- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] vsock/virtio: fix packet delivery to tap device" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b32a09ea7c38849ff925489a6bf5bd8914bc45df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040558-jet-obstinate-7484@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b32a09ea7c38849ff925489a6bf5bd8914bc45df Mon Sep 17 00:00:00 2001 From: Marco Pinna <marco.pinn95(a)gmail.com> Date: Fri, 29 Mar 2024 17:12:59 +0100 Subject: [PATCH] vsock/virtio: fix packet delivery to tap device Commit 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") added virtio_transport_deliver_tap_pkt() for handing packets to the vsockmon device. However, in virtio_transport_send_pkt_work(), the function is called before actually sending the packet (i.e. before placing it in the virtqueue with virtqueue_add_sgs() and checking whether it returned successfully). Queuing the packet in the virtqueue can fail even multiple times. However, in virtio_transport_deliver_tap_pkt() we deliver the packet to the monitoring tap interface only the first time we call it. This certainly avoids seeing the same packet replicated multiple times in the monitoring interface, but it can show the packet sent with the wrong timestamp or even before we succeed to queue it in the virtqueue. Move virtio_transport_deliver_tap_pkt() after calling virtqueue_add_sgs() and making sure it returned successfully. Fixes: 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") Cc: stable(a)vge.kernel.org Signed-off-by: Marco Pinna <marco.pinn95(a)gmail.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Link: https://lore.kernel.org/r/20240329161259.411751-1-marco.pinn95@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c index 1748268e0694..ee5d306a96d0 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -120,7 +120,6 @@ virtio_transport_send_pkt_work(struct work_struct *work) if (!skb) break; - virtio_transport_deliver_tap_pkt(skb); reply = virtio_vsock_skb_reply(skb); sgs = vsock->out_sgs; sg_init_one(sgs[out_sg], virtio_vsock_hdr(skb), @@ -170,6 +169,8 @@ virtio_transport_send_pkt_work(struct work_struct *work) break; } + virtio_transport_deliver_tap_pkt(skb); + if (reply) { struct virtqueue *rx_vq = vsock->vqs[VSOCK_VQ_RX]; int val;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] vsock/virtio: fix packet delivery to tap device" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b32a09ea7c38849ff925489a6bf5bd8914bc45df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040557-jeeringly-random-fd56@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b32a09ea7c38849ff925489a6bf5bd8914bc45df Mon Sep 17 00:00:00 2001 From: Marco Pinna <marco.pinn95(a)gmail.com> Date: Fri, 29 Mar 2024 17:12:59 +0100 Subject: [PATCH] vsock/virtio: fix packet delivery to tap device Commit 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") added virtio_transport_deliver_tap_pkt() for handing packets to the vsockmon device. However, in virtio_transport_send_pkt_work(), the function is called before actually sending the packet (i.e. before placing it in the virtqueue with virtqueue_add_sgs() and checking whether it returned successfully). Queuing the packet in the virtqueue can fail even multiple times. However, in virtio_transport_deliver_tap_pkt() we deliver the packet to the monitoring tap interface only the first time we call it. This certainly avoids seeing the same packet replicated multiple times in the monitoring interface, but it can show the packet sent with the wrong timestamp or even before we succeed to queue it in the virtqueue. Move virtio_transport_deliver_tap_pkt() after calling virtqueue_add_sgs() and making sure it returned successfully. Fixes: 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") Cc: stable(a)vge.kernel.org Signed-off-by: Marco Pinna <marco.pinn95(a)gmail.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Link: https://lore.kernel.org/r/20240329161259.411751-1-marco.pinn95@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c index 1748268e0694..ee5d306a96d0 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -120,7 +120,6 @@ virtio_transport_send_pkt_work(struct work_struct *work) if (!skb) break; - virtio_transport_deliver_tap_pkt(skb); reply = virtio_vsock_skb_reply(skb); sgs = vsock->out_sgs; sg_init_one(sgs[out_sg], virtio_vsock_hdr(skb), @@ -170,6 +169,8 @@ virtio_transport_send_pkt_work(struct work_struct *work) break; } + virtio_transport_deliver_tap_pkt(skb); + if (reply) { struct virtqueue *rx_vq = vsock->vqs[VSOCK_VQ_RX]; int val;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] vsock/virtio: fix packet delivery to tap device" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b32a09ea7c38849ff925489a6bf5bd8914bc45df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040556-nugget-penalize-7671@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b32a09ea7c38849ff925489a6bf5bd8914bc45df Mon Sep 17 00:00:00 2001 From: Marco Pinna <marco.pinn95(a)gmail.com> Date: Fri, 29 Mar 2024 17:12:59 +0100 Subject: [PATCH] vsock/virtio: fix packet delivery to tap device Commit 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") added virtio_transport_deliver_tap_pkt() for handing packets to the vsockmon device. However, in virtio_transport_send_pkt_work(), the function is called before actually sending the packet (i.e. before placing it in the virtqueue with virtqueue_add_sgs() and checking whether it returned successfully). Queuing the packet in the virtqueue can fail even multiple times. However, in virtio_transport_deliver_tap_pkt() we deliver the packet to the monitoring tap interface only the first time we call it. This certainly avoids seeing the same packet replicated multiple times in the monitoring interface, but it can show the packet sent with the wrong timestamp or even before we succeed to queue it in the virtqueue. Move virtio_transport_deliver_tap_pkt() after calling virtqueue_add_sgs() and making sure it returned successfully. Fixes: 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") Cc: stable(a)vge.kernel.org Signed-off-by: Marco Pinna <marco.pinn95(a)gmail.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Link: https://lore.kernel.org/r/20240329161259.411751-1-marco.pinn95@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c index 1748268e0694..ee5d306a96d0 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -120,7 +120,6 @@ virtio_transport_send_pkt_work(struct work_struct *work) if (!skb) break; - virtio_transport_deliver_tap_pkt(skb); reply = virtio_vsock_skb_reply(skb); sgs = vsock->out_sgs; sg_init_one(sgs[out_sg], virtio_vsock_hdr(skb), @@ -170,6 +169,8 @@ virtio_transport_send_pkt_work(struct work_struct *work) break; } + virtio_transport_deliver_tap_pkt(skb); + if (reply) { struct virtqueue *rx_vq = vsock->vqs[VSOCK_VQ_RX]; int val;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] vsock/virtio: fix packet delivery to tap device" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b32a09ea7c38849ff925489a6bf5bd8914bc45df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040555-recess-lividly-5b7f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b32a09ea7c38849ff925489a6bf5bd8914bc45df Mon Sep 17 00:00:00 2001 From: Marco Pinna <marco.pinn95(a)gmail.com> Date: Fri, 29 Mar 2024 17:12:59 +0100 Subject: [PATCH] vsock/virtio: fix packet delivery to tap device Commit 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") added virtio_transport_deliver_tap_pkt() for handing packets to the vsockmon device. However, in virtio_transport_send_pkt_work(), the function is called before actually sending the packet (i.e. before placing it in the virtqueue with virtqueue_add_sgs() and checking whether it returned successfully). Queuing the packet in the virtqueue can fail even multiple times. However, in virtio_transport_deliver_tap_pkt() we deliver the packet to the monitoring tap interface only the first time we call it. This certainly avoids seeing the same packet replicated multiple times in the monitoring interface, but it can show the packet sent with the wrong timestamp or even before we succeed to queue it in the virtqueue. Move virtio_transport_deliver_tap_pkt() after calling virtqueue_add_sgs() and making sure it returned successfully. Fixes: 82dfb540aeb2 ("VSOCK: Add virtio vsock vsockmon hooks") Cc: stable(a)vge.kernel.org Signed-off-by: Marco Pinna <marco.pinn95(a)gmail.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Link: https://lore.kernel.org/r/20240329161259.411751-1-marco.pinn95@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c index 1748268e0694..ee5d306a96d0 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -120,7 +120,6 @@ virtio_transport_send_pkt_work(struct work_struct *work) if (!skb) break; - virtio_transport_deliver_tap_pkt(skb); reply = virtio_vsock_skb_reply(skb); sgs = vsock->out_sgs; sg_init_one(sgs[out_sg], virtio_vsock_hdr(skb), @@ -170,6 +169,8 @@ virtio_transport_send_pkt_work(struct work_struct *work) break; } + virtio_transport_deliver_tap_pkt(skb); + if (reply) { struct virtqueue *rx_vq = vsock->vqs[VSOCK_VQ_RX]; int val;

1 year, 5 months

1
0
0 0

[PATCH v4.19-v5.10] netfilter: nf_tables: disallow timeout for anonymous sets

by Keerthana K

From: Pablo Neira Ayuso <pablo(a)netfilter.org> commit e26d3009efda338f19016df4175f354a9bd0a4ab upstream. Never used from userspace, disallow these parameters. Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> [Keerthana: code surrounding the patch is different because nft_set_desc is not present in v4.19-v5.10] Signed-off-by: Keerthana K <keerthana.kalyanasundaram(a)broadcom.com> --- net/netfilter/nf_tables_api.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 44cfc8c3f..d98ea5cb7 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -3604,6 +3604,9 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, if (!(flags & NFT_SET_TIMEOUT)) return -EINVAL; + if (flags & NFT_SET_ANONYMOUS) + return -EOPNOTSUPP; + err = nf_msecs_to_jiffies64(nla[NFTA_SET_TIMEOUT], &timeout); if (err) return err; @@ -3612,6 +3615,10 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, if (nla[NFTA_SET_GC_INTERVAL] != NULL) { if (!(flags & NFT_SET_TIMEOUT)) return -EINVAL; + + if (flags & NFT_SET_ANONYMOUS) + return -EOPNOTSUPP; + gc_int = ntohl(nla_get_be32(nla[NFTA_SET_GC_INTERVAL])); } -- 2.19.0

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: release mutex after nft_gc_seq_end from" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0d459e2ffb541841714839e8228b845458ed3b27 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040517-progeny-sturdy-eee3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d459e2ffb541841714839e8228b845458ed3b27 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Thu, 28 Mar 2024 14:23:55 +0100 Subject: [PATCH] netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. Cc: stable(a)vger.kernel.org Fixes: 720344340fb9 ("netfilter: nf_tables: GC transaction race with abort path") Reported-by: Kuan-Ting Chen <hexrabbit(a)devco.re> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index ffcd3213c335..0d432d0674e1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10651,11 +10651,6 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) nf_tables_abort_release(trans); } - if (action == NFNL_ABORT_AUTOLOAD) - nf_tables_module_autoload(net); - else - nf_tables_module_autoload_cleanup(net); - return err; } @@ -10672,6 +10667,14 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb, WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + /* module autoload needs to happen after GC sequence update because it + * temporarily releases and grabs mutex again. + */ + if (action == NFNL_ABORT_AUTOLOAD) + nf_tables_module_autoload(net); + else + nf_tables_module_autoload_cleanup(net); + mutex_unlock(&nft_net->commit_mutex); return ret;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: release mutex after nft_gc_seq_end from" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0d459e2ffb541841714839e8228b845458ed3b27 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040514-countless-ransack-27a4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d459e2ffb541841714839e8228b845458ed3b27 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Thu, 28 Mar 2024 14:23:55 +0100 Subject: [PATCH] netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. Cc: stable(a)vger.kernel.org Fixes: 720344340fb9 ("netfilter: nf_tables: GC transaction race with abort path") Reported-by: Kuan-Ting Chen <hexrabbit(a)devco.re> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index ffcd3213c335..0d432d0674e1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10651,11 +10651,6 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) nf_tables_abort_release(trans); } - if (action == NFNL_ABORT_AUTOLOAD) - nf_tables_module_autoload(net); - else - nf_tables_module_autoload_cleanup(net); - return err; } @@ -10672,6 +10667,14 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb, WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + /* module autoload needs to happen after GC sequence update because it + * temporarily releases and grabs mutex again. + */ + if (action == NFNL_ABORT_AUTOLOAD) + nf_tables_module_autoload(net); + else + nf_tables_module_autoload_cleanup(net); + mutex_unlock(&nft_net->commit_mutex); return ret;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: release mutex after nft_gc_seq_end from" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0d459e2ffb541841714839e8228b845458ed3b27 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040513-earthling-angrily-80da@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d459e2ffb541841714839e8228b845458ed3b27 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Thu, 28 Mar 2024 14:23:55 +0100 Subject: [PATCH] netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. Cc: stable(a)vger.kernel.org Fixes: 720344340fb9 ("netfilter: nf_tables: GC transaction race with abort path") Reported-by: Kuan-Ting Chen <hexrabbit(a)devco.re> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index ffcd3213c335..0d432d0674e1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10651,11 +10651,6 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) nf_tables_abort_release(trans); } - if (action == NFNL_ABORT_AUTOLOAD) - nf_tables_module_autoload(net); - else - nf_tables_module_autoload_cleanup(net); - return err; } @@ -10672,6 +10667,14 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb, WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + /* module autoload needs to happen after GC sequence update because it + * temporarily releases and grabs mutex again. + */ + if (action == NFNL_ABORT_AUTOLOAD) + nf_tables_module_autoload(net); + else + nf_tables_module_autoload_cleanup(net); + mutex_unlock(&nft_net->commit_mutex); return ret;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: release mutex after nft_gc_seq_end from" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0d459e2ffb541841714839e8228b845458ed3b27 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040512-headset-cognitive-60e4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d459e2ffb541841714839e8228b845458ed3b27 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Thu, 28 Mar 2024 14:23:55 +0100 Subject: [PATCH] netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. Cc: stable(a)vger.kernel.org Fixes: 720344340fb9 ("netfilter: nf_tables: GC transaction race with abort path") Reported-by: Kuan-Ting Chen <hexrabbit(a)devco.re> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index ffcd3213c335..0d432d0674e1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10651,11 +10651,6 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) nf_tables_abort_release(trans); } - if (action == NFNL_ABORT_AUTOLOAD) - nf_tables_module_autoload(net); - else - nf_tables_module_autoload_cleanup(net); - return err; } @@ -10672,6 +10667,14 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb, WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + /* module autoload needs to happen after GC sequence update because it + * temporarily releases and grabs mutex again. + */ + if (action == NFNL_ABORT_AUTOLOAD) + nf_tables_module_autoload(net); + else + nf_tables_module_autoload_cleanup(net); + mutex_unlock(&nft_net->commit_mutex); return ret;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: release batch on table validation from" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a45e6889575c2067d3c0212b6bc1022891e65b91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040501-playpen-squeezing-60a4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a45e6889575c2067d3c0212b6bc1022891e65b91 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Thu, 28 Mar 2024 13:27:36 +0100 Subject: [PATCH] netfilter: nf_tables: release batch on table validation from abort path Unlike early commit path stage which triggers a call to abort, an explicit release of the batch is required on abort, otherwise mutex is released and commit_list remains in place. Add WARN_ON_ONCE to ensure commit_list is empty from the abort path before releasing the mutex. After this patch, commit_list is always assumed to be empty before grabbing the mutex, therefore 03c1f1ef1584 ("netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()") only needs to release the pending modules for registration. Cc: stable(a)vger.kernel.org Fixes: c0391b6ab810 ("netfilter: nf_tables: missing validation from the abort path") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index fd86f2720c9e..ffcd3213c335 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10455,10 +10455,11 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) struct nft_trans *trans, *next; LIST_HEAD(set_update_list); struct nft_trans_elem *te; + int err = 0; if (action == NFNL_ABORT_VALIDATE && nf_tables_validate(net) < 0) - return -EAGAIN; + err = -EAGAIN; list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list, list) { @@ -10655,7 +10656,7 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) else nf_tables_module_autoload_cleanup(net); - return 0; + return err; } static int nf_tables_abort(struct net *net, struct sk_buff *skb, @@ -10668,6 +10669,9 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb, gc_seq = nft_gc_seq_begin(nft_net); ret = __nf_tables_abort(net, action); nft_gc_seq_end(nft_net, gc_seq); + + WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + mutex_unlock(&nft_net->commit_mutex); return ret; @@ -11473,9 +11477,10 @@ static void __net_exit nf_tables_exit_net(struct net *net) gc_seq = nft_gc_seq_begin(nft_net); - if (!list_empty(&nft_net->commit_list) || - !list_empty(&nft_net->module_list)) - __nf_tables_abort(net, NFNL_ABORT_NONE); + WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + + if (!list_empty(&nft_net->module_list)) + nf_tables_module_autoload_cleanup(net); __nft_release_tables(net);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: release batch on table validation from" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a45e6889575c2067d3c0212b6bc1022891e65b91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040500-deodorize-travel-362c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a45e6889575c2067d3c0212b6bc1022891e65b91 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Thu, 28 Mar 2024 13:27:36 +0100 Subject: [PATCH] netfilter: nf_tables: release batch on table validation from abort path Unlike early commit path stage which triggers a call to abort, an explicit release of the batch is required on abort, otherwise mutex is released and commit_list remains in place. Add WARN_ON_ONCE to ensure commit_list is empty from the abort path before releasing the mutex. After this patch, commit_list is always assumed to be empty before grabbing the mutex, therefore 03c1f1ef1584 ("netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()") only needs to release the pending modules for registration. Cc: stable(a)vger.kernel.org Fixes: c0391b6ab810 ("netfilter: nf_tables: missing validation from the abort path") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index fd86f2720c9e..ffcd3213c335 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10455,10 +10455,11 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) struct nft_trans *trans, *next; LIST_HEAD(set_update_list); struct nft_trans_elem *te; + int err = 0; if (action == NFNL_ABORT_VALIDATE && nf_tables_validate(net) < 0) - return -EAGAIN; + err = -EAGAIN; list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list, list) { @@ -10655,7 +10656,7 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) else nf_tables_module_autoload_cleanup(net); - return 0; + return err; } static int nf_tables_abort(struct net *net, struct sk_buff *skb, @@ -10668,6 +10669,9 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb, gc_seq = nft_gc_seq_begin(nft_net); ret = __nf_tables_abort(net, action); nft_gc_seq_end(nft_net, gc_seq); + + WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + mutex_unlock(&nft_net->commit_mutex); return ret; @@ -11473,9 +11477,10 @@ static void __net_exit nf_tables_exit_net(struct net *net) gc_seq = nft_gc_seq_begin(nft_net); - if (!list_empty(&nft_net->commit_list) || - !list_empty(&nft_net->module_list)) - __nf_tables_abort(net, NFNL_ABORT_NONE); + WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + + if (!list_empty(&nft_net->module_list)) + nf_tables_module_autoload_cleanup(net); __nft_release_tables(net);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: release batch on table validation from" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a45e6889575c2067d3c0212b6bc1022891e65b91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040559-mulch-scrimmage-7448@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a45e6889575c2067d3c0212b6bc1022891e65b91 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Thu, 28 Mar 2024 13:27:36 +0100 Subject: [PATCH] netfilter: nf_tables: release batch on table validation from abort path Unlike early commit path stage which triggers a call to abort, an explicit release of the batch is required on abort, otherwise mutex is released and commit_list remains in place. Add WARN_ON_ONCE to ensure commit_list is empty from the abort path before releasing the mutex. After this patch, commit_list is always assumed to be empty before grabbing the mutex, therefore 03c1f1ef1584 ("netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()") only needs to release the pending modules for registration. Cc: stable(a)vger.kernel.org Fixes: c0391b6ab810 ("netfilter: nf_tables: missing validation from the abort path") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index fd86f2720c9e..ffcd3213c335 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10455,10 +10455,11 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) struct nft_trans *trans, *next; LIST_HEAD(set_update_list); struct nft_trans_elem *te; + int err = 0; if (action == NFNL_ABORT_VALIDATE && nf_tables_validate(net) < 0) - return -EAGAIN; + err = -EAGAIN; list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list, list) { @@ -10655,7 +10656,7 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) else nf_tables_module_autoload_cleanup(net); - return 0; + return err; } static int nf_tables_abort(struct net *net, struct sk_buff *skb, @@ -10668,6 +10669,9 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb, gc_seq = nft_gc_seq_begin(nft_net); ret = __nf_tables_abort(net, action); nft_gc_seq_end(nft_net, gc_seq); + + WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + mutex_unlock(&nft_net->commit_mutex); return ret; @@ -11473,9 +11477,10 @@ static void __net_exit nf_tables_exit_net(struct net *net) gc_seq = nft_gc_seq_begin(nft_net); - if (!list_empty(&nft_net->commit_list) || - !list_empty(&nft_net->module_list)) - __nf_tables_abort(net, NFNL_ABORT_NONE); + WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + + if (!list_empty(&nft_net->module_list)) + nf_tables_module_autoload_cleanup(net); __nft_release_tables(net);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] netfilter: nf_tables: release batch on table validation from" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a45e6889575c2067d3c0212b6bc1022891e65b91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040558-uprising-obedience-4f19@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a45e6889575c2067d3c0212b6bc1022891e65b91 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Thu, 28 Mar 2024 13:27:36 +0100 Subject: [PATCH] netfilter: nf_tables: release batch on table validation from abort path Unlike early commit path stage which triggers a call to abort, an explicit release of the batch is required on abort, otherwise mutex is released and commit_list remains in place. Add WARN_ON_ONCE to ensure commit_list is empty from the abort path before releasing the mutex. After this patch, commit_list is always assumed to be empty before grabbing the mutex, therefore 03c1f1ef1584 ("netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()") only needs to release the pending modules for registration. Cc: stable(a)vger.kernel.org Fixes: c0391b6ab810 ("netfilter: nf_tables: missing validation from the abort path") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index fd86f2720c9e..ffcd3213c335 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10455,10 +10455,11 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) struct nft_trans *trans, *next; LIST_HEAD(set_update_list); struct nft_trans_elem *te; + int err = 0; if (action == NFNL_ABORT_VALIDATE && nf_tables_validate(net) < 0) - return -EAGAIN; + err = -EAGAIN; list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list, list) { @@ -10655,7 +10656,7 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) else nf_tables_module_autoload_cleanup(net); - return 0; + return err; } static int nf_tables_abort(struct net *net, struct sk_buff *skb, @@ -10668,6 +10669,9 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb, gc_seq = nft_gc_seq_begin(nft_net); ret = __nf_tables_abort(net, action); nft_gc_seq_end(nft_net, gc_seq); + + WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + mutex_unlock(&nft_net->commit_mutex); return ret; @@ -11473,9 +11477,10 @@ static void __net_exit nf_tables_exit_net(struct net *net) gc_seq = nft_gc_seq_begin(nft_net); - if (!list_empty(&nft_net->commit_list) || - !list_empty(&nft_net->module_list)) - __nf_tables_abort(net, NFNL_ABORT_NONE); + WARN_ON_ONCE(!list_empty(&nft_net->commit_list)); + + if (!list_empty(&nft_net->module_list)) + nf_tables_module_autoload_cleanup(net); __nft_release_tables(net);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: hci_sync: Fix not checking error on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6946b9c99bde45f3ba74e00a7af9a3458cc24bea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040518-subpanel-jockey-8b89@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6946b9c99bde45f3ba74e00a7af9a3458cc24bea Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Date: Tue, 26 Mar 2024 12:43:17 -0400 Subject: [PATCH] Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync hci_cmd_sync_cancel_sync shall check the error passed to it since it will be propagated using req_result which is __u32 it needs to be properly set to a positive value if it was passed as negative othertise IS_ERR will not trigger as -(errno) would be converted to a positive value. Fixes: 63298d6e752f ("Bluetooth: hci_core: Cancel request on command timeout") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Reported-and-tested-by: Thorsten Leemhuis <linux(a)leemhuis.info> Closes: https://lore.kernel.org/all/08275279-7462-4f4a-a0ee-8aa015f829bc@leemhuis.i… diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 1690ae57a09d..a7028d38c1f5 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -2874,7 +2874,7 @@ static void hci_cancel_cmd_sync(struct hci_dev *hdev, int err) cancel_delayed_work_sync(&hdev->ncmd_timer); atomic_set(&hdev->cmd_cnt, 1); - hci_cmd_sync_cancel_sync(hdev, -err); + hci_cmd_sync_cancel_sync(hdev, err); } /* Suspend HCI device */ @@ -2894,7 +2894,7 @@ int hci_suspend_dev(struct hci_dev *hdev) return 0; /* Cancel potentially blocking sync operation before suspend */ - hci_cancel_cmd_sync(hdev, -EHOSTDOWN); + hci_cancel_cmd_sync(hdev, EHOSTDOWN); hci_req_sync_lock(hdev); ret = hci_suspend_sync(hdev); @@ -4210,7 +4210,7 @@ static void hci_send_cmd_sync(struct hci_dev *hdev, struct sk_buff *skb) err = hci_send_frame(hdev, skb); if (err < 0) { - hci_cmd_sync_cancel_sync(hdev, err); + hci_cmd_sync_cancel_sync(hdev, -err); return; } diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 639090b9f4b8..8fe02921adf1 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -617,7 +617,10 @@ void hci_cmd_sync_cancel_sync(struct hci_dev *hdev, int err) bt_dev_dbg(hdev, "err 0x%2.2x", err); if (hdev->req_status == HCI_REQ_PEND) { - hdev->req_result = err; + /* req_result is __u32 so error must be positive to be properly + * propagated. + */ + hdev->req_result = err < 0 ? -err : err; hdev->req_status = HCI_REQ_CANCELED; wake_up_interruptible(&hdev->req_wait_q);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: hci_sync: Fix not checking error on" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6946b9c99bde45f3ba74e00a7af9a3458cc24bea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040517-taking-thousand-bac2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6946b9c99bde45f3ba74e00a7af9a3458cc24bea Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Date: Tue, 26 Mar 2024 12:43:17 -0400 Subject: [PATCH] Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync hci_cmd_sync_cancel_sync shall check the error passed to it since it will be propagated using req_result which is __u32 it needs to be properly set to a positive value if it was passed as negative othertise IS_ERR will not trigger as -(errno) would be converted to a positive value. Fixes: 63298d6e752f ("Bluetooth: hci_core: Cancel request on command timeout") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Reported-and-tested-by: Thorsten Leemhuis <linux(a)leemhuis.info> Closes: https://lore.kernel.org/all/08275279-7462-4f4a-a0ee-8aa015f829bc@leemhuis.i… diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 1690ae57a09d..a7028d38c1f5 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -2874,7 +2874,7 @@ static void hci_cancel_cmd_sync(struct hci_dev *hdev, int err) cancel_delayed_work_sync(&hdev->ncmd_timer); atomic_set(&hdev->cmd_cnt, 1); - hci_cmd_sync_cancel_sync(hdev, -err); + hci_cmd_sync_cancel_sync(hdev, err); } /* Suspend HCI device */ @@ -2894,7 +2894,7 @@ int hci_suspend_dev(struct hci_dev *hdev) return 0; /* Cancel potentially blocking sync operation before suspend */ - hci_cancel_cmd_sync(hdev, -EHOSTDOWN); + hci_cancel_cmd_sync(hdev, EHOSTDOWN); hci_req_sync_lock(hdev); ret = hci_suspend_sync(hdev); @@ -4210,7 +4210,7 @@ static void hci_send_cmd_sync(struct hci_dev *hdev, struct sk_buff *skb) err = hci_send_frame(hdev, skb); if (err < 0) { - hci_cmd_sync_cancel_sync(hdev, err); + hci_cmd_sync_cancel_sync(hdev, -err); return; } diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 639090b9f4b8..8fe02921adf1 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -617,7 +617,10 @@ void hci_cmd_sync_cancel_sync(struct hci_dev *hdev, int err) bt_dev_dbg(hdev, "err 0x%2.2x", err); if (hdev->req_status == HCI_REQ_PEND) { - hdev->req_result = err; + /* req_result is __u32 so error must be positive to be properly + * propagated. + */ + hdev->req_result = err < 0 ? -err : err; hdev->req_status = HCI_REQ_CANCELED; wake_up_interruptible(&hdev->req_wait_q);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: add quirk for broken address properties" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 39646f29b100566451d37abc4cc8cdd583756dfe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040500-resubmit-proofing-698b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39646f29b100566451d37abc4cc8cdd583756dfe Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 20 Mar 2024 08:55:53 +0100 Subject: [PATCH] Bluetooth: add quirk for broken address properties Some Bluetooth controllers lack persistent storage for the device address and instead one can be provided by the boot firmware using the 'local-bd-address' devicetree property. The Bluetooth devicetree bindings clearly states that the address should be specified in little-endian order, but due to a long-standing bug in the Qualcomm driver which reversed the address some boot firmware has been providing the address in big-endian order instead. Add a new quirk that can be set on platforms with broken firmware and use it to reverse the address when parsing the property so that the underlying driver bug can be fixed. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 8701ca5f31ee..5c12761cbc0e 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -176,6 +176,15 @@ enum { */ HCI_QUIRK_USE_BDADDR_PROPERTY, + /* When this quirk is set, the Bluetooth Device Address provided by + * the 'local-bd-address' fwnode property is incorrectly specified in + * big-endian order. + * + * This quirk can be set before hci_register_dev is called or + * during the hdev->setup vendor callback. + */ + HCI_QUIRK_BDADDR_PROPERTY_BROKEN, + /* When this quirk is set, the duplicate filtering during * scanning is based on Bluetooth devices addresses. To allow * RSSI based updates, restart scanning if needed. diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index f6b662369322..639090b9f4b8 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -3416,7 +3416,10 @@ static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev) if (ret < 0 || !bacmp(&ba, BDADDR_ANY)) return; - bacpy(&hdev->public_addr, &ba); + if (test_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks)) + baswap(&hdev->public_addr, &ba); + else + bacpy(&hdev->public_addr, &ba); } struct hci_init_stage {

