be3526406245ec28c2458a518 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040514-browse-cabana-cb93@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bc83a019bbe268be3526406245ec28c2458a518 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Wed, 3 Apr 2024 19:35:30 +0200 Subject: [PATCH] netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core. Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index e02d0ae4f436..d89d77946719 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1209,10 +1209,11 @@ static bool nft_table_pending_update(const struct nft_ctx *ctx) return true; list_for_each_entry(trans, &nft_net->commit_list, list) { - if ((trans->msg_type == NFT_MSG_NEWCHAIN || - trans->msg_type == NFT_MSG_DELCHAIN) && - trans->ctx.table == ctx->table && - nft_trans_chain_update(trans)) + if (trans->ctx.table == ctx->table && + ((trans->msg_type == NFT_MSG_NEWCHAIN && + nft_trans_chain_update(trans)) || + (trans->msg_type == NFT_MSG_DELCHAIN && + nft_is_base_chain(trans->ctx.chain)))) return true; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: discard table flag update with pending" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1bc83a019bbe268be3526406245ec28c2458a518 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040513-slimness-statistic-1bd4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bc83a019bbe268be3526406245ec28c2458a518 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Wed, 3 Apr 2024 19:35:30 +0200 Subject: [PATCH] netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core. Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index e02d0ae4f436..d89d77946719 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1209,10 +1209,11 @@ static bool nft_table_pending_update(const struct nft_ctx *ctx) return true; list_for_each_entry(trans, &nft_net->commit_list, list) { - if ((trans->msg_type == NFT_MSG_NEWCHAIN || - trans->msg_type == NFT_MSG_DELCHAIN) && - trans->ctx.table == ctx->table && - nft_trans_chain_update(trans)) + if (trans->ctx.table == ctx->table && + ((trans->msg_type == NFT_MSG_NEWCHAIN && + nft_trans_chain_update(trans)) || + (trans->msg_type == NFT_MSG_DELCHAIN && + nft_is_base_chain(trans->ctx.chain)))) return true; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: flush pending destroy work before" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 24cea9677025e0de419989ecb692acd4bb34cac2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040525-ripening-clunky-4fa7@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24cea9677025e0de419989ecb692acd4bb34cac2 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Tue, 2 Apr 2024 18:04:36 +0200 Subject: [PATCH] netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net and the destroy workqueue. The trace below shows an element to be released via destroy workqueue while exit_net path (triggered via module removal) has already released the set that is used in such transaction. [ 1360.547789] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables] [ 1360.547861] Read of size 8 at addr ffff888140500cc0 by task kworker/4:1/152465 [ 1360.547870] CPU: 4 PID: 152465 Comm: kworker/4:1 Not tainted 6.8.0+ #359 [ 1360.547882] Workqueue: events nf_tables_trans_destroy_work [nf_tables] [ 1360.547984] Call Trace: [ 1360.547991] <TASK> [ 1360.547998] dump_stack_lvl+0x53/0x70 [ 1360.548014] print_report+0xc4/0x610 [ 1360.548026] ? __virt_addr_valid+0xba/0x160 [ 1360.548040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 1360.548054] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables] [ 1360.548176] kasan_report+0xae/0xe0 [ 1360.548189] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables] [ 1360.548312] nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables] [ 1360.548447] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [nf_tables] [ 1360.548577] ? _raw_spin_unlock_irq+0x18/0x30 [ 1360.548591] process_one_work+0x2f1/0x670 [ 1360.548610] worker_thread+0x4d3/0x760 [ 1360.548627] ? __pfx_worker_thread+0x10/0x10 [ 1360.548640] kthread+0x16b/0x1b0 [ 1360.548653] ? __pfx_kthread+0x10/0x10 [ 1360.548665] ret_from_fork+0x2f/0x50 [ 1360.548679] ? __pfx_kthread+0x10/0x10 [ 1360.548690] ret_from_fork_asm+0x1a/0x30 [ 1360.548707] </TASK> [ 1360.548719] Allocated by task 192061: [ 1360.548726] kasan_save_stack+0x20/0x40 [ 1360.548739] kasan_save_track+0x14/0x30 [ 1360.548750] __kasan_kmalloc+0x8f/0xa0 [ 1360.548760] __kmalloc_node+0x1f1/0x450 [ 1360.548771] nf_tables_newset+0x10c7/0x1b50 [nf_tables] [ 1360.548883] nfnetlink_rcv_batch+0xbc4/0xdc0 [nfnetlink] [ 1360.548909] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink] [ 1360.548927] netlink_unicast+0x367/0x4f0 [ 1360.548935] netlink_sendmsg+0x34b/0x610 [ 1360.548944] ____sys_sendmsg+0x4d4/0x510 [ 1360.548953] ___sys_sendmsg+0xc9/0x120 [ 1360.548961] __sys_sendmsg+0xbe/0x140 [ 1360.548971] do_syscall_64+0x55/0x120 [ 1360.548982] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 1360.548994] Freed by task 192222: [ 1360.548999] kasan_save_stack+0x20/0x40 [ 1360.549009] kasan_save_track+0x14/0x30 [ 1360.549019] kasan_save_free_info+0x3b/0x60 [ 1360.549028] poison_slab_object+0x100/0x180 [ 1360.549036] __kasan_slab_free+0x14/0x30 [ 1360.549042] kfree+0xb6/0x260 [ 1360.549049] __nft_release_table+0x473/0x6a0 [nf_tables] [ 1360.549131] nf_tables_exit_net+0x170/0x240 [nf_tables] [ 1360.549221] ops_exit_list+0x50/0xa0 [ 1360.549229] free_exit_list+0x101/0x140 [ 1360.549236] unregister_pernet_operations+0x107/0x160 [ 1360.549245] unregister_pernet_subsys+0x1c/0x30 [ 1360.549254] nf_tables_module_exit+0x43/0x80 [nf_tables] [ 1360.549345] __do_sys_delete_module+0x253/0x370 [ 1360.549352] do_syscall_64+0x55/0x120 [ 1360.549360] entry_SYSCALL_64_after_hwframe+0x55/0x5d (gdb) list *__nft_release_table+0x473 0x1e033 is in __nft_release_table (net/netfilter/nf_tables_api.c:11354). 11349 list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) { 11350 list_del(&flowtable->list); 11351 nft_use_dec(&table->use); 11352 nf_tables_flowtable_destroy(flowtable); 11353 } 11354 list_for_each_entry_safe(set, ns, &table->sets, list) { 11355 list_del(&set->list); 11356 nft_use_dec(&table->use); 11357 if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT)) 11358 nft_map_deactivate(&ctx, set); (gdb) [ 1360.549372] Last potentially related work creation: [ 1360.549376] kasan_save_stack+0x20/0x40 [ 1360.549384] __kasan_record_aux_stack+0x9b/0xb0 [ 1360.549392] __queue_work+0x3fb/0x780 [ 1360.549399] queue_work_on+0x4f/0x60 [ 1360.549407] nft_rhash_remove+0x33b/0x340 [nf_tables] [ 1360.549516] nf_tables_commit+0x1c6a/0x2620 [nf_tables] [ 1360.549625] nfnetlink_rcv_batch+0x728/0xdc0 [nfnetlink] [ 1360.549647] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink] [ 1360.549671] netlink_unicast+0x367/0x4f0 [ 1360.549680] netlink_sendmsg+0x34b/0x610 [ 1360.549690] ____sys_sendmsg+0x4d4/0x510 [ 1360.549697] ___sys_sendmsg+0xc9/0x120 [ 1360.549706] __sys_sendmsg+0xbe/0x140 [ 1360.549715] do_syscall_64+0x55/0x120 [ 1360.549725] entry_SYSCALL_64_after_hwframe+0x55/0x5d Fixes: 0935d5588400 ("netfilter: nf_tables: asynchronous release") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 0d432d0674e1..17bf53cd0e84 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -11575,6 +11575,7 @@ static void __exit nf_tables_module_exit(void) unregister_netdevice_notifier(&nf_tables_flowtable_notifier); nft_chain_filter_fini(); nft_chain_route_fini(); + nf_tables_trans_destroy_flush_work(); unregister_pernet_subsys(&nf_tables_net_ops); cancel_work_sync(&trans_gc_work); cancel_work_sync(&trans_destroy_work);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: reject new basechain after table flag" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 994209ddf4f430946f6247616b2e33d179243769 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040556-dexterity-handwrite-98fd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 994209ddf4f430946f6247616b2e33d179243769 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Mon, 1 Apr 2024 00:33:02 +0200 Subject: [PATCH] netfilter: nf_tables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase by iterating over current chains in table (existing and new). The following configuration allows for an inconsistent state: add table x add chain x y { type filter hook input priority 0; } add table x { flags dormant; } add chain x w { type filter hook input priority 1; } which triggers the following warning when trying to unregister chain w which is already unregistered. [ 127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50 1 __nf_unregister_net_hook+0x21a/0x260 [...] [ 127.322519] Call Trace: [ 127.322521] <TASK> [ 127.322524] ? __warn+0x9f/0x1a0 [ 127.322531] ? __nf_unregister_net_hook+0x21a/0x260 [ 127.322537] ? report_bug+0x1b1/0x1e0 [ 127.322545] ? handle_bug+0x3c/0x70 [ 127.322552] ? exc_invalid_op+0x17/0x40 [ 127.322556] ? asm_exc_invalid_op+0x1a/0x20 [ 127.322563] ? kasan_save_free_info+0x3b/0x60 [ 127.322570] ? __nf_unregister_net_hook+0x6a/0x260 [ 127.322577] ? __nf_unregister_net_hook+0x21a/0x260 [ 127.322583] ? __nf_unregister_net_hook+0x6a/0x260 [ 127.322590] ? __nf_tables_unregister_hook+0x8a/0xe0 [nf_tables] [ 127.322655] nft_table_disable+0x75/0xf0 [nf_tables] [ 127.322717] nf_tables_commit+0x2571/0x2620 [nf_tables] Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 17bf53cd0e84..1eb51bf24fc2 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2449,6 +2449,9 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask, struct nft_stats __percpu *stats = NULL; struct nft_chain_hook hook = {}; + if (table->flags & __NFT_TABLE_F_UPDATE) + return -EINVAL; + if (flags & NFT_CHAIN_BINDING) return -EOPNOTSUPP;