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: add quirk for broken address properties" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 39646f29b100566451d37abc4cc8cdd583756dfe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040559-spyglass-procedure-4ada@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39646f29b100566451d37abc4cc8cdd583756dfe Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 20 Mar 2024 08:55:53 +0100 Subject: [PATCH] Bluetooth: add quirk for broken address properties Some Bluetooth controllers lack persistent storage for the device address and instead one can be provided by the boot firmware using the 'local-bd-address' devicetree property. The Bluetooth devicetree bindings clearly states that the address should be specified in little-endian order, but due to a long-standing bug in the Qualcomm driver which reversed the address some boot firmware has been providing the address in big-endian order instead. Add a new quirk that can be set on platforms with broken firmware and use it to reverse the address when parsing the property so that the underlying driver bug can be fixed. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 8701ca5f31ee..5c12761cbc0e 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -176,6 +176,15 @@ enum { */ HCI_QUIRK_USE_BDADDR_PROPERTY, + /* When this quirk is set, the Bluetooth Device Address provided by + * the 'local-bd-address' fwnode property is incorrectly specified in + * big-endian order. + * + * This quirk can be set before hci_register_dev is called or + * during the hdev->setup vendor callback. + */ + HCI_QUIRK_BDADDR_PROPERTY_BROKEN, + /* When this quirk is set, the duplicate filtering during * scanning is based on Bluetooth devices addresses. To allow * RSSI based updates, restart scanning if needed. diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index f6b662369322..639090b9f4b8 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -3416,7 +3416,10 @@ static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev) if (ret < 0 || !bacmp(&ba, BDADDR_ANY)) return; - bacpy(&hdev->public_addr, &ba); + if (test_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks)) + baswap(&hdev->public_addr, &ba); + else + bacpy(&hdev->public_addr, &ba); } struct hci_init_stage {

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: add quirk for broken address properties" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 39646f29b100566451d37abc4cc8cdd583756dfe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040558-rigid-bristle-8569@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39646f29b100566451d37abc4cc8cdd583756dfe Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 20 Mar 2024 08:55:53 +0100 Subject: [PATCH] Bluetooth: add quirk for broken address properties Some Bluetooth controllers lack persistent storage for the device address and instead one can be provided by the boot firmware using the 'local-bd-address' devicetree property. The Bluetooth devicetree bindings clearly states that the address should be specified in little-endian order, but due to a long-standing bug in the Qualcomm driver which reversed the address some boot firmware has been providing the address in big-endian order instead. Add a new quirk that can be set on platforms with broken firmware and use it to reverse the address when parsing the property so that the underlying driver bug can be fixed. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 8701ca5f31ee..5c12761cbc0e 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -176,6 +176,15 @@ enum { */ HCI_QUIRK_USE_BDADDR_PROPERTY, + /* When this quirk is set, the Bluetooth Device Address provided by + * the 'local-bd-address' fwnode property is incorrectly specified in + * big-endian order. + * + * This quirk can be set before hci_register_dev is called or + * during the hdev->setup vendor callback. + */ + HCI_QUIRK_BDADDR_PROPERTY_BROKEN, + /* When this quirk is set, the duplicate filtering during * scanning is based on Bluetooth devices addresses. To allow * RSSI based updates, restart scanning if needed. diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index f6b662369322..639090b9f4b8 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -3416,7 +3416,10 @@ static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev) if (ret < 0 || !bacmp(&ba, BDADDR_ANY)) return; - bacpy(&hdev->public_addr, &ba); + if (test_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks)) + baswap(&hdev->public_addr, &ba); + else + bacpy(&hdev->public_addr, &ba); } struct hci_init_stage {

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix device-address endianness" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 77f45cca8bc55d00520a192f5a7715133591c83e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040535-sworn-giver-2cf6@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 77f45cca8bc55d00520a192f5a7715133591c83e Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 20 Mar 2024 08:55:54 +0100 Subject: [PATCH] Bluetooth: qca: fix device-address endianness The WCN6855 firmware on the Lenovo ThinkPad X13s expects the Bluetooth device address in big-endian order when setting it using the EDL_WRITE_BD_ADDR_OPCODE command. Presumably, this is the case for all non-ROME devices which all use the EDL_WRITE_BD_ADDR_OPCODE command for this (unlike the ROME devices which use a different command and expect the address in little-endian order). Reverse the little-endian address before setting it to make sure that the address can be configured using tools like btmgmt or using the 'local-bd-address' devicetree property. Note that this can potentially break systems with boot firmware which has started relying on the broken behaviour and is incorrectly passing the address via devicetree in big-endian order. The only device affected by this should be the WCN3991 used in some Chromebooks. As ChromeOS updates the kernel and devicetree in lockstep, the new 'qcom,local-bd-address-broken' property can be used to determine if the firmware is buggy so that the underlying driver bug can be fixed without breaking backwards compatibility. Set the HCI_QUIRK_BDADDR_PROPERTY_BROKEN quirk for such platforms so that the address is reversed when parsing the address property. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Cc: Balakrishna Godavarthi <quic_bgodavar(a)quicinc.com> Cc: Matthias Kaehlcke <mka(a)chromium.org> Tested-by: Nikita Travkin <nikita(a)trvn.ru> # sc7180 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index b40b32fa7f1c..19cfc342fc7b 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -826,11 +826,15 @@ EXPORT_SYMBOL_GPL(qca_uart_setup); int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) { + bdaddr_t bdaddr_swapped; struct sk_buff *skb; int err; - skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr, - HCI_EV_VENDOR, HCI_INIT_TIMEOUT); + baswap(&bdaddr_swapped, bdaddr); + + skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, + &bdaddr_swapped, HCI_EV_VENDOR, + HCI_INIT_TIMEOUT); if (IS_ERR(skb)) { err = PTR_ERR(skb); bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 4ecbcb1644cc..ecbc52eaf101 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -225,6 +225,7 @@ struct qca_serdev { struct qca_power *bt_power; u32 init_speed; u32 oper_speed; + bool bdaddr_property_broken; const char *firmware_name; }; @@ -1842,6 +1843,7 @@ static int qca_setup(struct hci_uart *hu) const char *firmware_name = qca_get_firmware_name(hu); int ret; struct qca_btsoc_version ver; + struct qca_serdev *qcadev; const char *soc_name; ret = qca_check_speeds(hu); @@ -1904,6 +1906,11 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6855: case QCA_WCN7850: set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + qcadev = serdev_device_get_drvdata(hu->serdev); + if (qcadev->bdaddr_property_broken) + set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks); + hci_set_aosp_capable(hdev); ret = qca_read_soc_version(hdev, &ver, soc_type); @@ -2284,6 +2291,9 @@ static int qca_serdev_probe(struct serdev_device *serdev) if (!qcadev->oper_speed) BT_DBG("UART will pick default operating speed"); + qcadev->bdaddr_property_broken = device_property_read_bool(&serdev->dev, + "qcom,local-bd-address-broken"); + if (data) qcadev->btsoc_type = data->soc_type; else

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix device-address endianness" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 77f45cca8bc55d00520a192f5a7715133591c83e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040534-voltage-civic-90a7@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 77f45cca8bc55d00520a192f5a7715133591c83e Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 20 Mar 2024 08:55:54 +0100 Subject: [PATCH] Bluetooth: qca: fix device-address endianness The WCN6855 firmware on the Lenovo ThinkPad X13s expects the Bluetooth device address in big-endian order when setting it using the EDL_WRITE_BD_ADDR_OPCODE command. Presumably, this is the case for all non-ROME devices which all use the EDL_WRITE_BD_ADDR_OPCODE command for this (unlike the ROME devices which use a different command and expect the address in little-endian order). Reverse the little-endian address before setting it to make sure that the address can be configured using tools like btmgmt or using the 'local-bd-address' devicetree property. Note that this can potentially break systems with boot firmware which has started relying on the broken behaviour and is incorrectly passing the address via devicetree in big-endian order. The only device affected by this should be the WCN3991 used in some Chromebooks. As ChromeOS updates the kernel and devicetree in lockstep, the new 'qcom,local-bd-address-broken' property can be used to determine if the firmware is buggy so that the underlying driver bug can be fixed without breaking backwards compatibility. Set the HCI_QUIRK_BDADDR_PROPERTY_BROKEN quirk for such platforms so that the address is reversed when parsing the address property. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Cc: Balakrishna Godavarthi <quic_bgodavar(a)quicinc.com> Cc: Matthias Kaehlcke <mka(a)chromium.org> Tested-by: Nikita Travkin <nikita(a)trvn.ru> # sc7180 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index b40b32fa7f1c..19cfc342fc7b 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -826,11 +826,15 @@ EXPORT_SYMBOL_GPL(qca_uart_setup); int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) { + bdaddr_t bdaddr_swapped; struct sk_buff *skb; int err; - skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr, - HCI_EV_VENDOR, HCI_INIT_TIMEOUT); + baswap(&bdaddr_swapped, bdaddr); + + skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, + &bdaddr_swapped, HCI_EV_VENDOR, + HCI_INIT_TIMEOUT); if (IS_ERR(skb)) { err = PTR_ERR(skb); bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 4ecbcb1644cc..ecbc52eaf101 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -225,6 +225,7 @@ struct qca_serdev { struct qca_power *bt_power; u32 init_speed; u32 oper_speed; + bool bdaddr_property_broken; const char *firmware_name; }; @@ -1842,6 +1843,7 @@ static int qca_setup(struct hci_uart *hu) const char *firmware_name = qca_get_firmware_name(hu); int ret; struct qca_btsoc_version ver; + struct qca_serdev *qcadev; const char *soc_name; ret = qca_check_speeds(hu); @@ -1904,6 +1906,11 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6855: case QCA_WCN7850: set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + qcadev = serdev_device_get_drvdata(hu->serdev); + if (qcadev->bdaddr_property_broken) + set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks); + hci_set_aosp_capable(hdev); ret = qca_read_soc_version(hdev, &ver, soc_type); @@ -2284,6 +2291,9 @@ static int qca_serdev_probe(struct serdev_device *serdev) if (!qcadev->oper_speed) BT_DBG("UART will pick default operating speed"); + qcadev->bdaddr_property_broken = device_property_read_bool(&serdev->dev, + "qcom,local-bd-address-broken"); + if (data) qcadev->btsoc_type = data->soc_type; else

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix device-address endianness" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 77f45cca8bc55d00520a192f5a7715133591c83e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040532-revolt-overreact-690a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 77f45cca8bc55d00520a192f5a7715133591c83e Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 20 Mar 2024 08:55:54 +0100 Subject: [PATCH] Bluetooth: qca: fix device-address endianness The WCN6855 firmware on the Lenovo ThinkPad X13s expects the Bluetooth device address in big-endian order when setting it using the EDL_WRITE_BD_ADDR_OPCODE command. Presumably, this is the case for all non-ROME devices which all use the EDL_WRITE_BD_ADDR_OPCODE command for this (unlike the ROME devices which use a different command and expect the address in little-endian order). Reverse the little-endian address before setting it to make sure that the address can be configured using tools like btmgmt or using the 'local-bd-address' devicetree property. Note that this can potentially break systems with boot firmware which has started relying on the broken behaviour and is incorrectly passing the address via devicetree in big-endian order. The only device affected by this should be the WCN3991 used in some Chromebooks. As ChromeOS updates the kernel and devicetree in lockstep, the new 'qcom,local-bd-address-broken' property can be used to determine if the firmware is buggy so that the underlying driver bug can be fixed without breaking backwards compatibility. Set the HCI_QUIRK_BDADDR_PROPERTY_BROKEN quirk for such platforms so that the address is reversed when parsing the address property. Fixes: 5c0a1001c8be ("Bluetooth: hci_qca: Add helper to set device address") Cc: stable(a)vger.kernel.org # 5.1 Cc: Balakrishna Godavarthi <quic_bgodavar(a)quicinc.com> Cc: Matthias Kaehlcke <mka(a)chromium.org> Tested-by: Nikita Travkin <nikita(a)trvn.ru> # sc7180 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index b40b32fa7f1c..19cfc342fc7b 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -826,11 +826,15 @@ EXPORT_SYMBOL_GPL(qca_uart_setup); int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) { + bdaddr_t bdaddr_swapped; struct sk_buff *skb; int err; - skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr, - HCI_EV_VENDOR, HCI_INIT_TIMEOUT); + baswap(&bdaddr_swapped, bdaddr); + + skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, + &bdaddr_swapped, HCI_EV_VENDOR, + HCI_INIT_TIMEOUT); if (IS_ERR(skb)) { err = PTR_ERR(skb); bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err); diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 4ecbcb1644cc..ecbc52eaf101 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -225,6 +225,7 @@ struct qca_serdev { struct qca_power *bt_power; u32 init_speed; u32 oper_speed; + bool bdaddr_property_broken; const char *firmware_name; }; @@ -1842,6 +1843,7 @@ static int qca_setup(struct hci_uart *hu) const char *firmware_name = qca_get_firmware_name(hu); int ret; struct qca_btsoc_version ver; + struct qca_serdev *qcadev; const char *soc_name; ret = qca_check_speeds(hu); @@ -1904,6 +1906,11 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6855: case QCA_WCN7850: set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); + + qcadev = serdev_device_get_drvdata(hu->serdev); + if (qcadev->bdaddr_property_broken) + set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks); + hci_set_aosp_capable(hdev); ret = qca_read_soc_version(hdev, &ver, soc_type); @@ -2284,6 +2291,9 @@ static int qca_serdev_probe(struct serdev_device *serdev) if (!qcadev->oper_speed) BT_DBG("UART will pick default operating speed"); + qcadev->bdaddr_property_broken = device_property_read_bool(&serdev->dev, + "qcom,local-bd-address-broken"); + if (data) qcadev->btsoc_type = data->soc_type; else

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e12e28009e584c8f8363439f6a928ec86278a106 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040509-hyperlink-tartar-3f06@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e12e28009e584c8f8363439f6a928ec86278a106 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 20 Mar 2024 08:55:52 +0100 Subject: [PATCH] arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Several Qualcomm Bluetooth controllers lack persistent storage for the device address and instead one can be provided by the boot firmware using the 'local-bd-address' devicetree property. The Bluetooth bindings clearly states that the address should be specified in little-endian order, but due to a long-standing bug in the Qualcomm driver which reversed the address some boot firmware has been providing the address in big-endian order instead. The boot firmware in SC7180 Trogdor Chromebooks is known to be affected so mark the 'local-bd-address' property as broken to maintain backwards compatibility with older firmware when fixing the underlying driver bug. Note that ChromeOS always updates the kernel and devicetree in lockstep so that there is no need to handle backwards compatibility with older devicetrees. Fixes: 7ec3e67307f8 ("arm64: dts: qcom: sc7180-trogdor: add initial trogdor and lazor dt") Cc: stable(a)vger.kernel.org # 5.10 Cc: Rob Clark <robdclark(a)chromium.org> Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Acked-by: Bjorn Andersson <andersson(a)kernel.org> Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi index f3a6da8b2890..5260c63db007 100644 --- a/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi @@ -944,6 +944,8 @@ bluetooth: bluetooth { vddrf-supply = <&pp1300_l2c>; vddch0-supply = <&pp3300_l10c>; max-speed = <3200000>; + + qcom,local-bd-address-broken; }; };

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] selinux: avoid dereference of garbage after mount failure" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 37801a36b4d68892ce807264f784d818f8d0d39b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040539-tabloid-happening-a6d3@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 37801a36b4d6 ("selinux: avoid dereference of garbage after mount failure") cd2bb4cb0996 ("selinux: mark some global variables __ro_after_init") db478cd60d55 ("selinux: make selinuxfs_mount static") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37801a36b4d68892ce807264f784d818f8d0d39b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones(a)googlemail.com> Date: Thu, 28 Mar 2024 20:16:58 +0100 Subject: [PATCH] selinux: avoid dereference of garbage after mount failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. Cc: stable(a)vger.kernel.org Fixes: 0619f0f5e36f ("selinux: wrap selinuxfs state") Signed-off-by: Christian Göttsche <cgzones(a)googlemail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 0619a1cbbfbe..074d6c2714eb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -2123,7 +2123,6 @@ static struct file_system_type sel_fs_type = { .kill_sb = sel_kill_sb, }; -static struct vfsmount *selinuxfs_mount __ro_after_init; struct path selinux_null __ro_after_init; static int __init init_sel_fs(void) @@ -2145,18 +2144,21 @@ static int __init init_sel_fs(void) return err; } - selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); - if (IS_ERR(selinuxfs_mount)) { + selinux_null.mnt = kern_mount(&sel_fs_type); + if (IS_ERR(selinux_null.mnt)) { pr_err("selinuxfs: could not mount!\n"); - err = PTR_ERR(selinuxfs_mount); - selinuxfs_mount = NULL; + err = PTR_ERR(selinux_null.mnt); + selinux_null.mnt = NULL; + return err; } + selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, &null_name); if (IS_ERR(selinux_null.dentry)) { pr_err("selinuxfs: could not lookup null!\n"); err = PTR_ERR(selinux_null.dentry); selinux_null.dentry = NULL; + return err; } return err;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] selinux: avoid dereference of garbage after mount failure" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 37801a36b4d68892ce807264f784d818f8d0d39b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040538-clip-legwarmer-18fc@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 37801a36b4d6 ("selinux: avoid dereference of garbage after mount failure") cd2bb4cb0996 ("selinux: mark some global variables __ro_after_init") db478cd60d55 ("selinux: make selinuxfs_mount static") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37801a36b4d68892ce807264f784d818f8d0d39b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones(a)googlemail.com> Date: Thu, 28 Mar 2024 20:16:58 +0100 Subject: [PATCH] selinux: avoid dereference of garbage after mount failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. Cc: stable(a)vger.kernel.org Fixes: 0619f0f5e36f ("selinux: wrap selinuxfs state") Signed-off-by: Christian Göttsche <cgzones(a)googlemail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 0619a1cbbfbe..074d6c2714eb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -2123,7 +2123,6 @@ static struct file_system_type sel_fs_type = { .kill_sb = sel_kill_sb, }; -static struct vfsmount *selinuxfs_mount __ro_after_init; struct path selinux_null __ro_after_init; static int __init init_sel_fs(void) @@ -2145,18 +2144,21 @@ static int __init init_sel_fs(void) return err; } - selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); - if (IS_ERR(selinuxfs_mount)) { + selinux_null.mnt = kern_mount(&sel_fs_type); + if (IS_ERR(selinux_null.mnt)) { pr_err("selinuxfs: could not mount!\n"); - err = PTR_ERR(selinuxfs_mount); - selinuxfs_mount = NULL; + err = PTR_ERR(selinux_null.mnt); + selinux_null.mnt = NULL; + return err; } + selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, &null_name); if (IS_ERR(selinux_null.dentry)) { pr_err("selinuxfs: could not lookup null!\n"); err = PTR_ERR(selinux_null.dentry); selinux_null.dentry = NULL; + return err; } return err;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] selinux: avoid dereference of garbage after mount failure" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 37801a36b4d68892ce807264f784d818f8d0d39b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040537-reexamine-stunner-cd63@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 37801a36b4d6 ("selinux: avoid dereference of garbage after mount failure") cd2bb4cb0996 ("selinux: mark some global variables __ro_after_init") db478cd60d55 ("selinux: make selinuxfs_mount static") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37801a36b4d68892ce807264f784d818f8d0d39b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones(a)googlemail.com> Date: Thu, 28 Mar 2024 20:16:58 +0100 Subject: [PATCH] selinux: avoid dereference of garbage after mount failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. Cc: stable(a)vger.kernel.org Fixes: 0619f0f5e36f ("selinux: wrap selinuxfs state") Signed-off-by: Christian Göttsche <cgzones(a)googlemail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 0619a1cbbfbe..074d6c2714eb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -2123,7 +2123,6 @@ static struct file_system_type sel_fs_type = { .kill_sb = sel_kill_sb, }; -static struct vfsmount *selinuxfs_mount __ro_after_init; struct path selinux_null __ro_after_init; static int __init init_sel_fs(void) @@ -2145,18 +2144,21 @@ static int __init init_sel_fs(void) return err; } - selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); - if (IS_ERR(selinuxfs_mount)) { + selinux_null.mnt = kern_mount(&sel_fs_type); + if (IS_ERR(selinux_null.mnt)) { pr_err("selinuxfs: could not mount!\n"); - err = PTR_ERR(selinuxfs_mount); - selinuxfs_mount = NULL; + err = PTR_ERR(selinux_null.mnt); + selinux_null.mnt = NULL; + return err; } + selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, &null_name); if (IS_ERR(selinux_null.dentry)) { pr_err("selinuxfs: could not lookup null!\n"); err = PTR_ERR(selinux_null.dentry); selinux_null.dentry = NULL; + return err; } return err;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Add support for allowing zero SEV ASIDs" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0aa6b90ef9d75b4bd7b6d106d85f2a3437697f91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040517-motivator-seismic-4389@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0aa6b90ef9d7 ("KVM: SVM: Add support for allowing zero SEV ASIDs") 466eec4a22a7 ("KVM: SVM: Use unsigned integers when dealing with ASIDs") 106ed2cad9f7 ("KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails") 6d1bc9754b04 ("KVM: SVM: enhance info printk's in SEV init") 73412dfeea72 ("KVM: SVM: do not allocate struct svm_cpu_data dynamically") 181d0fb0bb02 ("KVM: SVM: remove dead field from struct svm_cpu_data") 4bbef7e8eb8c ("KVM: SVM: Simplify and harden helper to flush SEV guest page(s)") 58356767107a ("KVM: SVM: Allocate sd->save_area with __GFP_ZERO") 91b692a03c99 ("KVM: SEV: provide helpers to charge/uncharge misc_cg") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0aa6b90ef9d75b4bd7b6d106d85f2a3437697f91 Mon Sep 17 00:00:00 2001 From: Ashish Kalra <ashish.kalra(a)amd.com> Date: Wed, 31 Jan 2024 15:56:08 -0800 Subject: [PATCH] KVM: SVM: Add support for allowing zero SEV ASIDs Some BIOSes allow the end user to set the minimum SEV ASID value (CPUID 0x8000001F_EDX) to be greater than the maximum number of encrypted guests, or maximum SEV ASID value (CPUID 0x8000001F_ECX) in order to dedicate all the SEV ASIDs to SEV-ES or SEV-SNP. The SEV support, as coded, does not handle the case where the minimum SEV ASID value can be greater than the maximum SEV ASID value. As a result, the following confusing message is issued: [ 30.715724] kvm_amd: SEV enabled (ASIDs 1007 - 1006) Fix the support to properly handle this case. Fixes: 916391a2d1dc ("KVM: SVM: Add support for SEV-ES capability in KVM") Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20240104190520.62510-1-Ashish.Kalra@amd.com Link: https://lore.kernel.org/r/20240131235609.4161407-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index eeef43c795d8..5f8312edee36 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -144,10 +144,21 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) static int sev_asid_new(struct kvm_sev_info *sev) { - unsigned int asid, min_asid, max_asid; + /* + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. + * Note: min ASID can end up larger than the max if basic SEV support is + * effectively disabled by disallowing use of ASIDs for SEV guests. + */ + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; + unsigned int asid; bool retry = true; int ret; + if (min_asid > max_asid) + return -ENOTTY; + WARN_ON(sev->misc_cg); sev->misc_cg = get_current_misc_cg(); ret = sev_misc_cg_try_charge(sev); @@ -159,12 +170,6 @@ static int sev_asid_new(struct kvm_sev_info *sev) mutex_lock(&sev_bitmap_lock); - /* - * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. - * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. - */ - min_asid = sev->es_active ? 1 : min_sev_asid; - max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); if (asid > max_asid) { @@ -2234,8 +2239,10 @@ void __init sev_hardware_setup(void) goto out; } - sev_asid_count = max_sev_asid - min_sev_asid + 1; - WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + if (min_sev_asid <= max_sev_asid) { + sev_asid_count = max_sev_asid - min_sev_asid + 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + } sev_supported = true; /* SEV-ES support requested? */ @@ -2266,7 +2273,9 @@ void __init sev_hardware_setup(void) out: if (boot_cpu_has(X86_FEATURE_SEV)) pr_info("SEV %s (ASIDs %u - %u)\n", - sev_supported ? "enabled" : "disabled", + sev_supported ? min_sev_asid <= max_sev_asid ? "enabled" : + "unusable" : + "disabled", min_sev_asid, max_sev_asid); if (boot_cpu_has(X86_FEATURE_SEV_ES)) pr_info("SEV-ES %s (ASIDs %u - %u)\n",

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Add support for allowing zero SEV ASIDs" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0aa6b90ef9d75b4bd7b6d106d85f2a3437697f91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040516-helmet-aware-9f06@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0aa6b90ef9d7 ("KVM: SVM: Add support for allowing zero SEV ASIDs") 466eec4a22a7 ("KVM: SVM: Use unsigned integers when dealing with ASIDs") 106ed2cad9f7 ("KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails") 6d1bc9754b04 ("KVM: SVM: enhance info printk's in SEV init") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0aa6b90ef9d75b4bd7b6d106d85f2a3437697f91 Mon Sep 17 00:00:00 2001 From: Ashish Kalra <ashish.kalra(a)amd.com> Date: Wed, 31 Jan 2024 15:56:08 -0800 Subject: [PATCH] KVM: SVM: Add support for allowing zero SEV ASIDs Some BIOSes allow the end user to set the minimum SEV ASID value (CPUID 0x8000001F_EDX) to be greater than the maximum number of encrypted guests, or maximum SEV ASID value (CPUID 0x8000001F_ECX) in order to dedicate all the SEV ASIDs to SEV-ES or SEV-SNP. The SEV support, as coded, does not handle the case where the minimum SEV ASID value can be greater than the maximum SEV ASID value. As a result, the following confusing message is issued: [ 30.715724] kvm_amd: SEV enabled (ASIDs 1007 - 1006) Fix the support to properly handle this case. Fixes: 916391a2d1dc ("KVM: SVM: Add support for SEV-ES capability in KVM") Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20240104190520.62510-1-Ashish.Kalra@amd.com Link: https://lore.kernel.org/r/20240131235609.4161407-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index eeef43c795d8..5f8312edee36 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -144,10 +144,21 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) static int sev_asid_new(struct kvm_sev_info *sev) { - unsigned int asid, min_asid, max_asid; + /* + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. + * Note: min ASID can end up larger than the max if basic SEV support is + * effectively disabled by disallowing use of ASIDs for SEV guests. + */ + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; + unsigned int asid; bool retry = true; int ret; + if (min_asid > max_asid) + return -ENOTTY; + WARN_ON(sev->misc_cg); sev->misc_cg = get_current_misc_cg(); ret = sev_misc_cg_try_charge(sev); @@ -159,12 +170,6 @@ static int sev_asid_new(struct kvm_sev_info *sev) mutex_lock(&sev_bitmap_lock); - /* - * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. - * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. - */ - min_asid = sev->es_active ? 1 : min_sev_asid; - max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); if (asid > max_asid) { @@ -2234,8 +2239,10 @@ void __init sev_hardware_setup(void) goto out; } - sev_asid_count = max_sev_asid - min_sev_asid + 1; - WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + if (min_sev_asid <= max_sev_asid) { + sev_asid_count = max_sev_asid - min_sev_asid + 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + } sev_supported = true; /* SEV-ES support requested? */ @@ -2266,7 +2273,9 @@ void __init sev_hardware_setup(void) out: if (boot_cpu_has(X86_FEATURE_SEV)) pr_info("SEV %s (ASIDs %u - %u)\n", - sev_supported ? "enabled" : "disabled", + sev_supported ? min_sev_asid <= max_sev_asid ? "enabled" : + "unusable" : + "disabled", min_sev_asid, max_sev_asid); if (boot_cpu_has(X86_FEATURE_SEV_ES)) pr_info("SEV-ES %s (ASIDs %u - %u)\n",

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Add support for allowing zero SEV ASIDs" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0aa6b90ef9d75b4bd7b6d106d85f2a3437697f91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040515-playlist-dramatize-da62@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0aa6b90ef9d7 ("KVM: SVM: Add support for allowing zero SEV ASIDs") 466eec4a22a7 ("KVM: SVM: Use unsigned integers when dealing with ASIDs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0aa6b90ef9d75b4bd7b6d106d85f2a3437697f91 Mon Sep 17 00:00:00 2001 From: Ashish Kalra <ashish.kalra(a)amd.com> Date: Wed, 31 Jan 2024 15:56:08 -0800 Subject: [PATCH] KVM: SVM: Add support for allowing zero SEV ASIDs Some BIOSes allow the end user to set the minimum SEV ASID value (CPUID 0x8000001F_EDX) to be greater than the maximum number of encrypted guests, or maximum SEV ASID value (CPUID 0x8000001F_ECX) in order to dedicate all the SEV ASIDs to SEV-ES or SEV-SNP. The SEV support, as coded, does not handle the case where the minimum SEV ASID value can be greater than the maximum SEV ASID value. As a result, the following confusing message is issued: [ 30.715724] kvm_amd: SEV enabled (ASIDs 1007 - 1006) Fix the support to properly handle this case. Fixes: 916391a2d1dc ("KVM: SVM: Add support for SEV-ES capability in KVM") Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20240104190520.62510-1-Ashish.Kalra@amd.com Link: https://lore.kernel.org/r/20240131235609.4161407-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index eeef43c795d8..5f8312edee36 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -144,10 +144,21 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) static int sev_asid_new(struct kvm_sev_info *sev) { - unsigned int asid, min_asid, max_asid; + /* + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. + * Note: min ASID can end up larger than the max if basic SEV support is + * effectively disabled by disallowing use of ASIDs for SEV guests. + */ + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; + unsigned int asid; bool retry = true; int ret; + if (min_asid > max_asid) + return -ENOTTY; + WARN_ON(sev->misc_cg); sev->misc_cg = get_current_misc_cg(); ret = sev_misc_cg_try_charge(sev); @@ -159,12 +170,6 @@ static int sev_asid_new(struct kvm_sev_info *sev) mutex_lock(&sev_bitmap_lock); - /* - * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. - * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. - */ - min_asid = sev->es_active ? 1 : min_sev_asid; - max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); if (asid > max_asid) { @@ -2234,8 +2239,10 @@ void __init sev_hardware_setup(void) goto out; } - sev_asid_count = max_sev_asid - min_sev_asid + 1; - WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + if (min_sev_asid <= max_sev_asid) { + sev_asid_count = max_sev_asid - min_sev_asid + 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + } sev_supported = true; /* SEV-ES support requested? */ @@ -2266,7 +2273,9 @@ void __init sev_hardware_setup(void) out: if (boot_cpu_has(X86_FEATURE_SEV)) pr_info("SEV %s (ASIDs %u - %u)\n", - sev_supported ? "enabled" : "disabled", + sev_supported ? min_sev_asid <= max_sev_asid ? "enabled" : + "unusable" : + "disabled", min_sev_asid, max_sev_asid); if (boot_cpu_has(X86_FEATURE_SEV_ES)) pr_info("SEV-ES %s (ASIDs %u - %u)\n",

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Add support for allowing zero SEV ASIDs" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 0aa6b90ef9d75b4bd7b6d106d85f2a3437697f91 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040514-aside-bunt-f4d9@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 0aa6b90ef9d7 ("KVM: SVM: Add support for allowing zero SEV ASIDs") 466eec4a22a7 ("KVM: SVM: Use unsigned integers when dealing with ASIDs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0aa6b90ef9d75b4bd7b6d106d85f2a3437697f91 Mon Sep 17 00:00:00 2001 From: Ashish Kalra <ashish.kalra(a)amd.com> Date: Wed, 31 Jan 2024 15:56:08 -0800 Subject: [PATCH] KVM: SVM: Add support for allowing zero SEV ASIDs Some BIOSes allow the end user to set the minimum SEV ASID value (CPUID 0x8000001F_EDX) to be greater than the maximum number of encrypted guests, or maximum SEV ASID value (CPUID 0x8000001F_ECX) in order to dedicate all the SEV ASIDs to SEV-ES or SEV-SNP. The SEV support, as coded, does not handle the case where the minimum SEV ASID value can be greater than the maximum SEV ASID value. As a result, the following confusing message is issued: [ 30.715724] kvm_amd: SEV enabled (ASIDs 1007 - 1006) Fix the support to properly handle this case. Fixes: 916391a2d1dc ("KVM: SVM: Add support for SEV-ES capability in KVM") Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> Cc: stable(a)vger.kernel.org Acked-by: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20240104190520.62510-1-Ashish.Kalra@amd.com Link: https://lore.kernel.org/r/20240131235609.4161407-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index eeef43c795d8..5f8312edee36 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -144,10 +144,21 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) static int sev_asid_new(struct kvm_sev_info *sev) { - unsigned int asid, min_asid, max_asid; + /* + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. + * Note: min ASID can end up larger than the max if basic SEV support is + * effectively disabled by disallowing use of ASIDs for SEV guests. + */ + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; + unsigned int asid; bool retry = true; int ret; + if (min_asid > max_asid) + return -ENOTTY; + WARN_ON(sev->misc_cg); sev->misc_cg = get_current_misc_cg(); ret = sev_misc_cg_try_charge(sev); @@ -159,12 +170,6 @@ static int sev_asid_new(struct kvm_sev_info *sev) mutex_lock(&sev_bitmap_lock); - /* - * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. - * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. - */ - min_asid = sev->es_active ? 1 : min_sev_asid; - max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; again: asid = find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); if (asid > max_asid) { @@ -2234,8 +2239,10 @@ void __init sev_hardware_setup(void) goto out; } - sev_asid_count = max_sev_asid - min_sev_asid + 1; - WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + if (min_sev_asid <= max_sev_asid) { + sev_asid_count = max_sev_asid - min_sev_asid + 1; + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); + } sev_supported = true; /* SEV-ES support requested? */ @@ -2266,7 +2273,9 @@ void __init sev_hardware_setup(void) out: if (boot_cpu_has(X86_FEATURE_SEV)) pr_info("SEV %s (ASIDs %u - %u)\n", - sev_supported ? "enabled" : "disabled", + sev_supported ? min_sev_asid <= max_sev_asid ? "enabled" : + "unusable" : + "disabled", min_sev_asid, max_sev_asid); if (boot_cpu_has(X86_FEATURE_SEV_ES)) pr_info("SEV-ES %s (ASIDs %u - %u)\n",

1 year, 5 months

1
0
0 0

v6.8 stable backport request for drm/i915

by Imre Deak

Stable team, please backport the following upstream commit to 6.8: commit 7a51a2aa2384 ("drm/i915/dp: Fix DSC state HW readout for SST connectors") Thanks, Imre

1 year, 5 months

3
3
0 0

[PATCH v2 2/7] btrfs: reduce the log level for btrfs_dev_stat_inc_and_print()

by Qu Wenruo

Currently when we increase the device statistics, it would always lead to an error message in the kernel log. However this output is mostly duplicated with the existing ones: - For scrub operations We always have the following messages: * "fixed up error at logical %llu" * "unable to fixup (regular) error at logical %llu" So no matter if the corruption is repaired or not, it scrub would output an error message to indicate the problem. - For non-scrub read operations We also have the following messages: * "csum failed root %lld inode %llu off %llu" for data csum mismatch * "bad (tree block start|fsid|tree block level)" for metadata * "read error corrected: ino %llu off %llu" for repaired data/metadata So the error message from btrfs_dev_stat_inc_and_print() is duplicated. The real usage for the btrfs device statistics is for some user space daemon to check if there is any new errors, acting like some checks on SMART, thus we don't really need/want those messages in dmesg. This patch would reduce the log level to debug (disabled by default) for btrfs_dev_stat_inc_and_print(). For users really want to utilize btrfs devices statistics, they should go check "btrfs device stats" periodically, and we should focus the kernel error messages to more important things. CC: stable(a)vger.kernel.org Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/volumes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index e49935a54da0..126145950ed3 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -7828,7 +7828,7 @@ void btrfs_dev_stat_inc_and_print(struct btrfs_device *dev, int index) if (!dev->dev_stats_valid) return; - btrfs_err_rl_in_rcu(dev->fs_info, + btrfs_debug_rl_in_rcu(dev->fs_info, "bdev %s errs: wr %u, rd %u, flush %u, corrupt %u, gen %u", btrfs_dev_name(dev), btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_WRITE_ERRS), -- 2.44.0

1 year, 5 months

3
2
0 0

[PATCH 6.8 00/11] 6.8.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.4 release. There are 11 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Apr 2024 17:51:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.4-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.4-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue.c: Increase workqueue name length" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Move pwq->max_active to wq->max_active" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Factor out pwq_is_empty()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Move nr_active handling into helpers" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Make wq_adjust_max_active() round-robin pwqs while activating" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: RCU protect wq->dfl_pwq and implement accessors for it" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Introduce struct wq_node_nr_active" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Implement system-wide nr_active enforcement for unbound workqueues" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Shorten events_freezable_power_efficient name" ------------- Diffstat: Makefile | 4 +- include/linux/workqueue.h | 35 +-- kernel/workqueue.c | 757 ++++++++-------------------------------------- 3 files changed, 132 insertions(+), 664 deletions(-)