1 year, 5 months

1
0
0 0

[PATCH 5.15 0/2] KVM: x86: Fix for dirty logging emulated atomics

by Sean Christopherson

Two KVM x86 backports for 5.15. Patch 2 is the primary motivation (fix for potential guest data corruption after live migration). Patch 1 is a (very) soft dependency to resolve a conflict. It's not strictly necessary (manually resolving the conflict wouldn't be difficult), but it is a fix that has been in upstream for a long time. The only reason I didn't tag it for stable from the get-go is that the bug it fixes is very theoretical. At this point, the odds of the patch causing problems are lower than the odds of me botching a manual backport. Sean Christopherson (2): KVM: x86: Bail to userspace if emulation of atomic user access faults KVM: x86: Mark target gfn of emulated atomic instruction as dirty arch/x86/kvm/x86.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) base-commit: 9465fef4ae351749f7068da8c78af4ca27e61928 -- 2.44.0.478.gd926399ef9-goog

1 year, 5 months

2
3
0 0

[STABLE 5.15][PATCH] thermal: devfreq_cooling: Fix perf state when calculate dfc res_util

by Lukasz Luba

From: Ye Zhang <ye.zhang(a)rock-chips.com> The issue occurs when the devfreq cooling device uses the EM power model and the get_real_power() callback is provided by the driver. The EM power table is sorted ascending，can't index the table by cooling device state，so convert cooling state to performance state by dfc->max_state - dfc->capped_state. Fixes: 615510fe13bd ("thermal: devfreq_cooling: remove old power model and use EM") Cc: 5.11+ <stable(a)vger.kernel.org> # 5.11+ Signed-off-by: Ye Zhang <ye.zhang(a)rock-chips.com> Reviewed-by: Dhruva Gole <d-gole(a)ti.com> Reviewed-by: Lukasz Luba <lukasz.luba(a)arm.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Lukasz Luba <lukasz.luba(a)arm.com> --- Hi Greg, I have solved small backporting conflict to that v5.15. The patch is based on tag v5.15.99 and it's for this failing backport: https://lore.kernel.org/stable/2024033050-imitation-unmixed-ef53@gregkh/ Regards, Lukasz Luba drivers/thermal/devfreq_cooling.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/thermal/devfreq_cooling.c b/drivers/thermal/devfreq_cooling.c index d38a80adec733..5be79b5d788e5 100644 --- a/drivers/thermal/devfreq_cooling.c +++ b/drivers/thermal/devfreq_cooling.c @@ -199,7 +199,7 @@ static int devfreq_cooling_get_requested_power(struct thermal_cooling_device *cd res = dfc->power_ops->get_real_power(df, power, freq, voltage); if (!res) { - state = dfc->capped_state; + state = dfc->max_state - dfc->capped_state; dfc->res_util = dfc->em_pd->table[state].power; dfc->res_util *= SCALE_ERROR_MITIGATION; -- 2.25.1