1 year, 5 months

10
20
0 0

[PATCH 6.6 00/11] 6.6.25-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.25 release. There are 11 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Apr 2024 17:51:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.25-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.25-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue.c: Increase workqueue name length" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Move pwq->max_active to wq->max_active" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Factor out pwq_is_empty()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Move nr_active handling into helpers" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Make wq_adjust_max_active() round-robin pwqs while activating" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: RCU protect wq->dfl_pwq and implement accessors for it" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Introduce struct wq_node_nr_active" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Implement system-wide nr_active enforcement for unbound workqueues" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "workqueue: Shorten events_freezable_power_efficient name" ------------- Diffstat: Makefile | 4 +- include/linux/workqueue.h | 35 +-- kernel/workqueue.c | 757 ++++++++-------------------------------------- 3 files changed, 132 insertions(+), 664 deletions(-)

1 year, 5 months

8
18
0 0

+ userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE has been added to the -mm mm-hotfixes-unstable branch. Its filename is userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lokesh Gidra <lokeshgidra(a)google.com> Subject: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Date: Thu, 4 Apr 2024 10:17:26 -0700 Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails") moved the src_folio->{mapping, index} changing to after clearing the page-table and ensuring that it's not pinned. This avoids failure of swapout+migration and possibly memory corruption. However, the commit missed fixing it in the huge-page case. Link: https://lkml.kernel.org/r/20240404171726.2302435-1-lokeshgidra@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/huge_memory.c~userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move +++ a/mm/huge_memory.c @@ -2259,9 +2259,6 @@ int move_pages_huge_pmd(struct mm_struct goto unlock_ptls; } - folio_move_anon_rmap(src_folio, dst_vma); - WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); - src_pmdval = pmdp_huge_clear_flush(src_vma, src_addr, src_pmd); /* Folio got pinned from under us. Put it back and fail the move. */ if (folio_maybe_dma_pinned(src_folio)) { @@ -2270,6 +2267,9 @@ int move_pages_huge_pmd(struct mm_struct goto unlock_ptls; } + folio_move_anon_rmap(src_folio, dst_vma); + WRITE_ONCE(src_folio->index, linear_page_index(dst_vma, dst_addr)); + _dst_pmd = mk_huge_pmd(&src_folio->page, dst_vma->vm_page_prot); /* Follow mremap() behavior and treat the entry dirty after the move */ _dst_pmd = pmd_mkwrite(pmd_mkdirty(_dst_pmd), dst_vma); _ Patches currently in -mm which might be from lokeshgidra(a)google.com are userfaultfd-change-src_folio-after-ensuring-its-unpinned-in-uffdio_move.patch

1 year, 5 months

1
0
0 0

Linux 6.6.25

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.25 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 include/linux/workqueue.h | 35 -- kernel/workqueue.c | 757 +++++++--------------------------------------- 3 files changed, 131 insertions(+), 663 deletions(-) Greg Kroah-Hartman (12): Revert "workqueue: Shorten events_freezable_power_efficient name" Revert "workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()" Revert "workqueue: Implement system-wide nr_active enforcement for unbound workqueues" Revert "workqueue: Introduce struct wq_node_nr_active" Revert "workqueue: RCU protect wq->dfl_pwq and implement accessors for it" Revert "workqueue: Make wq_adjust_max_active() round-robin pwqs while activating" Revert "workqueue: Move nr_active handling into helpers" Revert "workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()" Revert "workqueue: Factor out pwq_is_empty()" Revert "workqueue: Move pwq->max_active to wq->max_active" Revert "workqueue.c: Increase workqueue name length" Linux 6.6.25

1 year, 5 months

1
1
0 0

[PATCH v6] media: uvcvideo: Add quirk for Logitech Rally Bar

by Ricardo Ribalda

Logitech Rally Bar devices, despite behaving as UVC cameras, have a different power management system that the other cameras from Logitech. USB_QUIRK_RESET_RESUME is applied to all the UVC cameras from Logitech at the usb core. Unfortunately, USB_QUIRK_RESET_RESUME causes undesired USB disconnects in the Rally Bar that make them completely unusable. There is an open discussion about if we should fix this in the core or add a quirk in the UVC driver. In order to enable this hardware, let's land this patch first, and we can revert it later if there is a different conclusion. Fixes: e387ef5c47dd ("usb: Add USB_QUIRK_RESET_RESUME for all Logitech UVC webcams") Cc: <stable(a)vger.kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: Oliver Neukum <oneukum(a)suse.com> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Devinder Khroad <dkhroad(a)logitech.com> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Tested with a Rallybar Mini with an Acer Chromebook Spin 513 --- Changes in v6: Thanks Laurent - Fix subject line. - Move quirk before device init message. - Link to v5: https://lore.kernel.org/r/20240402-rallybar-v5-1-7bdd0fbc51f7@chromium.org Changes in v5: - Update commit message to describe that this is a temp solution. - Link to v4: https://lore.kernel.org/r/20240108-rallybar-v4-1-a7450641e41b@chromium.org Changes in v4: - Include Logi Rally Bar Huddle (Thanks Kyle!) - Link to v3: https://lore.kernel.org/r/20240102-rallybar-v3-1-0ab197ce4aa2@chromium.org Changes in v3: - Move quirk to uvc driver - Link to v2: https://lore.kernel.org/r/20231222-rallybar-v2-1-5849d62a9514@chromium.org Changes in v2: - Add Fixes tag - Add UVC maintainer as Cc - Link to v1: https://lore.kernel.org/r/20231222-rallybar-v1-1-82b2a4d3106f@chromium.org --- drivers/media/usb/uvc/uvc_driver.c | 31 +++++++++++++++++++++++++++++++ drivers/media/usb/uvc/uvcvideo.h | 1 + 2 files changed, 32 insertions(+) diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index 08fcd2ffa727b..1b4fb9f46bc83 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -14,6 +14,7 @@ #include <linux/module.h> #include <linux/slab.h> #include <linux/usb.h> +#include <linux/usb/quirks.h> #include <linux/usb/uvc.h> #include <linux/videodev2.h> #include <linux/vmalloc.h> @@ -2232,6 +2233,9 @@ static int uvc_probe(struct usb_interface *intf, goto error; } + if (dev->quirks & UVC_QUIRK_FORCE_RESUME) + udev->quirks &= ~USB_QUIRK_RESET_RESUME; + uvc_dbg(dev, PROBE, "UVC device initialized\n"); usb_enable_autosuspend(udev); return 0; @@ -2574,6 +2578,33 @@ static const struct usb_device_id uvc_ids[] = { .bInterfaceSubClass = 1, .bInterfaceProtocol = 0, .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_RESTORE_CTRLS_ON_INIT) }, + /* Logitech Rally Bar Huddle */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x087c, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, + /* Logitech Rally Bar */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x089b, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, + /* Logitech Rally Bar Mini */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x08d3, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, /* Chicony CNF7129 (Asus EEE 100HE) */ { .match_flags = USB_DEVICE_ID_MATCH_DEVICE | USB_DEVICE_ID_MATCH_INT_INFO, diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 6fb0a78b1b009..fa59a21d2a289 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -73,6 +73,7 @@ #define UVC_QUIRK_FORCE_Y8 0x00000800 #define UVC_QUIRK_FORCE_BPP 0x00001000 #define UVC_QUIRK_WAKE_AUTOSUSPEND 0x00002000 +#define UVC_QUIRK_FORCE_RESUME 0x00004000 /* Format flags */ #define UVC_FMT_FLAG_COMPRESSED 0x00000001 --- base-commit: c0f65a7c112b3cfa691cead54bcf24d6cc2182b5 change-id: 20231222-rallybar-19ce0c64d5e6 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 year, 5 months

1
0
0 0

Re: Kernel Trace in recent 6.1.8n kernels

by Randy Dunlap

[+ stable & scsi] On 4/3/24 3:49 PM, Tim Tassonis wrote: > Hi all > > Maybe this is the wrong list, as it probably only affects the 6.1.8n LTS kernel releases. > > > I noticed that since 6.1.80 or so, all my boxes print a trace when rebooting or halting, right at the end. It starts with drivers/scsi/scsi_lib.c > > As everything seems already done by then, there is no "real" problem occuring, but maybe someone knows why this suddenly started to happen. > > > With qemu and the serial options, I managed to get the actual trace in text: > > Unmounting all other currently mounted file systems...[ 58.632670] EXT4-fs (sda1): re-mounted. Quota mode: none. > * [ OK ] > [ 58.684029] EXT4-fs (sda1): re-mounted. Quota mode: none. > * Bringing down the loopback interface... [ OK ] > [ 58.809326] ------------[ cut here ]------------ > [ 58.813524] WARNING: CPU: 0 PID: 2755 at drivers/scsi/scsi_lib.c:214 scsi_execute_cmd+0x3b/0x2b0 > [ 58.828052] Modules linked in: cfg80211 8021q garp mrp stp ipv6 crc_ccitt joydev hid_generic usbhid snd_seq_midi snd_seq_midi_event psmouse ppdev serio_raw atkbd libps2 vivaldi_fmap uhci_hcd ehci_pci ehci_hcd snd_ens1370 bochs drm_vram_helper snd_rawmidi usbcore drm_ttm_helper sr_mod usb_common snd_pcm cdrom e1000 i2c_piix4 ttm pcspkr gameport pata_acpi parport_pc parport i8042 qemu_fw_cfg serio rtc_cmos floppy snd_seq snd_seq_device snd_timer snd soundcore fuse > [ 58.873677] CPU: 0 PID: 2755 Comm: halt Not tainted 6.1.84 #1 > [ 58.876424] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 > [ 58.884106] RIP: 0010:scsi_execute_cmd+0x3b/0x2b0 > [ 58.885558] Code: 89 cc 55 44 89 c5 53 48 83 ec 10 4c 8b 74 24 50 48 89 0c 24 4d 85 f6 0f 84 44 02 00 00 49 83 3e 00 74 21 41 83 7e 08 60 74 1a <0f> 0b b8 ea ff ff ff 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 > [ 58.891998] RSP: 0018:ffffc90000153d98 EFLAGS: 00010287 > [ 58.893500] RAX: ffffc90000153df8 RBX: ffff888003d22000 RCX: 0000000000000000 > [ 58.895480] RDX: 0000000000000022 RSI: 0000000000000022 RDI: ffff888003d22000 > [ 58.897583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000002710 > [ 58.900276] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000002710 > [ 58.902209] R13: ffff888003d22000 R14: ffffc90000153df8 R15: ffffc90000153e28 > [ 58.904084] FS: 00007f097a95b680(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 > [ 58.906285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 58.907451] CR2: 00007f097a8f5431 CR3: 000000000406e000 CR4: 00000000000006f0 > [ 58.908928] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 58.910326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > [ 58.911770] Call Trace: > [ 58.912438] <TASK> > [ 58.912977] ? __warn+0x78/0xd0 > [ 58.913751] ? scsi_execute_cmd+0x3b/0x2b0 > [ 58.914757] ? report_bug+0xe6/0x170 > [ 58.916267] ? handle_bug+0x3c/0x70 > [ 58.917020] ? exc_invalid_op+0x13/0x60 > [ 58.917807] ? asm_exc_invalid_op+0x16/0x20 > [ 58.918675] ? scsi_execute_cmd+0x3b/0x2b0 > [ 58.919524] ata_cmd_ioctl+0x112/0x2b0 > [ 58.920435] blkdev_ioctl+0x12e/0x260 > [ 58.921322] __x64_sys_ioctl+0x8b/0xc0 > [ 58.922115] do_syscall_64+0x42/0x90 > [ 58.922953] entry_SYSCALL_64_after_hwframe+0x64/0xce > [ 58.924002] RIP: 0033:0x7f097a87616b > [ 58.924748] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 > [ 58.928687] RSP: 002b:00007fff1e70b5b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > [ 58.930465] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f097a87616b > [ 58.932545] RDX: 00007fff1e70b614 RSI: 000000000000031f RDI: 0000000000000004 > [ 58.933964] RBP: 0000000000000000 R08: 0000000000000073 R09: 0000558c7857a343 > [ 58.935349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020 > [ 58.936727] R13: 0000558c77faf088 R14: 0000000000000001 R15: 0000000000000000 > [ 58.938165] </TASK> > [ 58.938617] ---[ end trace 0000000000000000 ]--- > [ 58.940450] sd 0:0:0:0: [sda] Synchronizing SCSI cache > [ 58.941662] sd 0:0:0:0: [sda] Stopping disk > [ 58.971754] ACPI: PM: Preparing to enter system sleep state S5 > [ 58.973005] reboot: Power down > > > Bye > Tim > -- #Randy

1 year, 5 months

1
0
0 0

[PATCH v2 0/2] gpio: cdev: label sanitization fixes

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> This series fixes a couple of bugs in the sanitization of labels being passed to irq. Patch 1 fixes the case where userspace provides empty labels. Patch 2 fixes a missed path in the sanitization changes that can result in memory corruption. v1 -> v2: - switched the order of the patches in order to avoid introducing buggy code in one just to fix it in the second Bartosz Golaszewski (1): gpio: cdev: check for NULL labels when sanitizing them for irqs Kent Gibson (1): gpio: cdev: fix missed label sanitizing in debounce_setup() drivers/gpio/gpiolib-cdev.c | 46 +++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 15 deletions(-) -- 2.40.1

1 year, 5 months

2
6
0 0

[PATCH net v3] net: usb: ax88179_178a: avoid the interface always configured as random address

by Jose Ignacio Tornos Martinez

After the commit d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets"), reset is not executed from bind operation and mac address is not read from the device registers or the devicetree at that moment. Since the check to configure if the assigned mac address is random or not for the interface, happens after the bind operation from usbnet_probe, the interface keeps configured as random address, although the address is correctly read and set during open operation (the only reset now). In order to keep only one reset for the device and to avoid the interface always configured as random address, after reset, configure correctly the suitable field from the driver, if the mac address is read successfully from the device registers or the devicetree. cc: stable(a)vger.kernel.org # 6.6+ Fixes: d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets") Reported-by: Dave Stevenson <dave.stevenson(a)raspberrypi.com> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- v3: - Send the patch separately to net. v2: - Split the fix and the improvement in two patches as Simon Horman suggests. v1: https://lore.kernel.org/netdev/20240325173155.671807-1-jtornosm@redhat.com/ drivers/net/usb/ax88179_178a.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c index 88e084534853..8ca8ace93d9c 100644 --- a/drivers/net/usb/ax88179_178a.c +++ b/drivers/net/usb/ax88179_178a.c @@ -1273,6 +1273,7 @@ static void ax88179_get_mac_addr(struct usbnet *dev) if (is_valid_ether_addr(mac)) { eth_hw_addr_set(dev->net, mac); + dev->net->addr_assign_type = NET_ADDR_PERM; } else { netdev_info(dev->net, "invalid MAC address, using random\n"); eth_hw_addr_random(dev->net); -- 2.44.0

1 year, 5 months

4
6
0 0

[PATCH v2] selftests/ftrace: Limit length in subsystem-enable tests

by Yuanhe Shu

While sched* events being traced and sched* events continuously happen, "[xx] event tracing - enable/disable with subsystem level files" would not stop as on some slower systems it seems to take forever. Select the first 100 lines of output would be enough to judge whether there are more than 3 types of sched events. Fixes: 815b18ea66d6 ("ftracetest: Add basic event tracing test cases") Cc: stable(a)vger.kernel.org Signed-off-by: Yuanhe Shu <xiangzao(a)linux.alibaba.com> --- .../selftests/ftrace/test.d/event/subsystem-enable.tc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc b/tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc index b1ede6249866..b7c8f29c09a9 100644 --- a/tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc +++ b/tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc @@ -18,7 +18,7 @@ echo 'sched:*' > set_event yield -count=`cat trace | grep -v ^# | awk '{ print $5 }' | sort -u | wc -l` +count=`head -n 100 trace | grep -v ^# | awk '{ print $5 }' | sort -u | wc -l` if [ $count -lt 3 ]; then fail "at least fork, exec and exit events should be recorded" fi @@ -29,7 +29,7 @@ echo 1 > events/sched/enable yield -count=`cat trace | grep -v ^# | awk '{ print $5 }' | sort -u | wc -l` +count=`head -n 100 trace | grep -v ^# | awk '{ print $5 }' | sort -u | wc -l` if [ $count -lt 3 ]; then fail "at least fork, exec and exit events should be recorded" fi @@ -40,7 +40,7 @@ echo 0 > events/sched/enable yield -count=`cat trace | grep -v ^# | awk '{ print $5 }' | sort -u | wc -l` +count=`head -n 100 trace | grep -v ^# | awk '{ print $5 }' | sort -u | wc -l` if [ $count -ne 0 ]; then fail "any of scheduler events should not be recorded" fi -- 2.39.3

1 year, 5 months

4
3
0 0

FAILED: patch "[PATCH] mm, vmscan: prevent infinite loop for costly GFP_NOIO |" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 803de9000f334b771afacb6ff3e78622916668b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024032730-triceps-mustang-3ced@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 803de9000f33 ("mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations") f98a497e1f16 ("mm: compaction: remove unnecessary is_via_compact_memory() checks") e8606320e9af ("mm: compaction: refactor __compaction_suitable()") fe573327ffb1 ("tracing: incorrect gfp_t conversion") cff387d6a294 ("mm: compaction: make compaction_zonelist_suitable return false when COMPACT_SUCCESS") 9353ffa6e9e9 ("kasan, page_alloc: allow skipping memory init for HW_TAGS") 53ae233c30a6 ("kasan, page_alloc: allow skipping unpoisoning for HW_TAGS") f49d9c5bb15c ("kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS") e9d0ca922816 ("kasan, page_alloc: rework kasan_unpoison_pages call site") 7e3cbba65de2 ("kasan, page_alloc: move kernel_init_free_pages in post_alloc_hook") 89b271163328 ("kasan, page_alloc: move SetPageSkipKASanPoison in post_alloc_hook") 9294b1281d0a ("kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook") b42090ae6f3a ("kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook") b8491b9052fe ("kasan, page_alloc: refactor init checks in post_alloc_hook") 1c0e5b24f117 ("kasan: only apply __GFP_ZEROTAGS when memory is zeroed") c82ce3195fd1 ("mm: clarify __GFP_ZEROTAGS comment") 7c13c163e036 ("kasan, page_alloc: merge kasan_free_pages into free_pages_prepare") 5b2c07138cbd ("kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages") 94ae8b83fefc ("kasan, page_alloc: deduplicate should_skip_kasan_poison") 3bf03b9a0839 ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 803de9000f334b771afacb6ff3e78622916668b0 Mon Sep 17 00:00:00 2001 From: Vlastimil Babka <vbabka(a)suse.cz> Date: Wed, 21 Feb 2024 12:43:58 +0100 Subject: [PATCH] mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Sven reports an infinite loop in __alloc_pages_slowpath() for costly order __GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination can happen in a suspend/resume context where a GFP_KERNEL allocation can have __GFP_IO masked out via gfp_allowed_mask. Quoting Sven: 1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER) with __GFP_RETRY_MAYFAIL set. 2. page alloc's __alloc_pages_slowpath tries to get a page from the freelist. This fails because there is nothing free of that costly order. 3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim, which bails out because a zone is ready to be compacted; it pretends to have made a single page of progress. 4. page alloc tries to compact, but this always bails out early because __GFP_IO is not set (it's not passed by the snd allocator, and even if it were, we are suspending so the __GFP_IO flag would be cleared anyway). 5. page alloc believes reclaim progress was made (because of the pretense in item 3) and so it checks whether it should retry compaction. The compaction retry logic thinks it should try again, because: a) reclaim is needed because of the early bail-out in item 4 b) a zonelist is suitable for compaction 6. goto 2. indefinite stall. (end quote) The immediate root cause is confusing the COMPACT_SKIPPED returned from __alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be indicating a lack of order-0 pages, and in step 5 evaluating that in should_compact_retry() as a reason to retry, before incrementing and limiting the number of retries. There are however other places that wrongly assume that compaction can happen while we lack __GFP_IO. To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO evaluation and switch the open-coded test in try_to_compact_pages() to use it. Also use the new helper in: - compaction_ready(), which will make reclaim not bail out in step 3, so there's at least one attempt to actually reclaim, even if chances are small for a costly order - in_reclaim_compaction() which will make should_continue_reclaim() return false and we don't over-reclaim unnecessarily - in __alloc_pages_slowpath() to set a local variable can_compact, which is then used to avoid retrying reclaim/compaction for costly allocations (step 5) if we can't compact and also to skip the early compaction attempt that we do in some cases Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Sven van Ashbrook <svenva(a)chromium.org> Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBz… Tested-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Cc: Jaroslav Kysela <perex(a)perex.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Takashi Iwai <tiwai(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/gfp.h b/include/linux/gfp.h index de292a007138..e2a916cf29c4 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -353,6 +353,15 @@ static inline bool gfp_has_io_fs(gfp_t gfp) return (gfp & (__GFP_IO | __GFP_FS)) == (__GFP_IO | __GFP_FS); } +/* + * Check if the gfp flags allow compaction - GFP_NOIO is a really + * tricky context because the migration might require IO. + */ +static inline bool gfp_compaction_allowed(gfp_t gfp_mask) +{ + return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO); +} + extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma); #ifdef CONFIG_CONTIG_ALLOC diff --git a/mm/compaction.c b/mm/compaction.c index 4add68d40e8d..b961db601df4 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -2723,16 +2723,11 @@ enum compact_result try_to_compact_pages(gfp_t gfp_mask, unsigned int order, unsigned int alloc_flags, const struct alloc_context *ac, enum compact_priority prio, struct page **capture) { - int may_perform_io = (__force int)(gfp_mask & __GFP_IO); struct zoneref *z; struct zone *zone; enum compact_result rc = COMPACT_SKIPPED; - /* - * Check if the GFP flags allow compaction - GFP_NOIO is really - * tricky context because the migration might require IO - */ - if (!may_perform_io) + if (!gfp_compaction_allowed(gfp_mask)) return COMPACT_SKIPPED; trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio); diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 150d4f23b010..a663202045dc 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4041,6 +4041,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, struct alloc_context *ac) { bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM; + bool can_compact = gfp_compaction_allowed(gfp_mask); const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER; struct page *page = NULL; unsigned int alloc_flags; @@ -4111,7 +4112,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * Don't try this for allocations that are allowed to ignore * watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen. */ - if (can_direct_reclaim && + if (can_direct_reclaim && can_compact && (costly_order || (order > 0 && ac->migratetype != MIGRATE_MOVABLE)) && !gfp_pfmemalloc_allowed(gfp_mask)) { @@ -4209,9 +4210,10 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, /* * Do not retry costly high order allocations unless they are - * __GFP_RETRY_MAYFAIL + * __GFP_RETRY_MAYFAIL and we can compact */ - if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL)) + if (costly_order && (!can_compact || + !(gfp_mask & __GFP_RETRY_MAYFAIL))) goto nopage; if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, @@ -4224,7 +4226,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * implementation of the compaction depends on the sufficient amount * of free memory (see __compaction_suitable) */ - if (did_some_progress > 0 && + if (did_some_progress > 0 && can_compact && should_compact_retry(ac, order, alloc_flags, compact_result, &compact_priority, &compaction_retries)) diff --git a/mm/vmscan.c b/mm/vmscan.c index 4f9c854ce6cc..4255619a1a31 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5753,7 +5753,7 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc) /* Use reclaim/compaction for costly allocs or under memory pressure */ static bool in_reclaim_compaction(struct scan_control *sc) { - if (IS_ENABLED(CONFIG_COMPACTION) && sc->order && + if (gfp_compaction_allowed(sc->gfp_mask) && sc->order && (sc->order > PAGE_ALLOC_COSTLY_ORDER || sc->priority < DEF_PRIORITY - 2)) return true; @@ -5998,6 +5998,9 @@ static inline bool compaction_ready(struct zone *zone, struct scan_control *sc) { unsigned long watermark; + if (!gfp_compaction_allowed(sc->gfp_mask)) + return false; + /* Allocation can already succeed, nothing to do */ if (zone_watermark_ok(zone, sc->order, min_wmark_pages(zone), sc->reclaim_idx, 0))

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] mm, vmscan: prevent infinite loop for costly GFP_NOIO |" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 803de9000f334b771afacb6ff3e78622916668b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024032727-pastel-sincerity-a986@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 803de9000f33 ("mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations") f98a497e1f16 ("mm: compaction: remove unnecessary is_via_compact_memory() checks") e8606320e9af ("mm: compaction: refactor __compaction_suitable()") fe573327ffb1 ("tracing: incorrect gfp_t conversion") cff387d6a294 ("mm: compaction: make compaction_zonelist_suitable return false when COMPACT_SUCCESS") 9353ffa6e9e9 ("kasan, page_alloc: allow skipping memory init for HW_TAGS") 53ae233c30a6 ("kasan, page_alloc: allow skipping unpoisoning for HW_TAGS") f49d9c5bb15c ("kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS") e9d0ca922816 ("kasan, page_alloc: rework kasan_unpoison_pages call site") 7e3cbba65de2 ("kasan, page_alloc: move kernel_init_free_pages in post_alloc_hook") 89b271163328 ("kasan, page_alloc: move SetPageSkipKASanPoison in post_alloc_hook") 9294b1281d0a ("kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook") b42090ae6f3a ("kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook") b8491b9052fe ("kasan, page_alloc: refactor init checks in post_alloc_hook") 1c0e5b24f117 ("kasan: only apply __GFP_ZEROTAGS when memory is zeroed") c82ce3195fd1 ("mm: clarify __GFP_ZEROTAGS comment") 7c13c163e036 ("kasan, page_alloc: merge kasan_free_pages into free_pages_prepare") 5b2c07138cbd ("kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages") 94ae8b83fefc ("kasan, page_alloc: deduplicate should_skip_kasan_poison") 3bf03b9a0839 ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 803de9000f334b771afacb6ff3e78622916668b0 Mon Sep 17 00:00:00 2001 From: Vlastimil Babka <vbabka(a)suse.cz> Date: Wed, 21 Feb 2024 12:43:58 +0100 Subject: [PATCH] mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Sven reports an infinite loop in __alloc_pages_slowpath() for costly order __GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination can happen in a suspend/resume context where a GFP_KERNEL allocation can have __GFP_IO masked out via gfp_allowed_mask. Quoting Sven: 1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER) with __GFP_RETRY_MAYFAIL set. 2. page alloc's __alloc_pages_slowpath tries to get a page from the freelist. This fails because there is nothing free of that costly order. 3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim, which bails out because a zone is ready to be compacted; it pretends to have made a single page of progress. 4. page alloc tries to compact, but this always bails out early because __GFP_IO is not set (it's not passed by the snd allocator, and even if it were, we are suspending so the __GFP_IO flag would be cleared anyway). 5. page alloc believes reclaim progress was made (because of the pretense in item 3) and so it checks whether it should retry compaction. The compaction retry logic thinks it should try again, because: a) reclaim is needed because of the early bail-out in item 4 b) a zonelist is suitable for compaction 6. goto 2. indefinite stall. (end quote) The immediate root cause is confusing the COMPACT_SKIPPED returned from __alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be indicating a lack of order-0 pages, and in step 5 evaluating that in should_compact_retry() as a reason to retry, before incrementing and limiting the number of retries. There are however other places that wrongly assume that compaction can happen while we lack __GFP_IO. To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO evaluation and switch the open-coded test in try_to_compact_pages() to use it. Also use the new helper in: - compaction_ready(), which will make reclaim not bail out in step 3, so there's at least one attempt to actually reclaim, even if chances are small for a costly order - in_reclaim_compaction() which will make should_continue_reclaim() return false and we don't over-reclaim unnecessarily - in __alloc_pages_slowpath() to set a local variable can_compact, which is then used to avoid retrying reclaim/compaction for costly allocations (step 5) if we can't compact and also to skip the early compaction attempt that we do in some cases Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Sven van Ashbrook <svenva(a)chromium.org> Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBz… Tested-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Cc: Jaroslav Kysela <perex(a)perex.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Takashi Iwai <tiwai(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/gfp.h b/include/linux/gfp.h index de292a007138..e2a916cf29c4 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -353,6 +353,15 @@ static inline bool gfp_has_io_fs(gfp_t gfp) return (gfp & (__GFP_IO | __GFP_FS)) == (__GFP_IO | __GFP_FS); } +/* + * Check if the gfp flags allow compaction - GFP_NOIO is a really + * tricky context because the migration might require IO. + */ +static inline bool gfp_compaction_allowed(gfp_t gfp_mask) +{ + return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO); +} + extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma); #ifdef CONFIG_CONTIG_ALLOC diff --git a/mm/compaction.c b/mm/compaction.c index 4add68d40e8d..b961db601df4 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -2723,16 +2723,11 @@ enum compact_result try_to_compact_pages(gfp_t gfp_mask, unsigned int order, unsigned int alloc_flags, const struct alloc_context *ac, enum compact_priority prio, struct page **capture) { - int may_perform_io = (__force int)(gfp_mask & __GFP_IO); struct zoneref *z; struct zone *zone; enum compact_result rc = COMPACT_SKIPPED; - /* - * Check if the GFP flags allow compaction - GFP_NOIO is really - * tricky context because the migration might require IO - */ - if (!may_perform_io) + if (!gfp_compaction_allowed(gfp_mask)) return COMPACT_SKIPPED; trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio); diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 150d4f23b010..a663202045dc 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4041,6 +4041,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, struct alloc_context *ac) { bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM; + bool can_compact = gfp_compaction_allowed(gfp_mask); const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER; struct page *page = NULL; unsigned int alloc_flags; @@ -4111,7 +4112,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * Don't try this for allocations that are allowed to ignore * watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen. */ - if (can_direct_reclaim && + if (can_direct_reclaim && can_compact && (costly_order || (order > 0 && ac->migratetype != MIGRATE_MOVABLE)) && !gfp_pfmemalloc_allowed(gfp_mask)) { @@ -4209,9 +4210,10 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, /* * Do not retry costly high order allocations unless they are - * __GFP_RETRY_MAYFAIL + * __GFP_RETRY_MAYFAIL and we can compact */ - if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL)) + if (costly_order && (!can_compact || + !(gfp_mask & __GFP_RETRY_MAYFAIL))) goto nopage; if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, @@ -4224,7 +4226,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * implementation of the compaction depends on the sufficient amount * of free memory (see __compaction_suitable) */ - if (did_some_progress > 0 && + if (did_some_progress > 0 && can_compact && should_compact_retry(ac, order, alloc_flags, compact_result, &compact_priority, &compaction_retries)) diff --git a/mm/vmscan.c b/mm/vmscan.c index 4f9c854ce6cc..4255619a1a31 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5753,7 +5753,7 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc) /* Use reclaim/compaction for costly allocs or under memory pressure */ static bool in_reclaim_compaction(struct scan_control *sc) { - if (IS_ENABLED(CONFIG_COMPACTION) && sc->order && + if (gfp_compaction_allowed(sc->gfp_mask) && sc->order && (sc->order > PAGE_ALLOC_COSTLY_ORDER || sc->priority < DEF_PRIORITY - 2)) return true; @@ -5998,6 +5998,9 @@ static inline bool compaction_ready(struct zone *zone, struct scan_control *sc) { unsigned long watermark; + if (!gfp_compaction_allowed(sc->gfp_mask)) + return false; + /* Allocation can already succeed, nothing to do */ if (zone_watermark_ok(zone, sc->order, min_wmark_pages(zone), sc->reclaim_idx, 0))

1 year, 5 months

2
3
0 0

FAILED: patch "[PATCH] mm, vmscan: prevent infinite loop for costly GFP_NOIO |" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 803de9000f334b771afacb6ff3e78622916668b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024032725-amigo-dental-d3bd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 803de9000f33 ("mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations") f98a497e1f16 ("mm: compaction: remove unnecessary is_via_compact_memory() checks") e8606320e9af ("mm: compaction: refactor __compaction_suitable()") fe573327ffb1 ("tracing: incorrect gfp_t conversion") cff387d6a294 ("mm: compaction: make compaction_zonelist_suitable return false when COMPACT_SUCCESS") 9353ffa6e9e9 ("kasan, page_alloc: allow skipping memory init for HW_TAGS") 53ae233c30a6 ("kasan, page_alloc: allow skipping unpoisoning for HW_TAGS") f49d9c5bb15c ("kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS") e9d0ca922816 ("kasan, page_alloc: rework kasan_unpoison_pages call site") 7e3cbba65de2 ("kasan, page_alloc: move kernel_init_free_pages in post_alloc_hook") 89b271163328 ("kasan, page_alloc: move SetPageSkipKASanPoison in post_alloc_hook") 9294b1281d0a ("kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook") b42090ae6f3a ("kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook") b8491b9052fe ("kasan, page_alloc: refactor init checks in post_alloc_hook") 1c0e5b24f117 ("kasan: only apply __GFP_ZEROTAGS when memory is zeroed") c82ce3195fd1 ("mm: clarify __GFP_ZEROTAGS comment") 7c13c163e036 ("kasan, page_alloc: merge kasan_free_pages into free_pages_prepare") 5b2c07138cbd ("kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages") 94ae8b83fefc ("kasan, page_alloc: deduplicate should_skip_kasan_poison") 3bf03b9a0839 ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 803de9000f334b771afacb6ff3e78622916668b0 Mon Sep 17 00:00:00 2001 From: Vlastimil Babka <vbabka(a)suse.cz> Date: Wed, 21 Feb 2024 12:43:58 +0100 Subject: [PATCH] mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Sven reports an infinite loop in __alloc_pages_slowpath() for costly order __GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination can happen in a suspend/resume context where a GFP_KERNEL allocation can have __GFP_IO masked out via gfp_allowed_mask. Quoting Sven: 1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER) with __GFP_RETRY_MAYFAIL set. 2. page alloc's __alloc_pages_slowpath tries to get a page from the freelist. This fails because there is nothing free of that costly order. 3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim, which bails out because a zone is ready to be compacted; it pretends to have made a single page of progress. 4. page alloc tries to compact, but this always bails out early because __GFP_IO is not set (it's not passed by the snd allocator, and even if it were, we are suspending so the __GFP_IO flag would be cleared anyway). 5. page alloc believes reclaim progress was made (because of the pretense in item 3) and so it checks whether it should retry compaction. The compaction retry logic thinks it should try again, because: a) reclaim is needed because of the early bail-out in item 4 b) a zonelist is suitable for compaction 6. goto 2. indefinite stall. (end quote) The immediate root cause is confusing the COMPACT_SKIPPED returned from __alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be indicating a lack of order-0 pages, and in step 5 evaluating that in should_compact_retry() as a reason to retry, before incrementing and limiting the number of retries. There are however other places that wrongly assume that compaction can happen while we lack __GFP_IO. To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO evaluation and switch the open-coded test in try_to_compact_pages() to use it. Also use the new helper in: - compaction_ready(), which will make reclaim not bail out in step 3, so there's at least one attempt to actually reclaim, even if chances are small for a costly order - in_reclaim_compaction() which will make should_continue_reclaim() return false and we don't over-reclaim unnecessarily - in __alloc_pages_slowpath() to set a local variable can_compact, which is then used to avoid retrying reclaim/compaction for costly allocations (step 5) if we can't compact and also to skip the early compaction attempt that we do in some cases Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Sven van Ashbrook <svenva(a)chromium.org> Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBz… Tested-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Curtis Malainey <cujomalainey(a)chromium.org> Cc: Jaroslav Kysela <perex(a)perex.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Takashi Iwai <tiwai(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/gfp.h b/include/linux/gfp.h index de292a007138..e2a916cf29c4 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -353,6 +353,15 @@ static inline bool gfp_has_io_fs(gfp_t gfp) return (gfp & (__GFP_IO | __GFP_FS)) == (__GFP_IO | __GFP_FS); } +/* + * Check if the gfp flags allow compaction - GFP_NOIO is a really + * tricky context because the migration might require IO. + */ +static inline bool gfp_compaction_allowed(gfp_t gfp_mask) +{ + return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO); +} + extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma); #ifdef CONFIG_CONTIG_ALLOC diff --git a/mm/compaction.c b/mm/compaction.c index 4add68d40e8d..b961db601df4 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -2723,16 +2723,11 @@ enum compact_result try_to_compact_pages(gfp_t gfp_mask, unsigned int order, unsigned int alloc_flags, const struct alloc_context *ac, enum compact_priority prio, struct page **capture) { - int may_perform_io = (__force int)(gfp_mask & __GFP_IO); struct zoneref *z; struct zone *zone; enum compact_result rc = COMPACT_SKIPPED; - /* - * Check if the GFP flags allow compaction - GFP_NOIO is really - * tricky context because the migration might require IO - */ - if (!may_perform_io) + if (!gfp_compaction_allowed(gfp_mask)) return COMPACT_SKIPPED; trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio); diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 150d4f23b010..a663202045dc 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4041,6 +4041,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, struct alloc_context *ac) { bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM; + bool can_compact = gfp_compaction_allowed(gfp_mask); const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER; struct page *page = NULL; unsigned int alloc_flags; @@ -4111,7 +4112,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * Don't try this for allocations that are allowed to ignore * watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen. */ - if (can_direct_reclaim && + if (can_direct_reclaim && can_compact && (costly_order || (order > 0 && ac->migratetype != MIGRATE_MOVABLE)) && !gfp_pfmemalloc_allowed(gfp_mask)) { @@ -4209,9 +4210,10 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, /* * Do not retry costly high order allocations unless they are - * __GFP_RETRY_MAYFAIL + * __GFP_RETRY_MAYFAIL and we can compact */ - if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL)) + if (costly_order && (!can_compact || + !(gfp_mask & __GFP_RETRY_MAYFAIL))) goto nopage; if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, @@ -4224,7 +4226,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * implementation of the compaction depends on the sufficient amount * of free memory (see __compaction_suitable) */ - if (did_some_progress > 0 && + if (did_some_progress > 0 && can_compact && should_compact_retry(ac, order, alloc_flags, compact_result, &compact_priority, &compaction_retries)) diff --git a/mm/vmscan.c b/mm/vmscan.c index 4f9c854ce6cc..4255619a1a31 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5753,7 +5753,7 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc) /* Use reclaim/compaction for costly allocs or under memory pressure */ static bool in_reclaim_compaction(struct scan_control *sc) { - if (IS_ENABLED(CONFIG_COMPACTION) && sc->order && + if (gfp_compaction_allowed(sc->gfp_mask) && sc->order && (sc->order > PAGE_ALLOC_COSTLY_ORDER || sc->priority < DEF_PRIORITY - 2)) return true; @@ -5998,6 +5998,9 @@ static inline bool compaction_ready(struct zone *zone, struct scan_control *sc) { unsigned long watermark; + if (!gfp_compaction_allowed(sc->gfp_mask)) + return false; + /* Allocation can already succeed, nothing to do */ if (zone_watermark_ok(zone, sc->order, min_wmark_pages(zone), sc->reclaim_idx, 0))

1 year, 5 months

2
1
0 0

[PATCH 3/7] drm/udl: Remove DRM_CONNECTOR_POLL_HPD

by Thomas Zimmermann

DisplayLink devices do not generate hotplug events. Remove the poll flag DRM_CONNECTOR_POLL_HPD, as it may not be specified together with DRM_CONNECTOR_POLL_CONNECT or DRM_CONNECTOR_POLL_DISCONNECT. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: afdfc4c6f55f ("drm/udl: Fixed problem with UDL adpater reconnection") Cc: Robert Tarasov <tutankhamen(a)chromium.org> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Sean Paul <sean(a)poorly.run> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.15+ --- drivers/gpu/drm/udl/udl_modeset.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/udl/udl_modeset.c b/drivers/gpu/drm/udl/udl_modeset.c index 7702359c90c22..751da3a294c44 100644 --- a/drivers/gpu/drm/udl/udl_modeset.c +++ b/drivers/gpu/drm/udl/udl_modeset.c @@ -527,8 +527,7 @@ struct drm_connector *udl_connector_init(struct drm_device *dev) drm_connector_helper_add(connector, &udl_connector_helper_funcs); - connector->polled = DRM_CONNECTOR_POLL_HPD | - DRM_CONNECTOR_POLL_CONNECT | + connector->polled = DRM_CONNECTOR_POLL_CONNECT | DRM_CONNECTOR_POLL_DISCONNECT; return connector; -- 2.44.0

1 year, 5 months

1
0
0 0

[v5.15 Regression] block: rename GENHD_FL_NO_PART_SCAN to GENHD_FL_NO_PART

by Joseph Salisbury

Hi Christoph, A kernel bug report was opened against Ubuntu [0]. This bug is a regression introduced in mainline version v5.17-rc1 and made it's way into v5.15 stable updates. The following commit was identified as the cause of the regression in 5.15: c6ce1c5dd327 ("block: rename GENHD_FL_NO_PART_SCAN to GENHD_FL_NO_PART") I was hoping to get your feedback, since you are the patch author. Is the best approach to revert this commit, since many third parties rely on the name being GENHD_FL_NO_PART_SCAN in kernel headers? Is there a specific need that you know of that requires this commit in the 5.15 and earlier stable kernels? Thanks, Joe [0] http://pad.lv/2053101

1 year, 5 months

3
7
0 0

[PATCH v2] usb: typec: tcpm: Correct the PDO counting in pd_set

by Kyle Tso

Off-by-one errors happen because nr_snk_pdo and nr_src_pdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it doesn't need to be added one. When doing the power negotiation, TCPM relies on the "nr_snk_pdo" as the size of the local sink PDO array to match the Source capabilities of the partner port. If the off-by-one overflow occurs, a wrong RDO might be sent and unexpected power transfer might happen such as over voltage or over current (than expected). "nr_src_pdo" is used to set the Rp level when the port is in Source role. It is also the array size of the local Source capabilities when filling up the buffer which will be sent as the Source PDOs (such as in Power Negotiation). If the off-by-one overflow occurs, a wrong Rp level might be set and wrong Source PDOs will be sent to the partner port. This could potentially cause over current or port resets. Fixes: cd099cde4ed2 ("usb: typec: tcpm: Support multiple capabilities") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> --- v1 -> v2: - update the commit message (adding the problems this patch solves) drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ae2b6c94482d..2464710ea0c8 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -6855,14 +6855,14 @@ static int tcpm_pd_set(struct typec_port *p, struct usb_power_delivery *pd) if (data->sink_desc.pdo[0]) { for (i = 0; i < PDO_MAX_OBJECTS && data->sink_desc.pdo[i]; i++) port->snk_pdo[i] = data->sink_desc.pdo[i]; - port->nr_snk_pdo = i + 1; + port->nr_snk_pdo = i; port->operating_snk_mw = data->operating_snk_mw; } if (data->source_desc.pdo[0]) { for (i = 0; i < PDO_MAX_OBJECTS && data->source_desc.pdo[i]; i++) port->snk_pdo[i] = data->source_desc.pdo[i]; - port->nr_src_pdo = i + 1; + port->nr_src_pdo = i; } switch (port->state) { -- 2.44.0.396.g6e790dbe36-goog

1 year, 5 months

3
3
0 0

[PATCH v3] usb: typec: tcpm: Correct the PDO counting in pd_set

by Kyle Tso

Off-by-one errors happen because nr_snk_pdo and nr_src_pdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it doesn't need to be added one. When doing the power negotiation, TCPM relies on the "nr_snk_pdo" as the size of the local sink PDO array to match the Source capabilities of the partner port. If the off-by-one overflow occurs, a wrong RDO might be sent and unexpected power transfer might happen such as over voltage or over current (than expected). "nr_src_pdo" is used to set the Rp level when the port is in Source role. It is also the array size of the local Source capabilities when filling up the buffer which will be sent as the Source PDOs (such as in Power Negotiation). If the off-by-one overflow occurs, a wrong Rp level might be set and wrong Source PDOs will be sent to the partner port. This could potentially cause over current or port resets. Fixes: cd099cde4ed2 ("usb: typec: tcpm: Support multiple capabilities") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- v2 -> v3: - rebase on top of usb-linus branch and fix conflicts - add Reviewed-by tag drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c26fb70c3ec6..ab6ed6111ed0 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -6855,14 +6855,14 @@ static int tcpm_pd_set(struct typec_port *p, struct usb_power_delivery *pd) if (data->sink_desc.pdo[0]) { for (i = 0; i < PDO_MAX_OBJECTS && data->sink_desc.pdo[i]; i++) port->snk_pdo[i] = data->sink_desc.pdo[i]; - port->nr_snk_pdo = i + 1; + port->nr_snk_pdo = i; port->operating_snk_mw = data->operating_snk_mw; } if (data->source_desc.pdo[0]) { for (i = 0; i < PDO_MAX_OBJECTS && data->source_desc.pdo[i]; i++) port->src_pdo[i] = data->source_desc.pdo[i]; - port->nr_src_pdo = i + 1; + port->nr_src_pdo = i; } switch (port->state) { -- 2.44.0.478.gd926399ef9-goog