1 year, 5 months

2
2
0 0

[PATCH v5.10] block: add check that partition length needs to be aligned with block size

by Ashwin Dayanand Kamat

From: Min Li <min15.li(a)samsung.com> [ Upstream commit 6f64f866aa1ae6975c95d805ed51d7e9433a0016] Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block size of the disk is larger than 512 bytes, then the partition size maybe not the multiple of the logical block size, and when the last sector is read, bio_truncate() will adjust the bio size, resulting in an IO error if the size of the read command is smaller than the logical block size.If integrity data is supported, this will also result in a null pointer dereference when calling bio_integrity_free. Cc: <stable(a)vger.kernel.org> Signed-off-by: Min Li <min15.li(a)samsung.com> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Chaitanya Kulkarni <kch(a)nvidia.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/20230629142517.121241-1-min15.li@samsung.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Ashwin Dayanand Kamat <ashwin.kamat(a)broadcom.com> --- block/ioctl.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/block/ioctl.c b/block/ioctl.c index e7eed7dad..c490d67fe 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -17,7 +17,7 @@ static int blkpg_do_ioctl(struct block_device *bdev, struct blkpg_partition __user *upart, int op) { struct blkpg_partition p; - long long start, length; + sector_t start, length; if (!capable(CAP_SYS_ADMIN)) return -EACCES; @@ -32,6 +32,12 @@ static int blkpg_do_ioctl(struct block_device *bdev, if (op == BLKPG_DEL_PARTITION) return bdev_del_partition(bdev, p.pno); + if (p.start < 0 || p.length <= 0 || p.start + p.length < 0) + return -EINVAL; + /* Check that the partition is aligned to the block size */ + if (!IS_ALIGNED(p.start | p.length, bdev_logical_block_size(bdev))) + return -EINVAL; + start = p.start >> SECTOR_SHIFT; length = p.length >> SECTOR_SHIFT; @@ -46,9 +52,6 @@ static int blkpg_do_ioctl(struct block_device *bdev, switch (op) { case BLKPG_ADD_PARTITION: - /* check if partition is aligned to blocksize */ - if (p.start & (bdev_logical_block_size(bdev) - 1)) - return -EINVAL; return bdev_add_partition(bdev, p.pno, start, length); case BLKPG_RESIZE_PARTITION: return bdev_resize_partition(bdev, p.pno, start, length); -- 2.35.6

1 year, 5 months

2
1
0 0

[PATCH v5.10] x86/srso: Add SRSO mitigation for Hygon processors

by Ashwin Dayanand Kamat

From: Pu Wen <puwen(a)hygon.cn> [Upstream commit a5ef7d68cea1344cf524f04981c2b3f80bedbb0d] Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too. Signed-off-by: Pu Wen <puwen(a)hygon.cn> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/tencent_4A14812842F104E93AA722EC939483CEFF05@qq.c… Signed-off-by: Ashwin Dayanand Kamat <ashwin.kamat(a)broadcom.com> --- arch/x86/kernel/cpu/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 4ecc6072e..8aa43c8ca 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1168,7 +1168,7 @@ static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { VULNBL_AMD(0x15, RETBLEED), VULNBL_AMD(0x16, RETBLEED), VULNBL_AMD(0x17, RETBLEED | SRSO), - VULNBL_HYGON(0x18, RETBLEED), + VULNBL_HYGON(0x18, RETBLEED | SRSO), VULNBL_AMD(0x19, SRSO), {} }; -- 2.35.6

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4535e1a4174c4111d92c5a9a21e542d232e0fcaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033029-roast-pajamas-3c55@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4535e1a4174c4111d92c5a9a21e542d232e0fcaa Mon Sep 17 00:00:00 2001 From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Date: Thu, 28 Mar 2024 13:59:05 +0100 Subject: [PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4 The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly. However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro- architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now. Reshuffle the alternative macros to accomplish that. Fixes: e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 076bf8dee702..25466c4d2134 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -14,6 +14,7 @@ #include <asm/asm.h> #include <asm/fred.h> #include <asm/gsseg.h> +#include <asm/nospec-branch.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index fc3a8a3c7ffe..170c89ed22fc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -262,11 +262,20 @@ .Lskip_rsb_\@: .endm +/* + * The CALL to srso_alias_untrain_ret() must be patched in directly at + * the spot where untraining must be done, ie., srso_alias_untrain_ret() + * must be the target of a CALL instruction instead of indirectly + * jumping to a wrapper which then calls it. Therefore, this macro is + * called outside of __UNTRAIN_RET below, for the time being, before the + * kernel can support nested alternatives with arbitrary nesting. + */ +.macro CALL_UNTRAIN_RET #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) -#define CALL_UNTRAIN_RET "call entry_untrain_ret" -#else -#define CALL_UNTRAIN_RET "" + ALTERNATIVE_2 "", "call entry_untrain_ret", X86_FEATURE_UNRET, \ + "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS #endif +.endm /* * Mitigate RETBleed for AMD/Hygon Zen uarch. Requires KERNEL CR3 because the @@ -282,8 +291,8 @@ .macro __UNTRAIN_RET ibpb_feature, call_depth_insns #if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY) VALIDATE_UNRET_END - ALTERNATIVE_3 "", \ - CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \ + CALL_UNTRAIN_RET + ALTERNATIVE_2 "", \ "call entry_ibpb", \ibpb_feature, \ __stringify(\call_depth_insns), X86_FEATURE_CALL_DEPTH #endif @@ -342,6 +351,8 @@ extern void retbleed_return_thunk(void); static inline void retbleed_return_thunk(void) {} #endif +extern void srso_alias_untrain_ret(void); + #ifdef CONFIG_MITIGATION_SRSO extern void srso_return_thunk(void); extern void srso_alias_return_thunk(void); diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 721b528da9ac..02cde194a99e 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -163,6 +163,7 @@ SYM_CODE_START_NOALIGN(srso_alias_untrain_ret) lfence jmp srso_alias_return_thunk SYM_FUNC_END(srso_alias_untrain_ret) +__EXPORT_THUNK(srso_alias_untrain_ret) .popsection .pushsection .text..__x86.rethunk_safe @@ -224,10 +225,12 @@ SYM_CODE_START(srso_return_thunk) SYM_CODE_END(srso_return_thunk) #define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret" #else /* !CONFIG_MITIGATION_SRSO */ +/* Dummy for the alternative in CALL_UNTRAIN_RET. */ +SYM_CODE_START(srso_alias_untrain_ret) + RET +SYM_FUNC_END(srso_alias_untrain_ret) #define JMP_SRSO_UNTRAIN_RET "ud2" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2" #endif /* CONFIG_MITIGATION_SRSO */ #ifdef CONFIG_MITIGATION_UNRET_ENTRY @@ -319,9 +322,7 @@ SYM_FUNC_END(retbleed_untrain_ret) #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) SYM_FUNC_START(entry_untrain_ret) - ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \ - JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO, \ - JMP_SRSO_ALIAS_UNTRAIN_RET, X86_FEATURE_SRSO_ALIAS + ALTERNATIVE JMP_RETBLEED_UNTRAIN_RET, JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO SYM_FUNC_END(entry_untrain_ret) __EXPORT_THUNK(entry_untrain_ret)