1 year, 5 months

1
0
0 0

[PATCH 1/2] gpio: cdev: fix missed label sanitizing in debounce_setup()

by Kent Gibson

When adding sanitization of the label, the path through edge_detector_setup() that leads to debounce_setup() was overlooked. A request taking this path does not allocate a new label and the request label is freed twice when the request is released, resulting in memory corruption. Add label sanitization to debounce_setup(). Cc: stable(a)vger.kernel.org Fixes: b34490879baa ("gpio: cdev: sanitize the label before requesting the interrupt") Signed-off-by: Kent Gibson <warthog618(a)gmail.com> --- drivers/gpio/gpiolib-cdev.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index fa9635610251..f4c2da2041e5 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -728,6 +728,16 @@ static u32 line_event_id(int level) GPIO_V2_LINE_EVENT_FALLING_EDGE; } +static inline char *make_irq_label(const char *orig) +{ + return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); +} + +static inline void free_irq_label(const char *label) +{ + kfree(label); +} + #ifdef CONFIG_HTE static enum hte_return process_hw_ts_thread(void *p) @@ -1015,6 +1025,7 @@ static int debounce_setup(struct line *line, unsigned int debounce_period_us) { unsigned long irqflags; int ret, level, irq; + char *label; /* try hardware */ ret = gpiod_set_debounce(line->desc, debounce_period_us); @@ -1037,11 +1048,17 @@ static int debounce_setup(struct line *line, unsigned int debounce_period_us) if (irq < 0) return -ENXIO; + label = make_irq_label(line->req->label); + if (!label) + return -ENOMEM; + irqflags = IRQF_TRIGGER_FALLING | IRQF_TRIGGER_RISING; ret = request_irq(irq, debounce_irq_handler, irqflags, - line->req->label, line); - if (ret) + label, line); + if (ret) { + free_irq_label(label); return ret; + } line->irq = irq; } else { ret = hte_edge_setup(line, GPIO_V2_LINE_FLAG_EDGE_BOTH); @@ -1083,16 +1100,6 @@ static u32 gpio_v2_line_config_debounce_period(struct gpio_v2_line_config *lc, return 0; } -static inline char *make_irq_label(const char *orig) -{ - return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); -} - -static inline void free_irq_label(const char *label) -{ - kfree(label); -} - static void edge_detector_stop(struct line *line) { if (line->irq) { -- 2.39.2

1 year, 5 months

2
3
0 0

[PATCH 1/2] usb: xhci: correct return value in case of STS_HCE

by Mathias Nyman

From: Oliver Neukum <oneukum(a)suse.com> If we get STS_HCE we give up on the interrupt, but for the purpose of IRQ handling that still counts as ours. We may return IRQ_NONE only if we are positive that it wasn't ours. Hence correct the default. Fixes: 2a25e66d676d ("xhci: print warning when HCE was set") Cc: stable(a)vger.kernel.org # v6.2+ Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-ring.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 52278afea94b..575f0fd9c9f1 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -3133,7 +3133,7 @@ static int xhci_handle_events(struct xhci_hcd *xhci, struct xhci_interrupter *ir irqreturn_t xhci_irq(struct usb_hcd *hcd) { struct xhci_hcd *xhci = hcd_to_xhci(hcd); - irqreturn_t ret = IRQ_NONE; + irqreturn_t ret = IRQ_HANDLED; u32 status; spin_lock(&xhci->lock); @@ -3141,12 +3141,13 @@ irqreturn_t xhci_irq(struct usb_hcd *hcd) status = readl(&xhci->op_regs->status); if (status == ~(u32)0) { xhci_hc_died(xhci); - ret = IRQ_HANDLED; goto out; } - if (!(status & STS_EINT)) + if (!(status & STS_EINT)) { + ret = IRQ_NONE; goto out; + } if (status & STS_HCE) { xhci_warn(xhci, "WARNING: Host Controller Error\n"); @@ -3156,7 +3157,6 @@ irqreturn_t xhci_irq(struct usb_hcd *hcd) if (status & STS_FATAL) { xhci_warn(xhci, "WARNING: Host System Error\n"); xhci_halt(xhci); - ret = IRQ_HANDLED; goto out; } @@ -3167,7 +3167,6 @@ irqreturn_t xhci_irq(struct usb_hcd *hcd) */ status |= STS_EINT; writel(status, &xhci->op_regs->status); - ret = IRQ_HANDLED; /* This is the handler of the primary interrupter */ xhci_handle_events(xhci, xhci->interrupters[0]); -- 2.25.1

1 year, 5 months

1
0
0 0

[PATCH v4] x86/coco: Require seeding RNG with RDRAND on CoCo systems

by Jason A. Donenfeld

There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted and may actively work against guests to extract secrets or manipulate computation. Since a malicious host can modify or observe nearly all inputs to guests, the only remaining source of entropy for CoCo guests is RDRAND. If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole is meant to gracefully continue on gathering entropy from other sources, but since there aren't other sources on CoCo, this is catastrophic. This is mostly a concern at boot time when initially seeding the RNG, as after that the consequences of a broken RDRAND are much more theoretical. So, try at boot to seed the RNG using 256 bits of RDRAND output. If this fails, panic(). This will also trigger if the system is booted without RDRAND, as RDRAND is essential for a safe CoCo boot. This patch is deliberately written to be "just a CoCo x86 driver feature" and not part of the RNG itself. Many device drivers and platforms have some desire to contribute something to the RNG, and add_device_randomness() is specifically meant for this purpose. Any driver can call this with seed data of any quality, or even garbage quality, and it can only possibly make the quality of the RNG better or have no effect, but can never make it worse. Rather than trying to build something into the core of the RNG, this patch interprets the particular CoCo issue as just a CoCo issue, and therefore separates this all out into driver (well, arch/platform) code. Cc: Borislav Petkov <bp(a)alien8.de> Cc: Daniel P. Berrangé <berrange(a)redhat.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Reviewed-by: Elena Reshetova <elena.reshetova(a)intel.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> --- Changes v3->v4: - Add stable@ tag and reviewed-by lines. - Add comment for Dave explaining where the "32" comes from. arch/x86/coco/core.c | 40 +++++++++++++++++++++++++++++++++++++ arch/x86/include/asm/coco.h | 2 ++ arch/x86/kernel/setup.c | 2 ++ 3 files changed, 44 insertions(+) diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index eeec9986570e..0e988bff4aec 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -3,13 +3,16 @@ * Confidential Computing Platform Capability checks * * Copyright (C) 2021 Advanced Micro Devices, Inc. + * Copyright (C) 2024 Jason A. Donenfeld <Jason(a)zx2c4.com>. All Rights Reserved. * * Author: Tom Lendacky <thomas.lendacky(a)amd.com> */ #include <linux/export.h> #include <linux/cc_platform.h> +#include <linux/random.h> +#include <asm/archrandom.h> #include <asm/coco.h> #include <asm/processor.h> @@ -153,3 +156,40 @@ __init void cc_set_mask(u64 mask) { cc_mask = mask; } + +__init void cc_random_init(void) +{ + /* + * The seed is 32 bytes (in units of longs), which is 256 bits, which + * is the security level that the RNG is targeting. + */ + unsigned long rng_seed[32 / sizeof(long)]; + size_t i, longs; + + if (cc_vendor == CC_VENDOR_NONE) + return; + + /* + * Since the CoCo threat model includes the host, the only reliable + * source of entropy that can be neither observed nor manipulated is + * RDRAND. Usually, RDRAND failure is considered tolerable, but since + * CoCo guests have no other unobservable source of entropy, it's + * important to at least ensure the RNG gets some initial random seeds. + */ + for (i = 0; i < ARRAY_SIZE(rng_seed); i += longs) { + longs = arch_get_random_longs(&rng_seed[i], ARRAY_SIZE(rng_seed) - i); + + /* + * A zero return value means that the guest doesn't have RDRAND + * or the CPU is physically broken, and in both cases that + * means most crypto inside of the CoCo instance will be + * broken, defeating the purpose of CoCo in the first place. So + * just panic here because it's absolutely unsafe to continue + * executing. + */ + if (longs == 0) + panic("RDRAND is defective."); + } + add_device_randomness(rng_seed, sizeof(rng_seed)); + memzero_explicit(rng_seed, sizeof(rng_seed)); +} diff --git a/arch/x86/include/asm/coco.h b/arch/x86/include/asm/coco.h index 76c310b19b11..e9d059449885 100644 --- a/arch/x86/include/asm/coco.h +++ b/arch/x86/include/asm/coco.h @@ -15,6 +15,7 @@ extern enum cc_vendor cc_vendor; void cc_set_mask(u64 mask); u64 cc_mkenc(u64 val); u64 cc_mkdec(u64 val); +void cc_random_init(void); #else #define cc_vendor (CC_VENDOR_NONE) @@ -27,6 +28,7 @@ static inline u64 cc_mkdec(u64 val) { return val; } +static inline void cc_random_init(void) { } #endif #endif /* _ASM_X86_COCO_H */ diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 84201071dfac..30a653cfc7d2 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -36,6 +36,7 @@ #include <asm/bios_ebda.h> #include <asm/bugs.h> #include <asm/cacheinfo.h> +#include <asm/coco.h> #include <asm/cpu.h> #include <asm/efi.h> #include <asm/gart.h> @@ -994,6 +995,7 @@ void __init setup_arch(char **cmdline_p) * memory size. */ mem_encrypt_setup_arch(); + cc_random_init(); efi_fake_memmap(); efi_find_mirror(); -- 2.43.2

1 year, 5 months

4
9
0 0

[PATCH 5/5] drm/vmwgfx: Sort primary plane formats by order of preference

by Zack Rusin

The table of primary plane formats wasn't sorted at all, leading to applications picking our least desirable formats by defaults. Sort the primary plane formats according to our order of preference. Fixes IGT's kms_atomic plane-invalid-params which assumes that the preferred format is a 32bpp format. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 36cc79bc9077 ("drm/vmwgfx: Add universal plane support") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h index bf9931e3a728..bf24f2f0dcfc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h @@ -233,10 +233,10 @@ struct vmw_framebuffer_bo { static const uint32_t __maybe_unused vmw_primary_plane_formats[] = { - DRM_FORMAT_XRGB1555, - DRM_FORMAT_RGB565, DRM_FORMAT_XRGB8888, DRM_FORMAT_ARGB8888, + DRM_FORMAT_RGB565, + DRM_FORMAT_XRGB1555, }; static const uint32_t __maybe_unused vmw_cursor_plane_formats[] = { -- 2.40.1

1 year, 5 months

2
3
0 0

Re: Patch "gpio: protect the list of GPIO devices with SRCU" has been added to the 6.8-stable tree

by Bartosz Golaszewski

On Wed, 3 Apr 2024 at 18:02, Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > gpio: protect the list of GPIO devices with SRCU > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > gpio-protect-the-list-of-gpio-devices-with-srcu.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 077106f97c7d113ebacb00725d83b817d0e89288 > Author: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> > Date: Fri Jan 19 16:43:13 2024 +0100 > > gpio: protect the list of GPIO devices with SRCU > > [ Upstream commit e348544f7994d252427ed3ae637c7081cbb90f66 ] > > We're working towards removing the "multi-function" GPIO spinlock that's > implemented terribly wrong. We tried using an RW-semaphore to protect > the list of GPIO devices but it turned out that we still have old code > using legacy GPIO calls that need to translate the global GPIO number to > the address of the associated descriptor and - to that end - traverse > the list while holding the lock. If we change the spinlock to a sleeping > lock then we'll end up with "scheduling while atomic" bugs. > > Let's allow lockless traversal of the list using SRCU and only use the > mutex when modyfing the list. > > While at it: let's protect the period between when we start the lookup > and when we finally request the descriptor (increasing the reference > count of the GPIO device) with the SRCU read lock. > > Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> > Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> > Acked-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> > Stable-dep-of: 5c887b65bbd1 ("gpiolib: Fix debug messaging in gpiod_find_and_request()") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > I'm not sure what the reason for picking this up into stable was but I believe it's not a good idea. This is just the first patch in a big series[1] of 24 commits total on top of which we had several bug fixes during the stabilization phase in next. Without the rest of the rework, it doesn't really improve the situation a lot. I suggest dropping this and not trying to backport any of the GPIOLIB locking rework to stable branches. Best Regards, Bartosz [1] https://lore.kernel.org/lkml/20240208095920.8035-22-brgl@bgdev.pl/T/

1 year, 5 months

2
1
0 0

Re: Patch "gpio: cdev: sanitize the label before requesting the interrupt" has been added to the 6.1-sta

by Pascal Ernster

[2024-04-03 19:58] gregkh linuxfoundation ! org: > This is a note to let you know that I've just added the patch titled > > gpio: cdev: sanitize the label before requesting the interrupt > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > gpio-cdev-sanitize-the-label-before-requesting-the-interrupt.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From b34490879baa847d16fc529c8ea6e6d34f004b38 Mon Sep 17 00:00:00 2001 > From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> > Date: Mon, 25 Mar 2024 10:02:42 +0100 > Subject: gpio: cdev: sanitize the label before requesting the interrupt > > From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> > > commit b34490879baa847d16fc529c8ea6e6d34f004b38 upstream. > > When an interrupt is requested, a procfs directory is created under > "/proc/irq/<irqnum>/<label>" where <label> is the string passed to one of > the request_irq() variants. > > What follows is that the string must not contain the "/" character or > the procfs mkdir operation will fail. We don't have such constraints for > GPIO consumer labels which are used verbatim as interrupt labels for > GPIO irqs. We must therefore sanitize the consumer string before > requesting the interrupt. > > Let's replace all "/" with ":". > > Cc: stable(a)vger.kernel.org > Reported-by: Stefan Wahren <wahrenst(a)gmx.net> > Closes: https://lore.kernel.org/linux-gpio/39fe95cb-aa83-4b8b-8cab-63947a726754@gmx… > Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> > Reviewed-by: Kent Gibson <warthog618(a)gmail.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/gpio/gpiolib-cdev.c | 38 ++++++++++++++++++++++++++++++++------ > 1 file changed, 32 insertions(+), 6 deletions(-) > > --- a/drivers/gpio/gpiolib-cdev.c > +++ b/drivers/gpio/gpiolib-cdev.c > @@ -999,10 +999,20 @@ static u32 gpio_v2_line_config_debounce_ > return 0; > } > > +static inline char *make_irq_label(const char *orig) > +{ > + return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); > +} > + > +static inline void free_irq_label(const char *label) > +{ > + kfree(label); > +} > + > static void edge_detector_stop(struct line *line) > { > if (line->irq) { > - free_irq(line->irq, line); > + free_irq_label(free_irq(line->irq, line)); > line->irq = 0; > } > > @@ -1027,6 +1037,7 @@ static int edge_detector_setup(struct li > unsigned long irqflags = 0; > u64 eflags; > int irq, ret; > + char *label; > > eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS; > if (eflags && !kfifo_initialized(&line->req->events)) { > @@ -1063,11 +1074,17 @@ static int edge_detector_setup(struct li > IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; > irqflags |= IRQF_ONESHOT; > > + label = make_irq_label(line->req->label); > + if (!label) > + return -ENOMEM; > + > /* Request a thread to read the events */ > ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, > - irqflags, line->req->label, line); > - if (ret) > + irqflags, label, line); > + if (ret) { > + free_irq_label(label); > return ret; > + } > > line->irq = irq; > return 0; > @@ -1910,7 +1927,7 @@ static ssize_t lineevent_read(struct fil > static void lineevent_free(struct lineevent_state *le) > { > if (le->irq) > - free_irq(le->irq, le); > + free_irq_label(free_irq(le->irq, le)); > if (le->desc) > gpiod_free(le->desc); > kfree(le->label); > @@ -2058,6 +2075,7 @@ static int lineevent_create(struct gpio_ > int fd; > int ret; > int irq, irqflags = 0; > + char *label; > > if (copy_from_user(&eventreq, ip, sizeof(eventreq))) > return -EFAULT; > @@ -2138,15 +2156,23 @@ static int lineevent_create(struct gpio_ > INIT_KFIFO(le->events); > init_waitqueue_head(&le->wait); > > + label = make_irq_label(le->label); > + if (!label) { > + ret = -ENOMEM; > + goto out_free_le; > + } > + > /* Request a thread to read the events */ > ret = request_threaded_irq(irq, > lineevent_irq_handler, > lineevent_irq_thread, > irqflags, > - le->label, > + label, > le); > - if (ret) > + if (ret) { > + free_irq_label(label); > goto out_free_le; > + } > > le->irq = irq; > > > > Patches currently in stable-queue which might be from bartosz.golaszewski(a)linaro.org are > > queue-6.1/gpio-cdev-sanitize-the-label-before-requesting-the-interrupt.patch Hi, this breaks the build because kstrdup_and_replace() does not exist in version branch 6.1. Regards Pascal

1 year, 5 months

2
1
0 0

[PATCH] clk: keystone: sci-clk: Adding support for non contiguous clocks

by Udit Kumar

commit ad3ac13c6ec318b43e769cc9ffde67528e58e555 upstream. Most of clocks and their parents are defined in contiguous range, But in few cases, there is gap in clock numbers[0]. Driver assumes clocks to be in contiguous range, and add their clock ids incrementally. New firmware started returning error while calling get_freq and is_on API for non-available clock ids. In this fix, driver checks and adds only valid clock ids. [0] https://software-dl.ti.com/tisci/esd/latest/5_soc_doc/j7200/clocks.html Section Clocks for NAVSS0_CPTS_0 Device, clock id 12-15 not present. Fixes: 3c13933c6033 ("clk: keystone: sci-clk: add support for dynamically probing clocks") Signed-off-by: Udit Kumar <u-kumar1(a)ti.com> Link: https://lore.kernel.org/r/20240213082640.457316-1-u-kumar1@ti.com Reviewed-by: Nishanth Menon <nm(a)ti.com> Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> --- Patch needs manual backporting only for LTS kernel version 4.19 drivers/clk/keystone/sci-clk.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/clk/keystone/sci-clk.c b/drivers/clk/keystone/sci-clk.c index 35fe197dd303..eb2ef44869b2 100644 --- a/drivers/clk/keystone/sci-clk.c +++ b/drivers/clk/keystone/sci-clk.c @@ -516,6 +516,7 @@ static int ti_sci_scan_clocks_from_dt(struct sci_clk_provider *provider) struct sci_clk *sci_clk, *prev; int num_clks = 0; int num_parents; + bool state; int clk_id; const char * const clk_names[] = { "clocks", "assigned-clocks", "assigned-clock-parents", NULL @@ -586,6 +587,15 @@ static int ti_sci_scan_clocks_from_dt(struct sci_clk_provider *provider) clk_id = args.args[1] + 1; while (num_parents--) { + /* Check if this clock id is valid */ + ret = provider->ops->is_auto(provider->sci, + sci_clk->dev_id, clk_id, &state); + + if (ret) { + clk_id++; + continue; + } + sci_clk = devm_kzalloc(dev, sizeof(*sci_clk), GFP_KERNEL); -- 2.34.1

1 year, 5 months

1
0
0 0

[PATCH net,v2] net: mana: Fix Rx DMA datasize and skb_over_panic

by Haiyang Zhang

mana_get_rxbuf_cfg() aligns the RX buffer's DMA datasize to be multiple of 64. So a packet slightly bigger than mtu+14, say 1536, can be received and cause skb_over_panic. Sample dmesg: [ 5325.237162] skbuff: skb_over_panic: text:ffffffffc043277a len:1536 put:1536 head:ff1100018b517000 data:ff1100018b517100 tail:0x700 end:0x6ea dev:<NULL> [ 5325.243689] ------------[ cut here ]------------ [ 5325.245748] kernel BUG at net/core/skbuff.c:192! [ 5325.247838] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 5325.258374] RIP: 0010:skb_panic+0x4f/0x60 [ 5325.302941] Call Trace: [ 5325.304389] <IRQ> [ 5325.315794] ? skb_panic+0x4f/0x60 [ 5325.317457] ? asm_exc_invalid_op+0x1f/0x30 [ 5325.319490] ? skb_panic+0x4f/0x60 [ 5325.321161] skb_put+0x4e/0x50 [ 5325.322670] mana_poll+0x6fa/0xb50 [mana] [ 5325.324578] __napi_poll+0x33/0x1e0 [ 5325.326328] net_rx_action+0x12e/0x280 As discussed internally, this alignment is not necessary. To fix this bug, remove it from the code. So oversized packets will be marked as CQE_RX_TRUNCATED by NIC, and dropped. Cc: stable(a)vger.kernel.org Fixes: 2fbbd712baf1 ("net: mana: Enable RX path to handle various MTU sizes") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> --- V2: updated the "Fixes" tag. The code change remains the same. --- drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- include/net/mana/mana.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 59287c6e6cee..d8af5e7e15b4 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -601,7 +601,7 @@ static void mana_get_rxbuf_cfg(int mtu, u32 *datasize, u32 *alloc_size, *alloc_size = mtu + MANA_RXBUF_PAD + *headroom; - *datasize = ALIGN(mtu + ETH_HLEN, MANA_RX_DATA_ALIGN); + *datasize = mtu + ETH_HLEN; } static int mana_pre_alloc_rxbufs(struct mana_port_context *mpc, int new_mtu) diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 76147feb0d10..4eeedf14711b 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -39,7 +39,6 @@ enum TRI_STATE { #define COMP_ENTRY_SIZE 64 #define RX_BUFFERS_PER_QUEUE 512 -#define MANA_RX_DATA_ALIGN 64 #define MAX_SEND_BUFFERS_PER_QUEUE 256 -- 2.34.1

1 year, 5 months

2
1
0 0

[PATCH 2/2] net: usb: qmi_wwan: add Lonsung U8300/U9300 product Update the net usb qmi_wwan driver to support Longsung U8300/U9300.