1 year, 5 months

3
2
0 0

FAILED: patch "[PATCH] mm, vmscan: prevent infinite loop for costly GFP_NOIO |" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 803de9000f334b771afacb6ff3e78622916668b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024032732-prowess-craving-9106@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 803de9000f33 ("mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations") f98a497e1f16 ("mm: compaction: remove unnecessary is_via_compact_memory() checks") e8606320e9af ("mm: compaction: refactor __compaction_suitable()") fe573327ffb1 ("tracing: incorrect gfp_t conversion") cff387d6a294 ("mm: compaction: make compaction_zonelist_suitable return false when COMPACT_SUCCESS") 9353ffa6e9e9 ("kasan, page_alloc: allow skipping memory init for HW_TAGS") 53ae233c30a6 ("kasan, page_alloc: allow skipping unpoisoning for HW_TAGS") f49d9c5bb15c ("kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS") e9d0ca922816 ("kasan, page_alloc: rework kasan_unpoison_pages call site") 7e3cbba65de2 ("kasan, page_alloc: move kernel_init_free_pages in post_alloc_hook") 89b271163328 ("kasan, page_alloc: move SetPageSkipKASanPoison in post_alloc_hook") 9294b1281d0a ("kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook") b42090ae6f3a ("kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook") b8491b9052fe ("kasan, page_alloc: refactor init checks in post_alloc_hook") 1c0e5b24f117 ("kasan: only apply __GFP_ZEROTAGS when memory is zeroed") c82ce3195fd1 ("mm: clarify __GFP_ZEROTAGS comment") 7c13c163e036 ("kasan, page_alloc: merge kasan_free_pages into free_pages_prepare") 5b2c07138cbd ("kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages") 94ae8b83fefc ("kasan, page_alloc: deduplicate should_skip_kasan_poison") 3bf03b9a0839 ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 803de9000f334b771afacb6ff3e78622916668b0 Mon Sep 17 00:00:00 2001 From: Vlastimil Babka <vbabka(a)suse.cz> Date: Wed, 21 Feb 2024 12:43:58 +0100 Subject: [PATCH] mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Sven reports an infinite loop in __alloc_pages_slowpath() for costly order __GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination can happen in a suspend/resume context where a GFP_KERNEL allocation can have __GFP_IO masked out via gfp_allowed_mask. Quoting Sven: 1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER) with __GFP_RETRY_MAYFAIL set. 2. page alloc's __alloc_pages_slowpath tries to get a page from the freelist. This fails because there is nothing free of that costly order. 3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim, which bails out because a zone is ready to be compacted; it pretends to have made a single page of progress. 4. page alloc tries to compact, but this always bails out early because __GFP_IO is not set (it's not passed by the snd allocator, and even if it were, we are suspending so the __GFP_IO flag would be cleared anyway). 5. page alloc believes reclaim progress was made (because of the pretense in item 3) and so it checks whether it should retry compaction. The compaction retry logic thinks it should try again, because: a) reclaim is needed because of the early bail-out in item 4 b) a zonelist is suitable for compaction 6. goto 2. indefinite stall. (end quote) The immediate root cause is confusing the COMPACT_SKIPPED returned from __alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be indicating a lack of order-0 pages, and in step 5 evaluating that in should_compact_retry() as a reason to retry, before incrementing and limiting the number of retries. There are however other places that wrongly assume that compaction can happen while we lack __GFP_IO. To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO evaluation and switch the open-coded test in try_to_compact_pages() to use it. Also use the new helper in: - compaction_ready(), which will make reclaim not bail out in step 3, so there's at least one attempt to actually reclaim, even if chances are small for a costly order - in_reclaim_compaction() which will make should_continue_reclaim() return false and we don't over-reclaim unnecessarily - in __alloc_pages_slowpath() to set a local variable can_compact, which is then used to avoid retrying reclaim/compaction for costly allocations (step 5) if we can't compact and also to skip the early compaction attempt that we do in some cases Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Sven van Ashbrook <svenva(a)chromium.org> Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBz… Tested-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Cc: Jaroslav Kysela <perex(a)perex.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Takashi Iwai <tiwai(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/gfp.h b/include/linux/gfp.h index de292a007138..e2a916cf29c4 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -353,6 +353,15 @@ static inline bool gfp_has_io_fs(gfp_t gfp) return (gfp & (__GFP_IO | __GFP_FS)) == (__GFP_IO | __GFP_FS); } +/* + * Check if the gfp flags allow compaction - GFP_NOIO is a really + * tricky context because the migration might require IO. + */ +static inline bool gfp_compaction_allowed(gfp_t gfp_mask) +{ + return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO); +} + extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma); #ifdef CONFIG_CONTIG_ALLOC diff --git a/mm/compaction.c b/mm/compaction.c index 4add68d40e8d..b961db601df4 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -2723,16 +2723,11 @@ enum compact_result try_to_compact_pages(gfp_t gfp_mask, unsigned int order, unsigned int alloc_flags, const struct alloc_context *ac, enum compact_priority prio, struct page **capture) { - int may_perform_io = (__force int)(gfp_mask & __GFP_IO); struct zoneref *z; struct zone *zone; enum compact_result rc = COMPACT_SKIPPED; - /* - * Check if the GFP flags allow compaction - GFP_NOIO is really - * tricky context because the migration might require IO - */ - if (!may_perform_io) + if (!gfp_compaction_allowed(gfp_mask)) return COMPACT_SKIPPED; trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio); diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 150d4f23b010..a663202045dc 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4041,6 +4041,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, struct alloc_context *ac) { bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM; + bool can_compact = gfp_compaction_allowed(gfp_mask); const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER; struct page *page = NULL; unsigned int alloc_flags; @@ -4111,7 +4112,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * Don't try this for allocations that are allowed to ignore * watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen. */ - if (can_direct_reclaim && + if (can_direct_reclaim && can_compact && (costly_order || (order > 0 && ac->migratetype != MIGRATE_MOVABLE)) && !gfp_pfmemalloc_allowed(gfp_mask)) { @@ -4209,9 +4210,10 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, /* * Do not retry costly high order allocations unless they are - * __GFP_RETRY_MAYFAIL + * __GFP_RETRY_MAYFAIL and we can compact */ - if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL)) + if (costly_order && (!can_compact || + !(gfp_mask & __GFP_RETRY_MAYFAIL))) goto nopage; if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, @@ -4224,7 +4226,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * implementation of the compaction depends on the sufficient amount * of free memory (see __compaction_suitable) */ - if (did_some_progress > 0 && + if (did_some_progress > 0 && can_compact && should_compact_retry(ac, order, alloc_flags, compact_result, &compact_priority, &compaction_retries)) diff --git a/mm/vmscan.c b/mm/vmscan.c index 4f9c854ce6cc..4255619a1a31 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5753,7 +5753,7 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc) /* Use reclaim/compaction for costly allocs or under memory pressure */ static bool in_reclaim_compaction(struct scan_control *sc) { - if (IS_ENABLED(CONFIG_COMPACTION) && sc->order && + if (gfp_compaction_allowed(sc->gfp_mask) && sc->order && (sc->order > PAGE_ALLOC_COSTLY_ORDER || sc->priority < DEF_PRIORITY - 2)) return true; @@ -5998,6 +5998,9 @@ static inline bool compaction_ready(struct zone *zone, struct scan_control *sc) { unsigned long watermark; + if (!gfp_compaction_allowed(sc->gfp_mask)) + return false; + /* Allocation can already succeed, nothing to do */ if (zone_watermark_ok(zone, sc->order, min_wmark_pages(zone), sc->reclaim_idx, 0))

1 year, 5 months

3
2
0 0

FAILED: patch "[PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c567f2948f57bdc03ed03403ae0234085f376b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040118-disgrace-tanning-bf41@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: c567f2948f57 ("Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."") 0a845e0f6348 ("mm/treewide: replace pud_large() with pud_leaf()") d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c567f2948f57bdc03ed03403ae0234085f376b7d Mon Sep 17 00:00:00 2001 From: Ingo Molnar <mingo(a)kernel.org> Date: Mon, 25 Mar 2024 11:47:51 +0100 Subject: [PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..968d7005f4a7 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 5 months

3
2
0 0

5.10/15 file registration fixup

by Jens Axboe

Hi, A previous stable backport neglected to handle that we now don't clear 'ret' since the SCM registration went away. I checked the other stable kernels and it's only affecting 5.10/5.15. Can you apply this fixup patch for 5.10-stable and 5.15-stable? I provided one for each even though they are identical, but the fixup sha is obviously different for them. Thanks! -- Jens Axboe

1 year, 5 months

2
1
0 0

[PATCH 5.10.y 5.4.y 0/6] vfio: Interrupt eventfd hardening for 5.10.y, 5.4.y

by Alex Williamson

This is nearly identical to the v5.15 backport, the only difference is the split to struct vfio_pci_core_device hasn't occurred yet, so we need to use the original vfio_pci_device object instead. NB. The fsl-mc driver doesn't exist on v5.4.y, therefore the last patch in the series should be dropped against v5.4. v4.19.y does not include IRQF_NO_AUTOEN, so this is as far as I intend to go with these. Thanks, Alex Alex Williamson (6): vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_intrs.c | 176 +++++++++++++--------- drivers/vfio/platform/vfio_platform_irq.c | 101 +++++++++---- drivers/vfio/virqfd.c | 21 +++ include/linux/vfio.h | 2 + 5 files changed, 201 insertions(+), 106 deletions(-) -- 2.44.0

1 year, 5 months

2
7
0 0

[PATCH v1] mtd: spinand: Add support for 5-byte IDs

by Dmitry Rokosov

From: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> [ Upstream commit 34a956739d295de6010cdaafeed698ccbba87ea4 ] E.g. ESMT chips will return an identification code with a length of 5 bytes. In order to prevent ambiguity, flash chips would actually need to return IDs that are up to 17 or more bytes long due to JEDEC's continuation scheme. I understand that if a manufacturer ID is located in bank N of JEDEC's database (there are currently 16 banks), N - 1 continuation codes (7Fh) need to be added to the identification code (comprising of manufacturer ID and device ID). However, most flash chip manufacturers don't seem to implement this (correctly). Cc: <stable(a)vger.kernel.org> # 6.6.23 Cc: <stable(a)vger.kernel.org> # 6.7.11 Cc: <stable(a)vger.kernel.org> # 6.8.2 Signed-off-by: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Reviewed-by: Martin Kurbanov <mmkurbanov(a)salutedevices.com> Tested-by: Martin Kurbanov <mmkurbanov(a)salutedevices.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240125200108.24374-2-ezra@easyb.ch Signed-off-by: Dmitry Rokosov <ddrokosov(a)salutedevices.com> --- In the patch series [1] only one patch was marked with Fixes tag, that's why the secon patch was not applied to 6.6.y, 6.7.y and 6.8y. It breaks ESMT detection flow with logs: [ 0.770730] spi-nand spi0.0: unknown raw ID c8017f7f [ 0.772688] spi-nand: probe of spi0.0 failed with error -524 Please cherry-pick the second patch from the series to 6.6.y, 6.7.y and 6.8.y. Links: [1] https://lore.kernel.org/linux-mtd/20240125200108.24374-1-ezra@easyb.ch/ --- include/linux/mtd/spinand.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/mtd/spinand.h b/include/linux/mtd/spinand.h index badb4c1ac079..5c19ead60499 100644 --- a/include/linux/mtd/spinand.h +++ b/include/linux/mtd/spinand.h @@ -169,7 +169,7 @@ struct spinand_op; struct spinand_device; -#define SPINAND_MAX_ID_LEN 4 +#define SPINAND_MAX_ID_LEN 5 /* * For erase, write and read operation, we got the following timings : * tBERS (erase) 1ms to 4ms -- 2.43.0

1 year, 5 months

2
2
0 0

Fixing the devicetree of Rock 5 Model B (and possibly others)

by Pratham Patel

Since the introduction of the `of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing` patch, an issue with the device-tree of the Rock 5 Model B has been detected. All the stable kernels (6.7.y and 6.8.y) work on the Orange Pi 5, which has the Rockchip RK3588S SoC (same as the RK3588, but less I/O basically). So, being an owner of only two SBCs which use the RK3588* SoC, it appears that the Rock 5 Model B's DT is incorrect. I looked at the patch and tried several things, neither resulted in anything that would point me to the core issue. Then I tried this: ``` $ grep -C 3 remote-endpoint arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts port { es8316_p0_0: endpoint { remote-endpoint = <&i2s0_8ch_p0_0>; }; }; }; -- i2s0_8ch_p0_0: endpoint { dai-format = "i2s"; mclk-fs = <256>; remote-endpoint = <&es8316_p0_0>; }; }; }; ``` So, from a cursory look, the issue seems to be related to either the DT node for the audio codec or related to the es8316's binding itself. Though I doubt that the later is the issue because if that were the issue, _someone_ with a Pine64 Pinebook Pro would've raised alarms. So far, this seems to be related to the `rk3588-rock-5b.dts` and possibly with the `rk3588s-rock-5a.dts` too. I would **love** to help but I'm afraid I device-trees are not something that I am at-all familiar with. That said, I am open to methods of debugging this issue to provide a fix myself. I would have replied to the patch's link but unfortunately, I haven't yet setup neomutt and my email provider's web UI doesn't have a [straightforward] way to reply using the 'In-Reply-To' header, hence a new thread. Apologies for the inconvenience caused. -- Pratham Patel

1 year, 5 months

5
11
0 0

[PATCH 1/1] batman-adv: Avoid infinite loop trying to resize local TT

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments (when enabled) or a single packet. But if the MTU becomes too low to transmit even the header + the VLAN specific part then the resizing of the local TT will never succeed. This can for example happen when the usable space is 110 bytes and 11 VLANs are on top of batman-adv. In this case, at least 116 byte would be needed. There will just be an endless spam of batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (110) in the log but the function will never finish. Problem here is that the timeout will be halved all the time and will then stagnate at 0 and therefore never be able to reduce the table even more. There are other scenarios possible with a similar result. The number of BATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too high to fit inside a packet. Such a scenario can therefore happen also with only a single VLAN + 7 non-purgable addresses - requiring at least 120 bytes. While this should be handled proactively when: * interface with too low MTU is added * VLAN is added * non-purgeable local mac is added * MTU of an attached interface is reduced * fragmentation setting gets disabled (which most likely requires dropping attached interfaces) not all of these scenarios can be prevented because batman-adv is only consuming events without the the possibility to prevent these actions (non-purgable MAC address added, MTU of an attached interface is reduced). It is therefore necessary to also make sure that the code is able to handle also the situations when there were already incompatible system configuration are present. Cc: stable(a)vger.kernel.org Fixes: a19d3d85e1b8 ("batman-adv: limit local translation table max size") Reported-by: syzbot+a6a4b5bb3da165594cff(a)syzkaller.appspotmail.com Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/translation-table.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c index b95c36765d04..2243cec18ecc 100644 --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -3948,7 +3948,7 @@ void batadv_tt_local_resize_to_mtu(struct net_device *soft_iface) spin_lock_bh(&bat_priv->tt.commit_lock); - while (true) { + while (timeout) { table_size = batadv_tt_local_table_transmit_size(bat_priv); if (packet_size_max >= table_size) break; -- 2.39.2