by Coia Prant

Enabling DTR on this modem was necessary to ensure stable operation. ID 1c9e:9b05 OMEGA TECHNOLOGY (U8300) ID 1c9e:9b3c OMEGA TECHNOLOGY (U9300) U8300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=option, 480M (Debug) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 5, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b05 OMEGA TECHNOLOGY U9300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b3c OMEGA TECHNOLOGY Tested successfully using Modem Manager on U9300. Tested successfully using qmicli on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/net/usb/qmi_wwan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index e2e181378f41..3dd8a2e24837 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1380,6 +1380,8 @@ static const struct usb_device_id products[] = { {QMI_FIXED_INTF(0x1c9e, 0x9801, 3)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9803, 4)}, /* Telewell TW-3G HSPA+ */ {QMI_FIXED_INTF(0x1c9e, 0x9b01, 3)}, /* XS Stick W100-2 from 4G Systems */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b05, 4)}, /* Longsung U8300 */ + {QMI_QUIRK_SET_DTR(0x1c9e, 0x9b3c, 4)}, /* Longsung U9300 */ {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */ {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */ {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */ -- 2.39.2

1 year, 5 months

2
1
0 0

[PATCH v5] media: ucvideo: Add quirk for Logitech Rally Bar

by Ricardo Ribalda

Logitech Rally Bar devices, despite behaving as UVC cameras, have a different power management system that the other cameras from Logitech. USB_QUIRK_RESET_RESUME is applied to all the UVC cameras from Logitech at the usb core. Unfortunately, USB_QUIRK_RESET_RESUME causes undesired USB disconnects in the Rally Bar that make them completely unusable. There is an open discussion about if we should fix this in the core or add a quirk in the UVC driver. In order to enable this hardware, let's land this patch first, and we can revert it later if there is a different conclusion. Fixes: e387ef5c47dd ("usb: Add USB_QUIRK_RESET_RESUME for all Logitech UVC webcams") Cc: <stable(a)vger.kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: Oliver Neukum <oneukum(a)suse.com> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Devinder Khroad <dkhroad(a)logitech.com> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Tested with a Rallybar Mini with an Acer Chromebook Spin 513 --- Changes in v5: - Update commit message to describe that this is a temp solution. - Link to v4: https://lore.kernel.org/r/20240108-rallybar-v4-1-a7450641e41b@chromium.org Changes in v4: - Include Logi Rally Bar Huddle (Thanks Kyle!) - Link to v3: https://lore.kernel.org/r/20240102-rallybar-v3-1-0ab197ce4aa2@chromium.org Changes in v3: - Move quirk to uvc driver - Link to v2: https://lore.kernel.org/r/20231222-rallybar-v2-1-5849d62a9514@chromium.org Changes in v2: - Add Fixes tag - Add UVC maintainer as Cc - Link to v1: https://lore.kernel.org/r/20231222-rallybar-v1-1-82b2a4d3106f@chromium.org --- drivers/media/usb/uvc/uvc_driver.c | 30 ++++++++++++++++++++++++++++++ drivers/media/usb/uvc/uvcvideo.h | 1 + 2 files changed, 31 insertions(+) diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index 08fcd2ffa727b..9663bcac68438 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -14,6 +14,7 @@ #include <linux/module.h> #include <linux/slab.h> #include <linux/usb.h> +#include <linux/usb/quirks.h> #include <linux/usb/uvc.h> #include <linux/videodev2.h> #include <linux/vmalloc.h> @@ -2233,6 +2234,8 @@ static int uvc_probe(struct usb_interface *intf, } uvc_dbg(dev, PROBE, "UVC device initialized\n"); + if (dev->quirks & UVC_QUIRK_FORCE_RESUME) + udev->quirks &= ~USB_QUIRK_RESET_RESUME; usb_enable_autosuspend(udev); return 0; @@ -2574,6 +2577,33 @@ static const struct usb_device_id uvc_ids[] = { .bInterfaceSubClass = 1, .bInterfaceProtocol = 0, .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_RESTORE_CTRLS_ON_INIT) }, + /* Logitech Rally Bar Huddle */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x087c, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, + /* Logitech Rally Bar */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x089b, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, + /* Logitech Rally Bar Mini */ + { .match_flags = USB_DEVICE_ID_MATCH_DEVICE + | USB_DEVICE_ID_MATCH_INT_INFO, + .idVendor = 0x046d, + .idProduct = 0x08d3, + .bInterfaceClass = USB_CLASS_VIDEO, + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .driver_info = UVC_INFO_QUIRK(UVC_QUIRK_FORCE_RESUME) }, /* Chicony CNF7129 (Asus EEE 100HE) */ { .match_flags = USB_DEVICE_ID_MATCH_DEVICE | USB_DEVICE_ID_MATCH_INT_INFO, diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 6fb0a78b1b009..fa59a21d2a289 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -73,6 +73,7 @@ #define UVC_QUIRK_FORCE_Y8 0x00000800 #define UVC_QUIRK_FORCE_BPP 0x00001000 #define UVC_QUIRK_WAKE_AUTOSUSPEND 0x00002000 +#define UVC_QUIRK_FORCE_RESUME 0x00004000 /* Format flags */ #define UVC_FMT_FLAG_COMPRESSED 0x00000001 --- base-commit: c0f65a7c112b3cfa691cead54bcf24d6cc2182b5 change-id: 20231222-rallybar-19ce0c64d5e6 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 year, 5 months

2
2
0 0

[PATCH 13/28] drm/amd/display: Adjust dprefclk by down spread percentage.

by Hamza Mahfooz

From: Zhongwei <zhongwei.zhang(a)amd.com> [Why] OLED panels show no display for large vtotal timings. [How] Check if ss is enabled and read from lut for spread spectrum percentage. Adjust dprefclk as required. DP_DTO adjustment is for edp only. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Zhongwei <zhongwei.zhang(a)amd.com> --- .../display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 50 +++++++++++++++++++ .../drm/amd/display/dc/dce/dce_clock_source.c | 8 +-- 2 files changed, 54 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 8efde1cfb49a..6c9b4e6491a5 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -73,6 +73,12 @@ #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_SEL_MASK 0x00000007L #define CLK1_CLK2_BYPASS_CNTL__CLK2_BYPASS_DIV_MASK 0x000F0000L +#define regCLK5_0_CLK5_spll_field_8 0x464b +#define regCLK5_0_CLK5_spll_field_8_BASE_IDX 0 + +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en__SHIFT 0xd +#define CLK5_0_CLK5_spll_field_8__spll_ssc_en_MASK 0x00002000L + #define SMU_VER_THRESHOLD 0x5D4A00 //93.74.0 #define REG(reg_name) \ @@ -412,6 +418,17 @@ static void dcn35_dump_clk_registers(struct clk_state_registers_and_bypass *regs { } +static bool dcn35_is_spll_ssc_enabled(struct clk_mgr *clk_mgr_base) +{ + struct clk_mgr_internal *clk_mgr = TO_CLK_MGR_INTERNAL(clk_mgr_base); + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t ssc_enable; + + REG_GET(CLK5_0_CLK5_spll_field_8, spll_ssc_en, &ssc_enable); + + return ssc_enable == 1; +} + static void init_clk_states(struct clk_mgr *clk_mgr) { struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); @@ -429,7 +446,16 @@ static void init_clk_states(struct clk_mgr *clk_mgr) void dcn35_init_clocks(struct clk_mgr *clk_mgr) { + struct clk_mgr_internal *clk_mgr_int = TO_CLK_MGR_INTERNAL(clk_mgr); init_clk_states(clk_mgr); + + // to adjust dp_dto reference clock if ssc is enable otherwise to apply dprefclk + if (dcn35_is_spll_ssc_enabled(clk_mgr)) + clk_mgr->dp_dto_source_clock_in_khz = + dce_adjust_dp_ref_freq_for_ss(clk_mgr_int, clk_mgr->dprefclk_khz); + else + clk_mgr->dp_dto_source_clock_in_khz = clk_mgr->dprefclk_khz; + } static struct clk_bw_params dcn35_bw_params = { .vram_type = Ddr4MemType, @@ -518,6 +544,28 @@ static DpmClocks_t_dcn35 dummy_clocks; static struct dcn35_watermarks dummy_wms = { 0 }; +static struct dcn35_ss_info_table ss_info_table = { + .ss_divider = 1000, + .ss_percentage = {0, 0, 375, 375, 375} +}; + +static void dcn35_read_ss_info_from_lut(struct clk_mgr_internal *clk_mgr) +{ + struct dc_context *ctx = clk_mgr->base.ctx; + uint32_t clock_source; + + REG_GET(CLK1_CLK2_BYPASS_CNTL, CLK2_BYPASS_SEL, &clock_source); + // If it's DFS mode, clock_source is 0. + if (dcn35_is_spll_ssc_enabled(&clk_mgr->base) && (clock_source < ARRAY_SIZE(ss_info_table.ss_percentage))) { + clk_mgr->dprefclk_ss_percentage = ss_info_table.ss_percentage[clock_source]; + + if (clk_mgr->dprefclk_ss_percentage != 0) { + clk_mgr->ss_on_dprefclk = true; + clk_mgr->dprefclk_ss_divider = ss_info_table.ss_divider; + } + } +} + static void dcn35_build_watermark_ranges(struct clk_bw_params *bw_params, struct dcn35_watermarks *table) { int i, num_valid_sets; @@ -1024,6 +1072,8 @@ void dcn35_clk_mgr_construct( dce_clock_read_ss_info(&clk_mgr->base); /*when clk src is from FCH, it could have ss, same clock src as DPREF clk*/ + dcn35_read_ss_info_from_lut(&clk_mgr->base); + clk_mgr->base.base.bw_params = &dcn35_bw_params; if (clk_mgr->base.base.ctx->dc->debug.pstate_enabled) { diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c index 970644b695cd..b5e0289d2fe8 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c @@ -976,7 +976,10 @@ static bool dcn31_program_pix_clk( struct bp_pixel_clock_parameters bp_pc_params = {0}; enum transmitter_color_depth bp_pc_colour_depth = TRANSMITTER_COLOR_DEPTH_24; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) + // Apply ssed(spread spectrum) dpref clock for edp only. + if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0 + && pix_clk_params->signal_type == SIGNAL_TYPE_EDP + && encoding == DP_8b_10b_ENCODING) dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; // For these signal types Driver to program DP_DTO without calling VBIOS Command table if (dc_is_dp_signal(pix_clk_params->signal_type) || dc_is_virtual_signal(pix_clk_params->signal_type)) { @@ -1093,9 +1096,6 @@ static bool get_pixel_clk_frequency_100hz( unsigned int modulo_hz = 0; unsigned int dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dprefclk_khz; - if (clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz != 0) - dp_dto_ref_khz = clock_source->ctx->dc->clk_mgr->dp_dto_source_clock_in_khz; - if (clock_source->id == CLOCK_SOURCE_ID_DP_DTO) { clock_hz = REG_READ(PHASE[inst]); -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH 12/28] drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST

by Hamza Mahfooz

From: Harry Wentland <harry.wentland(a)amd.com> The previous check for the is_vsc_sdp_colorimetry_supported flag for MST sink signals did nothing. Simplify the code and use the same check for MST and SST. Cc: stable(a)vger.kernel.org Reviewed-by: Agustin Gutierrez <agustin.gutierrez(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 56779e6544b0..d52701f6d1d0 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -6333,15 +6333,9 @@ create_stream_for_sink(struct drm_connector *connector, // should decide stream support vsc sdp colorimetry capability // before building vsc info packet // - stream->use_vsc_sdp_for_colorimetry = false; - if (aconnector->dc_sink->sink_signal == SIGNAL_TYPE_DISPLAY_PORT_MST) { - stream->use_vsc_sdp_for_colorimetry = - aconnector->dc_sink->is_vsc_sdp_colorimetry_supported; - } else { - if (stream->link->dpcd_caps.dpcd_rev.raw >= 0x14 && - stream->link->dpcd_caps.dprx_feature.bits.VSC_SDP_COLORIMETRY_SUPPORTED) - stream->use_vsc_sdp_for_colorimetry = true; - } + stream->use_vsc_sdp_for_colorimetry = stream->link->dpcd_caps.dpcd_rev.raw >= 0x14 && + stream->link->dpcd_caps.dprx_feature.bits.VSC_SDP_COLORIMETRY_SUPPORTED; + if (stream->out_transfer_func.tf == TRANSFER_FUNCTION_GAMMA22) tf = TRANSFER_FUNC_GAMMA_22; mod_build_vsc_infopacket(stream, &stream->vsc_infopacket, stream->output_color_space, tf); -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH 11/28] drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4

by Hamza Mahfooz

From: Harry Wentland <harry.wentland(a)amd.com> In order for display colorimetry to work correctly on DP displays we need to send the VSC SDP packet. We should only do so for panels with DPCD revision greater or equal to 1.4 as older receivers might have problems with it. Cc: stable(a)vger.kernel.org Cc: Joshua Ashton <joshua(a)froggi.es> Cc: Xaver Hugl <xaver.hugl(a)gmail.com> Cc: Melissa Wen <mwen(a)igalia.com> Cc: Agustin Gutierrez <Agustin.Gutierrez(a)amd.com> Reviewed-by: Agustin Gutierrez <agustin.gutierrez(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 9220acbdf981..56779e6544b0 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -6326,7 +6326,9 @@ create_stream_for_sink(struct drm_connector *connector, if (stream->signal == SIGNAL_TYPE_HDMI_TYPE_A) mod_build_hf_vsif_infopacket(stream, &stream->vsp_infopacket); - if (stream->link->psr_settings.psr_feature_enabled || stream->link->replay_settings.replay_feature_enabled) { + if (stream->signal == SIGNAL_TYPE_DISPLAY_PORT || + stream->signal == SIGNAL_TYPE_DISPLAY_PORT_MST || + stream->signal == SIGNAL_TYPE_EDP) { // // should decide stream support vsc sdp colorimetry capability // before building vsc info packet @@ -6336,7 +6338,8 @@ create_stream_for_sink(struct drm_connector *connector, stream->use_vsc_sdp_for_colorimetry = aconnector->dc_sink->is_vsc_sdp_colorimetry_supported; } else { - if (stream->link->dpcd_caps.dprx_feature.bits.VSC_SDP_COLORIMETRY_SUPPORTED) + if (stream->link->dpcd_caps.dpcd_rev.raw >= 0x14 && + stream->link->dpcd_caps.dprx_feature.bits.VSC_SDP_COLORIMETRY_SUPPORTED) stream->use_vsc_sdp_for_colorimetry = true; } if (stream->out_transfer_func.tf == TRANSFER_FUNCTION_GAMMA22) -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH 07/28] drm/amd/display: fix disable otg wa logic in DCN316

by Hamza Mahfooz

From: Fudongwang <fudong.wang(a)amd.com> [Why] Wrong logic cause screen corruption. [How] Port logic from DCN35/314. Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Fudongwang <fudong.wang(a)amd.com> --- .../dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c index e4ed888f8403..20ca7afa9cb4 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c @@ -99,20 +99,25 @@ static int dcn316_get_active_display_cnt_wa( return display_count; } -static void dcn316_disable_otg_wa(struct clk_mgr *clk_mgr_base, struct dc_state *context, bool disable) +static void dcn316_disable_otg_wa(struct clk_mgr *clk_mgr_base, struct dc_state *context, + bool safe_to_lower, bool disable) { struct dc *dc = clk_mgr_base->ctx->dc; int i; for (i = 0; i < dc->res_pool->pipe_count; ++i) { - struct pipe_ctx *pipe = &dc->current_state->res_ctx.pipe_ctx[i]; + struct pipe_ctx *pipe = safe_to_lower + ? &context->res_ctx.pipe_ctx[i] + : &dc->current_state->res_ctx.pipe_ctx[i]; if (pipe->top_pipe || pipe->prev_odm_pipe) continue; - if (pipe->stream && (pipe->stream->dpms_off || pipe->plane_state == NULL || - dc_is_virtual_signal(pipe->stream->signal))) { + if (pipe->stream && (pipe->stream->dpms_off || dc_is_virtual_signal(pipe->stream->signal) || + !pipe->stream->link_enc)) { if (disable) { - pipe->stream_res.tg->funcs->immediate_disable_crtc(pipe->stream_res.tg); + if (pipe->stream_res.tg && pipe->stream_res.tg->funcs->immediate_disable_crtc) + pipe->stream_res.tg->funcs->immediate_disable_crtc(pipe->stream_res.tg); + reset_sync_context_for_pipe(dc, context, i); } else pipe->stream_res.tg->funcs->enable_crtc(pipe->stream_res.tg); @@ -207,11 +212,11 @@ static void dcn316_update_clocks(struct clk_mgr *clk_mgr_base, } if (should_set_clock(safe_to_lower, new_clocks->dispclk_khz, clk_mgr_base->clks.dispclk_khz)) { - dcn316_disable_otg_wa(clk_mgr_base, context, true); + dcn316_disable_otg_wa(clk_mgr_base, context, safe_to_lower, true); clk_mgr_base->clks.dispclk_khz = new_clocks->dispclk_khz; dcn316_smu_set_dispclk(clk_mgr, clk_mgr_base->clks.dispclk_khz); - dcn316_disable_otg_wa(clk_mgr_base, context, false); + dcn316_disable_otg_wa(clk_mgr_base, context, safe_to_lower, false); update_dispclk = true; } -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH 06/28] drm/amd/display: Do not recursively call manual trigger programming

by Hamza Mahfooz

From: Dillon Varone <dillon.varone(a)amd.com> [WHY&HOW] We should not be recursively calling the manual trigger programming function when FAMS is not in use. Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Dillon Varone <dillon.varone(a)amd.com> --- drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c index f07a4c7e48bc..52eab8fccb7f 100644 --- a/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c +++ b/drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c @@ -267,9 +267,6 @@ static void optc32_setup_manual_trigger(struct timing_generator *optc) OTG_V_TOTAL_MAX_SEL, 1, OTG_FORCE_LOCK_ON_EVENT, 0, OTG_SET_V_TOTAL_MIN_MASK, (1 << 1)); /* TRIGA */ - - // Setup manual flow control for EOF via TRIG_A - optc->funcs->setup_manual_trigger(optc); } } -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH 04/28] drm/amd/display: fix an incorrect ODM policy assigned for subvp

by Hamza Mahfooz

From: Wenjing Liu <wenjing.liu(a)amd.com> [why] When Subvp pipe's index is smaller than main pipe's index, the main pipe's ODM policy is not yet assigned. If we assign subvp pipe's ODM policy based on main pipe, we will assign uninitialized ODM policy. [how] Instead of copying main pipe's policy we copy the main pipe ODM policy logic. So it doesn't matter whether if main pipe's ODM policy is set, phantom pipe will always have the same policy because it running the same calcualtion to derive ODM policy. Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> --- .../dc/resource/dcn32/dcn32_resource.c | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c index e2bff9b9d55a..9aa39bd25be9 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c @@ -1824,6 +1824,7 @@ int dcn32_populate_dml_pipes_from_context( int num_subvp_main = 0; int num_subvp_phantom = 0; int num_subvp_none = 0; + int odm_slice_count; dcn20_populate_dml_pipes_from_context(dc, context, pipes, fast_validate); @@ -1852,7 +1853,7 @@ int dcn32_populate_dml_pipes_from_context( mall_type = dc_state_get_pipe_subvp_type(context, pipe); if (mall_type == SUBVP_MAIN) { if (resource_is_pipe_type(pipe, OTG_MASTER)) - subvp_main_pipe_index = pipe_cnt; + subvp_main_pipe_index = i; } pipe_cnt++; } @@ -1878,22 +1879,23 @@ int dcn32_populate_dml_pipes_from_context( mall_type = dc_state_get_pipe_subvp_type(context, pipe); if (single_display_subvp && (mall_type == SUBVP_PHANTOM)) { if (subvp_main_pipe_index < 0) { + odm_slice_count = -1; ASSERT(0); } else { - pipes[pipe_cnt].pipe.dest.odm_combine_policy = - pipes[subvp_main_pipe_index].pipe.dest.odm_combine_policy; + odm_slice_count = resource_get_odm_slice_count(&res_ctx->pipe_ctx[subvp_main_pipe_index]); } } else { - switch (resource_get_odm_slice_count(pipe)) { - case 2: - pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_2to1; - break; - case 4: - pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_4to1; - break; - default: - pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; - } + odm_slice_count = resource_get_odm_slice_count(pipe); + } + switch (odm_slice_count) { + case 2: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_2to1; + break; + case 4: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_4to1; + break; + default: + pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; } } else { pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal; -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH 03/28] drm/amd/display: always reset ODM mode in context when adding first plane

by Hamza Mahfooz

From: Wenjing Liu <wenjing.liu(a)amd.com> [why] In current implemenation ODM mode is only reset when the last plane is removed from dc state. For any dc validate we will always remove all current planes and add new planes. However when switching from no planes to 1 plane, ODM mode is not reset because no planes get removed. This has caused an issue where we kept ODM combine when it should have been remove when a plane is added. The change is to reset ODM mode when adding the first plane. Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Wenjing Liu <wenjing.liu(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_state.c b/drivers/gpu/drm/amd/display/dc/core/dc_state.c index d1d326e9b9b6..4f9ef07d29ec 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_state.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_state.c @@ -458,6 +458,15 @@ bool dc_state_add_plane( goto out; } + if (stream_status->plane_count == 0 && dc->config.enable_windowed_mpo_odm) + /* ODM combine could prevent us from supporting more planes + * we will reset ODM slice count back to 1 when all planes have + * been removed to maximize the amount of planes supported when + * new planes are added. + */ + resource_update_pipes_for_stream_with_slice_count( + state, dc->current_state, dc->res_pool, stream, 1); + otg_master_pipe = resource_get_otg_master_for_stream( &state->res_ctx, stream); if (otg_master_pipe) -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH 02/28] drm/amd/display: Return max resolution supported by DWB

by Hamza Mahfooz

From: Alex Hung <alex.hung(a)amd.com> mode_config's max width x height is 4096x2160 and is higher than DWB's max resolution 3840x2160 which is returned instead. Cc: stable(a)vger.kernel.org Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c index 16e72d623630..08c494a7a21b 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c @@ -76,10 +76,8 @@ static int amdgpu_dm_wb_encoder_atomic_check(struct drm_encoder *encoder, static int amdgpu_dm_wb_connector_get_modes(struct drm_connector *connector) { - struct drm_device *dev = connector->dev; - - return drm_add_modes_noedid(connector, dev->mode_config.max_width, - dev->mode_config.max_height); + /* Maximum resolution supported by DWB */ + return drm_add_modes_noedid(connector, 3840, 2160); } static int amdgpu_dm_wb_prepare_job(struct drm_writeback_connector *wb_connector, -- 2.44.0