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] xen-netfront: Add missing skb_mark_for_recycle" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 037965402a010898d34f4e35327d22c0a95cd51f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040525-mousy-reclining-38e6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 037965402a010898d34f4e35327d22c0a95cd51f Mon Sep 17 00:00:00 2001 From: Jesper Dangaard Brouer <hawk(a)kernel.org> Date: Wed, 27 Mar 2024 13:14:56 +0100 Subject: [PATCH] xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks"). Cc: stable(a)vger.kernel.org Fixes: 6c5aa6fc4def ("xen networking: add basic XDP support for xen-netfront") Reported-by: Leonidas Spyropoulos <artafinde(a)archlinux.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218654 Reported-by: Arthur Borsboom <arthurborsboom(a)gmail.com> Signed-off-by: Jesper Dangaard Brouer <hawk(a)kernel.org> Link: https://lore.kernel.org/r/171154167446.2671062.9127105384591237363.stgit@fi… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index ad29f370034e..8d2aee88526c 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -285,6 +285,7 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue) return NULL; } skb_add_rx_frag(skb, 0, page, 0, 0, PAGE_SIZE); + skb_mark_for_recycle(skb); /* Align ip header to a 16 bytes boundary */ skb_reserve(skb, NET_IP_ALIGN);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] selinux: avoid dereference of garbage after mount failure" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 37801a36b4d68892ce807264f784d818f8d0d39b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040504-outpost-unbiased-0f9b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 37801a36b4d6 ("selinux: avoid dereference of garbage after mount failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37801a36b4d68892ce807264f784d818f8d0d39b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones(a)googlemail.com> Date: Thu, 28 Mar 2024 20:16:58 +0100 Subject: [PATCH] selinux: avoid dereference of garbage after mount failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. Cc: stable(a)vger.kernel.org Fixes: 0619f0f5e36f ("selinux: wrap selinuxfs state") Signed-off-by: Christian Göttsche <cgzones(a)googlemail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 0619a1cbbfbe..074d6c2714eb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -2123,7 +2123,6 @@ static struct file_system_type sel_fs_type = { .kill_sb = sel_kill_sb, }; -static struct vfsmount *selinuxfs_mount __ro_after_init; struct path selinux_null __ro_after_init; static int __init init_sel_fs(void) @@ -2145,18 +2144,21 @@ static int __init init_sel_fs(void) return err; } - selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); - if (IS_ERR(selinuxfs_mount)) { + selinux_null.mnt = kern_mount(&sel_fs_type); + if (IS_ERR(selinux_null.mnt)) { pr_err("selinuxfs: could not mount!\n"); - err = PTR_ERR(selinuxfs_mount); - selinuxfs_mount = NULL; + err = PTR_ERR(selinux_null.mnt); + selinux_null.mnt = NULL; + return err; } + selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, &null_name); if (IS_ERR(selinux_null.dentry)) { pr_err("selinuxfs: could not lookup null!\n"); err = PTR_ERR(selinux_null.dentry); selinux_null.dentry = NULL; + return err; } return err;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] selinux: avoid dereference of garbage after mount failure" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 37801a36b4d68892ce807264f784d818f8d0d39b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040503-snugly-wikipedia-e4c2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 37801a36b4d6 ("selinux: avoid dereference of garbage after mount failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37801a36b4d68892ce807264f784d818f8d0d39b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones(a)googlemail.com> Date: Thu, 28 Mar 2024 20:16:58 +0100 Subject: [PATCH] selinux: avoid dereference of garbage after mount failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. Cc: stable(a)vger.kernel.org Fixes: 0619f0f5e36f ("selinux: wrap selinuxfs state") Signed-off-by: Christian Göttsche <cgzones(a)googlemail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 0619a1cbbfbe..074d6c2714eb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -2123,7 +2123,6 @@ static struct file_system_type sel_fs_type = { .kill_sb = sel_kill_sb, }; -static struct vfsmount *selinuxfs_mount __ro_after_init; struct path selinux_null __ro_after_init; static int __init init_sel_fs(void) @@ -2145,18 +2144,21 @@ static int __init init_sel_fs(void) return err; } - selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); - if (IS_ERR(selinuxfs_mount)) { + selinux_null.mnt = kern_mount(&sel_fs_type); + if (IS_ERR(selinux_null.mnt)) { pr_err("selinuxfs: could not mount!\n"); - err = PTR_ERR(selinuxfs_mount); - selinuxfs_mount = NULL; + err = PTR_ERR(selinux_null.mnt); + selinux_null.mnt = NULL; + return err; } + selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, &null_name); if (IS_ERR(selinux_null.dentry)) { pr_err("selinuxfs: could not lookup null!\n"); err = PTR_ERR(selinux_null.dentry); selinux_null.dentry = NULL; + return err; } return err;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: hci_sync: Fix not checking error on" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 6946b9c99bde45f3ba74e00a7af9a3458cc24bea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040517-sharpener-displace-6491@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6946b9c99bde45f3ba74e00a7af9a3458cc24bea Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Date: Tue, 26 Mar 2024 12:43:17 -0400 Subject: [PATCH] Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync hci_cmd_sync_cancel_sync shall check the error passed to it since it will be propagated using req_result which is __u32 it needs to be properly set to a positive value if it was passed as negative othertise IS_ERR will not trigger as -(errno) would be converted to a positive value. Fixes: 63298d6e752f ("Bluetooth: hci_core: Cancel request on command timeout") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Reported-and-tested-by: Thorsten Leemhuis <linux(a)leemhuis.info> Closes: https://lore.kernel.org/all/08275279-7462-4f4a-a0ee-8aa015f829bc@leemhuis.i… diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 1690ae57a09d..a7028d38c1f5 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -2874,7 +2874,7 @@ static void hci_cancel_cmd_sync(struct hci_dev *hdev, int err) cancel_delayed_work_sync(&hdev->ncmd_timer); atomic_set(&hdev->cmd_cnt, 1); - hci_cmd_sync_cancel_sync(hdev, -err); + hci_cmd_sync_cancel_sync(hdev, err); } /* Suspend HCI device */ @@ -2894,7 +2894,7 @@ int hci_suspend_dev(struct hci_dev *hdev) return 0; /* Cancel potentially blocking sync operation before suspend */ - hci_cancel_cmd_sync(hdev, -EHOSTDOWN); + hci_cancel_cmd_sync(hdev, EHOSTDOWN); hci_req_sync_lock(hdev); ret = hci_suspend_sync(hdev); @@ -4210,7 +4210,7 @@ static void hci_send_cmd_sync(struct hci_dev *hdev, struct sk_buff *skb) err = hci_send_frame(hdev, skb); if (err < 0) { - hci_cmd_sync_cancel_sync(hdev, err); + hci_cmd_sync_cancel_sync(hdev, -err); return; } diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 639090b9f4b8..8fe02921adf1 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -617,7 +617,10 @@ void hci_cmd_sync_cancel_sync(struct hci_dev *hdev, int err) bt_dev_dbg(hdev, "err 0x%2.2x", err); if (hdev->req_status == HCI_REQ_PEND) { - hdev->req_result = err; + /* req_result is __u32 so error must be positive to be properly + * propagated. + */ + hdev->req_result = err < 0 ? -err : err; hdev->req_status = HCI_REQ_CANCELED; wake_up_interruptible(&hdev->req_wait_q);

1 year, 5 months

3
2
0 0

[PATCH] serial: 8250_dw: Revert: Do not reclock if already at correct rate

by Hans de Goede

Commit e5d6bd25f93d ("serial: 8250_dw: Do not reclock if already at correct rate") breaks the dw UARTs on Intel Bay Trail (BYT) and Cherry Trail (CHT) SoCs. Before this change the RTL8732BS Bluetooth HCI which is found connected over the dw UART on both BYT and CHT boards works properly: Bluetooth: hci0: RTL: examining hci_ver=06 hci_rev=000b lmp_ver=06 lmp_subver=8723 Bluetooth: hci0: RTL: rom_version status=0 version=1 Bluetooth: hci0: RTL: loading rtl_bt/rtl8723bs_fw.bin Bluetooth: hci0: RTL: loading rtl_bt/rtl8723bs_config-OBDA8723.bin Bluetooth: hci0: RTL: cfg_sz 64, total sz 24508 Bluetooth: hci0: RTL: fw version 0x365d462e where as after this change probing it fails: Bluetooth: hci0: RTL: examining hci_ver=06 hci_rev=000b lmp_ver=06 lmp_subver=8723 Bluetooth: hci0: RTL: rom_version status=0 version=1 Bluetooth: hci0: RTL: loading rtl_bt/rtl8723bs_fw.bin Bluetooth: hci0: RTL: loading rtl_bt/rtl8723bs_config-OBDA8723.bin Bluetooth: hci0: RTL: cfg_sz 64, total sz 24508 Bluetooth: hci0: command 0xfc20 tx timeout Bluetooth: hci0: RTL: download fw command failed (-110) Revert the changes to fix this regression. Fixes: e5d6bd25f93d ("serial: 8250_dw: Do not reclock if already at correct rate") Cc: stable(a)vger.kernel.org Cc: Peter Collingbourne <pcc(a)google.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- Note it is not entirely clear to me why this commit is causing this issue. Maybe probe() needs to explicitly set the clk rate which it just got (that feels like a clk driver issue) or maybe the issue is that unless setup before hand by firmware / the bootloader serial8250_update_uartclk() needs to be called at least once to setup things ? Note that probe() does not call serial8250_update_uartclk(), this is only called from the dw8250_clk_notifier_cb() This requires more debugging which is why I'm proposing a straight revert to fix the regression ASAP and then this can be investigated further. --- drivers/tty/serial/8250/8250_dw.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c index c1d43f040c43..2d1f350a4bea 100644 --- a/drivers/tty/serial/8250/8250_dw.c +++ b/drivers/tty/serial/8250/8250_dw.c @@ -357,9 +357,9 @@ static void dw8250_set_termios(struct uart_port *p, struct ktermios *termios, long rate; int ret; + clk_disable_unprepare(d->clk); rate = clk_round_rate(d->clk, newrate); - if (rate > 0 && p->uartclk != rate) { - clk_disable_unprepare(d->clk); + if (rate > 0) { /* * Note that any clock-notifer worker will block in * serial8250_update_uartclk() until we are done. @@ -367,8 +367,8 @@ static void dw8250_set_termios(struct uart_port *p, struct ktermios *termios, ret = clk_set_rate(d->clk, newrate); if (!ret) p->uartclk = rate; - clk_prepare_enable(d->clk); } + clk_prepare_enable(d->clk); dw8250_do_set_termios(p, termios, old); } -- 2.44.0

1 year, 5 months

5
9
0 0

FAILED: Patch "bounds: support non-power-of-two CONFIG_NR_CPUS" failed to apply to 5.4-stable tree

by Sasha Levin

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a Mon Sep 17 00:00:00 2001 From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Date: Tue, 10 Oct 2023 15:55:49 +0100 Subject: [PATCH] bounds: support non-power-of-two CONFIG_NR_CPUS ilog2() rounds down, so for example when PowerPC 85xx sets CONFIG_NR_CPUS to 24, we will only allocate 4 bits to store the number of CPUs instead of 5. Use bits_per() instead, which rounds up. Found by code inspection. The effect of this would probably be a misaccounting when doing NUMA balancing, so to a user, it would only be a performance penalty. The effects may be more wide-spread; it's hard to tell. Link: https://lkml.kernel.org/r/20231010145549.1244748-1-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Fixes: 90572890d202 ("mm: numa: Change page last {nid,pid} into {cpu,pid}") Reviewed-by: Rik van Riel <riel(a)surriel.com> Acked-by: Mel Gorman <mgorman(a)techsingularity.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bounds.c b/kernel/bounds.c index b529182e8b04f..c5a9fcd2d6228 100644 --- a/kernel/bounds.c +++ b/kernel/bounds.c @@ -19,7 +19,7 @@ int main(void) DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES); #ifdef CONFIG_SMP - DEFINE(NR_CPUS_BITS, ilog2(CONFIG_NR_CPUS)); + DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS)); #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); #ifdef CONFIG_LRU_GEN -- 2.43.0

1 year, 5 months

3
5
0 0

Re: [PATCH v2] locking/rwsem: Disable preemption while trying for rwsem lock

by Waiman Long

On 3/5/24 06:04, Aaro Koskinen wrote: > Hi, > > It seems this patch (commit 48dfb5d2560d) is missing from > at least 5.15 stable tree. > > Based on quick test, it seems to fix an issue where system locks up > easily when RT throttling is disabled, and also it applies cleanly, so > I think it should be good to have it 5.15? You need to cc stable as the locking maintainers are not responsible for merging patches to stable trees. Cheers, Longman > > A. > > On Thu, Sep 08, 2022 at 11:54:27PM +0530, Mukesh Ojha wrote: >> From: Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> >> >> Make the region inside the rwsem_write_trylock non preemptible. >> >> We observe RT task is hogging CPU when trying to acquire rwsem lock >> which was acquired by a kworker task but before the rwsem owner was set. >> >> Here is the scenario: >> 1. CFS task (affined to a particular CPU) takes rwsem lock. >> >> 2. CFS task gets preempted by a RT task before setting owner. >> >> 3. RT task (FIFO) is trying to acquire the lock, but spinning until >> RT throttling happens for the lock as the lock was taken by CFS task. >> >> This patch attempts to fix the above issue by disabling preemption >> until owner is set for the lock. While at it also fix the issues >> at the places where rwsem_{set,clear}_owner() are called. >> >> This also adds lockdep annotation of preemption disable in >> rwsem_{set,clear}_owner() on Peter Z. suggestion. >> >> Signed-off-by: Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> >> Signed-off-by: Mukesh Ojha <quic_mojha(a)quicinc.com> >> --- >> Changes in v2: >> - Remove preempt disable code in rwsem_try_write_lock_unqueued() >> - Addressed suggestion from Peter Z. >> - Modified commit text >> kernel/locking/rwsem.c | 14 ++++++++++++-- >> 1 file changed, 12 insertions(+), 2 deletions(-) >> >> diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c >> index 65f0262..4487359 100644 >> --- a/kernel/locking/rwsem.c >> +++ b/kernel/locking/rwsem.c >> @@ -133,14 +133,19 @@ >> * the owner value concurrently without lock. Read from owner, however, >> * may not need READ_ONCE() as long as the pointer value is only used >> * for comparison and isn't being dereferenced. >> + * >> + * Both rwsem_{set,clear}_owner() functions should be in the same >> + * preempt disable section as the atomic op that changes sem->count. >> */ >> static inline void rwsem_set_owner(struct rw_semaphore *sem) >> { >> + lockdep_assert_preemption_disabled(); >> atomic_long_set(&sem->owner, (long)current); >> } >> >> static inline void rwsem_clear_owner(struct rw_semaphore *sem) >> { >> + lockdep_assert_preemption_disabled(); >> atomic_long_set(&sem->owner, 0); >> } >> >> @@ -251,13 +256,16 @@ static inline bool rwsem_read_trylock(struct rw_semaphore *sem, long *cntp) >> static inline bool rwsem_write_trylock(struct rw_semaphore *sem) >> { >> long tmp = RWSEM_UNLOCKED_VALUE; >> + bool ret = false; >> >> + preempt_disable(); >> if (atomic_long_try_cmpxchg_acquire(&sem->count, &tmp, RWSEM_WRITER_LOCKED)) { >> rwsem_set_owner(sem); >> - return true; >> + ret = true; >> } >> >> - return false; >> + preempt_enable(); >> + return ret; >> } >> >> /* >> @@ -1352,8 +1360,10 @@ static inline void __up_write(struct rw_semaphore *sem) >> DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && >> !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE), sem); >> >> + preempt_disable(); >> rwsem_clear_owner(sem); >> tmp = atomic_long_fetch_add_release(-RWSEM_WRITER_LOCKED, &sem->count); >> + preempt_enable(); >> if (unlikely(tmp & RWSEM_FLAG_WAITERS)) >> rwsem_wake(sem); >> } >> -- >> 2.7.4 >> >>

1 year, 5 months

3
4
0 0

FAILED: patch "[PATCH] vsock/virtio: fix packet delivery to tap device" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b32a09ea7c38849ff925489a6bf5bd8914bc45df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040558-jet-obstinate-7484@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b32a09ea7c38849ff925489a6bf5bd8914bc45df Mon Sep 17 00:00:00 2001 From: Marco Pinna <marco.pinn95(a)gmail.com> Date: Fri, 29 Mar 2024 17:12:59 +0100 Subject: [PATCH] vsock/virtio: fix packet delivery to tap device Commit 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") added virtio_transport_deliver_tap_pkt() for handing packets to the vsockmon device. However, in virtio_transport_send_pkt_work(), the function is called before actually sending the packet (i.e. before placing it in the virtqueue with virtqueue_add_sgs() and checking whether it returned successfully). Queuing the packet in the virtqueue can fail even multiple times. However, in virtio_transport_deliver_tap_pkt() we deliver the packet to the monitoring tap interface only the first time we call it. This certainly avoids seeing the same packet replicated multiple times in the monitoring interface, but it can show the packet sent with the wrong timestamp or even before we succeed to queue it in the virtqueue. Move virtio_transport_deliver_tap_pkt() after calling virtqueue_add_sgs() and making sure it returned successfully. Fixes: 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") Cc: stable(a)vge.kernel.org Signed-off-by: Marco Pinna <marco.pinn95(a)gmail.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Link: https://lore.kernel.org/r/20240329161259.411751-1-marco.pinn95@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c index 1748268e0694..ee5d306a96d0 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -120,7 +120,6 @@ virtio_transport_send_pkt_work(struct work_struct *work) if (!skb) break; - virtio_transport_deliver_tap_pkt(skb); reply = virtio_vsock_skb_reply(skb); sgs = vsock->out_sgs; sg_init_one(sgs[out_sg], virtio_vsock_hdr(skb), @@ -170,6 +169,8 @@ virtio_transport_send_pkt_work(struct work_struct *work) break; } + virtio_transport_deliver_tap_pkt(skb); + if (reply) { struct virtqueue *rx_vq = vsock->vqs[VSOCK_VQ_RX]; int val;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] vsock/virtio: fix packet delivery to tap device" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b32a09ea7c38849ff925489a6bf5bd8914bc45df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040557-jeeringly-random-fd56@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b32a09ea7c38849ff925489a6bf5bd8914bc45df Mon Sep 17 00:00:00 2001 From: Marco Pinna <marco.pinn95(a)gmail.com> Date: Fri, 29 Mar 2024 17:12:59 +0100 Subject: [PATCH] vsock/virtio: fix packet delivery to tap device Commit 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") added virtio_transport_deliver_tap_pkt() for handing packets to the vsockmon device. However, in virtio_transport_send_pkt_work(), the function is called before actually sending the packet (i.e. before placing it in the virtqueue with virtqueue_add_sgs() and checking whether it returned successfully). Queuing the packet in the virtqueue can fail even multiple times. However, in virtio_transport_deliver_tap_pkt() we deliver the packet to the monitoring tap interface only the first time we call it. This certainly avoids seeing the same packet replicated multiple times in the monitoring interface, but it can show the packet sent with the wrong timestamp or even before we succeed to queue it in the virtqueue. Move virtio_transport_deliver_tap_pkt() after calling virtqueue_add_sgs() and making sure it returned successfully. Fixes: 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") Cc: stable(a)vge.kernel.org Signed-off-by: Marco Pinna <marco.pinn95(a)gmail.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Link: https://lore.kernel.org/r/20240329161259.411751-1-marco.pinn95@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c index 1748268e0694..ee5d306a96d0 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -120,7 +120,6 @@ virtio_transport_send_pkt_work(struct work_struct *work) if (!skb) break; - virtio_transport_deliver_tap_pkt(skb); reply = virtio_vsock_skb_reply(skb); sgs = vsock->out_sgs; sg_init_one(sgs[out_sg], virtio_vsock_hdr(skb), @@ -170,6 +169,8 @@ virtio_transport_send_pkt_work(struct work_struct *work) break; } + virtio_transport_deliver_tap_pkt(skb); + if (reply) { struct virtqueue *rx_vq = vsock->vqs[VSOCK_VQ_RX]; int val;

1 year, 5 months

1
0
0 0