1 year, 5 months

1
0
0 0

Re: [PATCH 6.8 00/11] 6.8.4-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 5 months

1
0
0 0

[PATCH AUTOSEL 4.19 1/5] tools: iio: replace seekdir() in iio_generic_buffer

by Sasha Levin

From: Petre Rodan <petre.rodan(a)subdimension.ro> [ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ] Replace seekdir() with rewinddir() in order to fix a localized glibc bug. One of the glibc patches that stable Gentoo is using causes an improper directory stream positioning bug on 32bit arm. That in turn ends up as a floating point exception in iio_generic_buffer. The attached patch provides a fix by using an equivalent function which should not cause trouble for other distros and is easier to reason about in general as it obviously always goes back to to the start. https://sourceware.org/bugzilla/show_bug.cgi?id=31212 Signed-off-by: Petre Rodan <petre.rodan(a)subdimension.ro> Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/iio/iio_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c index d174487b2f226..1ef51c7e7b04f 100644 --- a/tools/iio/iio_utils.c +++ b/tools/iio/iio_utils.c @@ -376,7 +376,7 @@ int build_channel_array(const char *device_dir, goto error_close_dir; } - seekdir(dp, 0); + rewinddir(dp); while (ent = readdir(dp), ent) { if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), "_en") == 0) { -- 2.43.0

1 year, 5 months

1
4
0 0

[PATCH AUTOSEL 5.4 1/6] tools: iio: replace seekdir() in iio_generic_buffer

by Sasha Levin

From: Petre Rodan <petre.rodan(a)subdimension.ro> [ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ] Replace seekdir() with rewinddir() in order to fix a localized glibc bug. One of the glibc patches that stable Gentoo is using causes an improper directory stream positioning bug on 32bit arm. That in turn ends up as a floating point exception in iio_generic_buffer. The attached patch provides a fix by using an equivalent function which should not cause trouble for other distros and is easier to reason about in general as it obviously always goes back to to the start. https://sourceware.org/bugzilla/show_bug.cgi?id=31212 Signed-off-by: Petre Rodan <petre.rodan(a)subdimension.ro> Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/iio/iio_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c index 48360994c2a13..b8745873928c5 100644 --- a/tools/iio/iio_utils.c +++ b/tools/iio/iio_utils.c @@ -373,7 +373,7 @@ int build_channel_array(const char *device_dir, goto error_close_dir; } - seekdir(dp, 0); + rewinddir(dp); while (ent = readdir(dp), ent) { if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), "_en") == 0) { -- 2.43.0

1 year, 5 months

1
5
0 0

[PATCH AUTOSEL 5.10 1/8] tools: iio: replace seekdir() in iio_generic_buffer

by Sasha Levin

From: Petre Rodan <petre.rodan(a)subdimension.ro> [ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ] Replace seekdir() with rewinddir() in order to fix a localized glibc bug. One of the glibc patches that stable Gentoo is using causes an improper directory stream positioning bug on 32bit arm. That in turn ends up as a floating point exception in iio_generic_buffer. The attached patch provides a fix by using an equivalent function which should not cause trouble for other distros and is easier to reason about in general as it obviously always goes back to to the start. https://sourceware.org/bugzilla/show_bug.cgi?id=31212 Signed-off-by: Petre Rodan <petre.rodan(a)subdimension.ro> Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/iio/iio_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c index 48360994c2a13..b8745873928c5 100644 --- a/tools/iio/iio_utils.c +++ b/tools/iio/iio_utils.c @@ -373,7 +373,7 @@ int build_channel_array(const char *device_dir, goto error_close_dir; } - seekdir(dp, 0); + rewinddir(dp); while (ent = readdir(dp), ent) { if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), "_en") == 0) { -- 2.43.0

1 year, 5 months

1
7
0 0

[PATCH AUTOSEL 5.15 1/8] tools: iio: replace seekdir() in iio_generic_buffer

by Sasha Levin

From: Petre Rodan <petre.rodan(a)subdimension.ro> [ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ] Replace seekdir() with rewinddir() in order to fix a localized glibc bug. One of the glibc patches that stable Gentoo is using causes an improper directory stream positioning bug on 32bit arm. That in turn ends up as a floating point exception in iio_generic_buffer. The attached patch provides a fix by using an equivalent function which should not cause trouble for other distros and is easier to reason about in general as it obviously always goes back to to the start. https://sourceware.org/bugzilla/show_bug.cgi?id=31212 Signed-off-by: Petre Rodan <petre.rodan(a)subdimension.ro> Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/iio/iio_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c index 6a00a6eecaef0..c5c5082cb24e5 100644 --- a/tools/iio/iio_utils.c +++ b/tools/iio/iio_utils.c @@ -376,7 +376,7 @@ int build_channel_array(const char *device_dir, int buffer_idx, goto error_close_dir; } - seekdir(dp, 0); + rewinddir(dp); while (ent = readdir(dp), ent) { if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), "_en") == 0) { -- 2.43.0

1 year, 5 months

1
7
0 0

[PATCH AUTOSEL 6.1 01/15] tools: iio: replace seekdir() in iio_generic_buffer

by Sasha Levin

From: Petre Rodan <petre.rodan(a)subdimension.ro> [ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ] Replace seekdir() with rewinddir() in order to fix a localized glibc bug. One of the glibc patches that stable Gentoo is using causes an improper directory stream positioning bug on 32bit arm. That in turn ends up as a floating point exception in iio_generic_buffer. The attached patch provides a fix by using an equivalent function which should not cause trouble for other distros and is easier to reason about in general as it obviously always goes back to to the start. https://sourceware.org/bugzilla/show_bug.cgi?id=31212 Signed-off-by: Petre Rodan <petre.rodan(a)subdimension.ro> Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/iio/iio_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c index 6a00a6eecaef0..c5c5082cb24e5 100644 --- a/tools/iio/iio_utils.c +++ b/tools/iio/iio_utils.c @@ -376,7 +376,7 @@ int build_channel_array(const char *device_dir, int buffer_idx, goto error_close_dir; } - seekdir(dp, 0); + rewinddir(dp); while (ent = readdir(dp), ent) { if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), "_en") == 0) { -- 2.43.0

1 year, 5 months

1
14
0 0

[PATCH AUTOSEL 6.6 01/20] tools: iio: replace seekdir() in iio_generic_buffer

by Sasha Levin

From: Petre Rodan <petre.rodan(a)subdimension.ro> [ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ] Replace seekdir() with rewinddir() in order to fix a localized glibc bug. One of the glibc patches that stable Gentoo is using causes an improper directory stream positioning bug on 32bit arm. That in turn ends up as a floating point exception in iio_generic_buffer. The attached patch provides a fix by using an equivalent function which should not cause trouble for other distros and is easier to reason about in general as it obviously always goes back to to the start. https://sourceware.org/bugzilla/show_bug.cgi?id=31212 Signed-off-by: Petre Rodan <petre.rodan(a)subdimension.ro> Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/iio/iio_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c index 6a00a6eecaef0..c5c5082cb24e5 100644 --- a/tools/iio/iio_utils.c +++ b/tools/iio/iio_utils.c @@ -376,7 +376,7 @@ int build_channel_array(const char *device_dir, int buffer_idx, goto error_close_dir; } - seekdir(dp, 0); + rewinddir(dp); while (ent = readdir(dp), ent) { if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), "_en") == 0) { -- 2.43.0

1 year, 5 months

1
19
0 0

[PATCH v2] KVM: selftests: Fix build error due to assert in dirty_log_test

by Raghavendra Rao Ananta

The commit e5ed6c922537 ("KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test") backported the fix from v6.8 to stable v6.1. However, since the patch uses 'TEST_ASSERT_EQ()', which doesn't exist on v6.1, the following build error is seen: dirty_log_test.c:775:2: error: call to undeclared function 'TEST_ASSERT_EQ'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] TEST_ASSERT_EQ(sem_val, 0); ^ 1 error generated. Replace the macro with its equivalent, 'ASSERT_EQ()' to fix the issue. Fixes: e5ed6c922537 ("KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test") Cc: <stable(a)vger.kernel.org> Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com> --- tools/testing/selftests/kvm/dirty_log_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/kvm/dirty_log_test.c b/tools/testing/selftests/kvm/dirty_log_test.c index ec40a33c29fd..711b9e4d86aa 100644 --- a/tools/testing/selftests/kvm/dirty_log_test.c +++ b/tools/testing/selftests/kvm/dirty_log_test.c @@ -772,9 +772,9 @@ static void run_test(enum vm_guest_mode mode, void *arg) * verification of all iterations. */ sem_getvalue(&sem_vcpu_stop, &sem_val); - TEST_ASSERT_EQ(sem_val, 0); + ASSERT_EQ(sem_val, 0); sem_getvalue(&sem_vcpu_cont, &sem_val); - TEST_ASSERT_EQ(sem_val, 0); + ASSERT_EQ(sem_val, 0); pthread_create(&vcpu_thread, NULL, vcpu_worker, vcpu); base-commit: e5cd595e23c1a075359a337c0e5c3a4f2dc28dd1 -- 2.44.0.478.gd926399ef9-goog

1 year, 5 months

2
1
0 0

Re: Patch "scsi: libsas: Fix disk not being scanned in after being removed" has been added to the 5.15-stable tree

by Greg KH

On Wed, Apr 03, 2024 at 12:08:23PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > scsi: libsas: Fix disk not being scanned in after being removed > > to the 5.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > scsi-libsas-fix-disk-not-being-scanned-in-after-bein.patch > and it can be found in the queue-5.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Nope, breaks the build, I'll go drop this, sorry. greg k-h

1 year, 5 months

1
0
0 0

[PATCH] KVM: selftests: Fix build error due to assert in dirty_log_test

by Raghavendra Rao Ananta

The commit e5ed6c922537 ("KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test") backported the fix from v6.8 to stable v6.1. However, since the patch uses 'TEST_ASSERT_EQ()', which doesn't exist on v6.1, the following build error is seen: dirty_log_test.c:775:2: error: call to undeclared function 'TEST_ASSERT_EQ'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] TEST_ASSERT_EQ(sem_val, 0); ^ 1 error generated. Replace the macro with its equivalent, 'ASSERT_EQ()' to fix the issue. Fixes: e5ed6c922537 ("KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test") Cc: <stable(a)vger.kernel.org> Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com> Change-Id: I52c2c28d962e482bb4f40f285229a2465ed59d7e --- tools/testing/selftests/kvm/dirty_log_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/kvm/dirty_log_test.c b/tools/testing/selftests/kvm/dirty_log_test.c index ec40a33c29fd..711b9e4d86aa 100644 --- a/tools/testing/selftests/kvm/dirty_log_test.c +++ b/tools/testing/selftests/kvm/dirty_log_test.c @@ -772,9 +772,9 @@ static void run_test(enum vm_guest_mode mode, void *arg) * verification of all iterations. */ sem_getvalue(&sem_vcpu_stop, &sem_val); - TEST_ASSERT_EQ(sem_val, 0); + ASSERT_EQ(sem_val, 0); sem_getvalue(&sem_vcpu_cont, &sem_val); - TEST_ASSERT_EQ(sem_val, 0); + ASSERT_EQ(sem_val, 0); pthread_create(&vcpu_thread, NULL, vcpu_worker, vcpu); base-commit: e5cd595e23c1a075359a337c0e5c3a4f2dc28dd1 -- 2.44.0.478.gd926399ef9-goog

1 year, 5 months

1
0
0 0

Re: Fixing the devicetree of Rock 5 Model B (and possibly others)

by Pratham Patel

On Wed Apr 3, 2024 at 7:22 PM IST, Sebastian Reichel wrote: > Hi, > > On Wed, Apr 03, 2024 at 01:03:07AM +0000, Pratham Patel wrote: > > > > > Also, can you give the output of <debugfs>/devices_deferred for the > > > > > good vs bad case? > > > > > > > > I can't provide you with requested output from the bad case, since the > > > > kernel never moves past this to an initramfs rescue shell, but following > > > > is the output from v6.8.1 (**with aforementioned patch reverted**). > > > > > > > > # cat /sys/kernel/debug/devices_deferred > > > > fc400000.usb platform: wait for supplier /phy@fed90000/usb3-port > > > > 1-0022 typec_fusb302: cannot register tcpm port > > > > fc000000.usb platform: wait for supplier /phy@fed80000/usb3-port > > > > > > > > It seems that v6.8.2 works _without needing to revert the patch_. I will > > > > have to look into this sometime this week but it seems like > > > > a8037ceb8964 (arm64: dts: rockchip: drop rockchip,trcm-sync-tx-only from rk3588 i2s) > > > > seems to be the one that fixed the root issue. I will have to test it > > > > sometime later this week. > > > > > > Ok, once you find the patch that fixes things, let me know too. > > > > Will do! > > FWIW the v6.8.1 kernel referenced above is definitely patched, since > upstream's Rock 5B DT does neither describe fusb302, nor the USB > port it is connected to. > > We have a few Rock 5B in Kernel CI and upstream boots perfectly > fine: > > https://lava.collabora.dev/scheduler/device_type/rk3588-rock-5b Hmm, weird then. I can confirm that v6.8.1 doesn't _always_ boot. It boots some times but still fails a majority of times. There is a 2 out of 10 chance that v6.8.1 will not boot. If you keep rebooting enough times, you might get it to boot but the next boot is likely to be borked. :( That said, v6.8.2 might still have the same issue, but the probably of a failed boot might be _lesser_ than v6.8.1 (from what I saw). I will verify that behaviour sometime tomorrow or day after tomorrow. > > So it could be one of your downstream patches, which is introducing > this problem. I thought so too. So I built a vanilla kernel from the release tarball of v6.8.1, using GCC + arm64 defconfig. I also tried using LLVM just in case but noticed the same result. -- Pratham Patel

1 year, 5 months

1
0
0 0

[PATCH] arm64/ptrace: Use saved floating point state type to determine SVE layout

by Mark Brown

The SVE register sets have two different formats, one of which is a wrapped version of the standard FPSIMD register set and another with actual SVE register data. At present we check TIF_SVE to see if full SVE register state should be provided when reading the SVE regset but if we were in a syscall we may have saved only floating point registers even though that is set. Fix this and simplify the logic by checking and using the format which we recorded when deciding if we should use FPSIMD or SVE format. Fixes: 8c845e273104 ("arm64/sve: Leave SVE enabled on syscall if we don't context switch") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kernel/ptrace.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 162b030ab9da..0d022599eb61 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -761,7 +761,6 @@ static void sve_init_header_from_task(struct user_sve_header *header, { unsigned int vq; bool active; - bool fpsimd_only; enum vec_type task_type; memset(header, 0, sizeof(*header)); @@ -777,12 +776,10 @@ static void sve_init_header_from_task(struct user_sve_header *header, case ARM64_VEC_SVE: if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT)) header->flags |= SVE_PT_VL_INHERIT; - fpsimd_only = !test_tsk_thread_flag(target, TIF_SVE); break; case ARM64_VEC_SME: if (test_tsk_thread_flag(target, TIF_SME_VL_INHERIT)) header->flags |= SVE_PT_VL_INHERIT; - fpsimd_only = false; break; default: WARN_ON_ONCE(1); @@ -790,7 +787,7 @@ static void sve_init_header_from_task(struct user_sve_header *header, } if (active) { - if (fpsimd_only) { + if (target->thread.fp_type == FP_STATE_FPSIMD) { header->flags |= SVE_PT_REGS_FPSIMD; } else { header->flags |= SVE_PT_REGS_SVE; --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240129-arm64-ptrace-fp-type-d3ce48f8883e Best regards, -- Mark Brown <broonie(a)kernel.org>

1 year, 5 months

2
1
0 0

Linux 6.8.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.3 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/Makefile | 4 Documentation/admin-guide/kernel-parameters.txt | 4 Documentation/arch/x86/amd-memory-encryption.rst | 16 Documentation/conf.py | 6 Documentation/userspace-api/media/mediactl/media-types.rst | 11 Makefile | 2 arch/arm/Kconfig | 4 arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 arch/arm/include/asm/mman.h | 14 arch/arm/kernel/Makefile | 2 arch/arm/kernel/iwmmxt.S | 51 - arch/arm/kernel/pj4-cp0.c | 135 ----- arch/arm/mm/flush.c | 3 arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 arch/arm64/boot/dts/qcom/sm8450-hdk.dts | 4 arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/loongarch/crypto/crc32-loongarch.c | 2 arch/loongarch/include/asm/Kbuild | 1 arch/loongarch/include/asm/io.h | 2 arch/loongarch/include/asm/percpu.h | 7 arch/loongarch/include/asm/qspinlock.h | 18 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/parisc/include/asm/mman.h | 14 arch/parisc/kernel/unaligned.c | 27 - arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/kernel/prom.c | 12 arch/powerpc/lib/Makefile | 2 arch/sparc/include/asm/parport.h | 259 ---------- arch/sparc/include/asm/parport_64.h | 256 +++++++++ arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 13 arch/x86/boot/compressed/efi_mixed.S | 29 - arch/x86/coco/core.c | 7 arch/x86/events/amd/core.c | 20 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/asm.h | 14 arch/x86/include/asm/coco.h | 8 arch/x86/include/asm/crash_core.h | 2 arch/x86/include/asm/mem_encrypt.h | 15 arch/x86/include/asm/nospec-branch.h | 21 arch/x86/include/asm/sev.h | 4 arch/x86/include/asm/suspend_32.h | 10 arch/x86/include/asm/x86_init.h | 3 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/eisa.c | 3 arch/x86/kernel/fpu/xstate.c | 5 arch/x86/kernel/fpu/xstate.h | 14 arch/x86/kernel/kprobes/core.c | 11 arch/x86/kernel/mpparse.c | 10 arch/x86/kernel/nmi.c | 2 arch/x86/kernel/probe_roms.c | 10 arch/x86/kernel/setup.c | 3 arch/x86/kernel/sev-shared.c | 12 arch/x86/kernel/sev.c | 31 - arch/x86/kernel/x86_init.c | 2 arch/x86/kvm/lapic.c | 5 arch/x86/kvm/xen.c | 2 arch/x86/kvm/xen.h | 18 arch/x86/lib/retpoline.S | 11 arch/x86/mm/mem_encrypt_amd.c | 18 arch/x86/mm/mem_encrypt_identity.c | 38 - block/bio.c | 7 block/blk-mq.c | 9 block/blk-settings.c | 4 block/mq-deadline.c | 3 crypto/asymmetric_keys/mscode_parser.c | 3 crypto/asymmetric_keys/pkcs7_parser.c | 4 crypto/asymmetric_keys/public_key.c | 3 crypto/asymmetric_keys/signature.c | 2 crypto/asymmetric_keys/x509_cert_parser.c | 8 crypto/testmgr.h | 80 +++ drivers/accessibility/speakup/synth.c | 4 drivers/ata/ahci.c | 13 drivers/ata/libata-eh.c | 5 drivers/ata/libata-scsi.c | 9 drivers/base/power/wakeirq.c | 4 drivers/bluetooth/btnxpuart.c | 3 drivers/char/tpm/tpm_tis_core.c | 3 drivers/clk/qcom/camcc-sc8280xp.c | 21 drivers/clk/qcom/gcc-ipq5018.c | 3 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-ipq9574.c | 1 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/clocksource/arm_global_timer.c | 2 drivers/clocksource/timer-riscv.c | 3 drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/intel/iaa/iaa_crypto_main.c | 10 drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 drivers/crypto/intel/qat/qat_common/adf_rl.c | 20 drivers/cxl/core/trace.h | 14 drivers/firmware/efi/efi.c | 2 drivers/firmware/efi/libstub/randomalloc.c | 2 drivers/firmware/efi/libstub/x86-stub.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c | 20 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 34 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.h | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/core/dc.c | 127 ++++ drivers/gpu/drm/amd/display/dc/core/dc_state.c | 3 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 18 drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 drivers/gpu/drm/amd/display/dc/dc.h | 2 drivers/gpu/drm/amd/display/dc/dc_stream.h | 2 drivers/gpu/drm/amd/display/dc/dc_types.h | 4 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_opp.c | 1 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.c | 14 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_opp.h | 2 drivers/gpu/drm/amd/display/dc/dcn201/dcn201_opp.c | 1 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.c | 54 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.h | 14 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_mpc.c | 5 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c | 6 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 24 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 28 - drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 3 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 53 +- drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 41 - drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 71 +- drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.h | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_init.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 41 - drivers/gpu/drm/amd/display/dc/inc/hw/opp.h | 3 drivers/gpu/drm/amd/display/dc/inc/hw/timing_generator.h | 1 drivers/gpu/drm/amd/display/dc/inc/link.h | 4 drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c | 4 drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.h | 4 drivers/gpu/drm/amd/display/dc/optc/dcn10/dcn10_optc.h | 3 drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 8 drivers/gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.h | 1 drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.h | 3 drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c | 2 drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 8 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/display/modules/info_packet/info_packet.c | 13 drivers/gpu/drm/amd/display/modules/power/power_helpers.c | 2 drivers/gpu/drm/amd/display/modules/power/power_helpers.h | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 19 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 19 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 31 - drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 18 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 18 drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 drivers/gpu/drm/display/drm_dp_helper.c | 7 drivers/gpu/drm/drm_bridge.c | 46 + drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/drm_probe_helper.c | 7 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/display/icl_dsi.c | 3 drivers/gpu/drm/i915/display/intel_bios.c | 46 + drivers/gpu/drm/i915/display/intel_cursor.c | 4 drivers/gpu/drm/i915/display/intel_display_trace.h | 6 drivers/gpu/drm/i915/display/intel_display_types.h | 1 drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 76 +- drivers/gpu/drm/i915/display/intel_dpll_mgr.h | 4 drivers/gpu/drm/i915/display/intel_dsb.c | 14 drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 drivers/gpu/drm/i915/display/intel_vrr.c | 7 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 3 drivers/gpu/drm/i915/i915_hwmon.c | 37 - drivers/gpu/drm/i915/i915_reg.h | 2 drivers/gpu/drm/i915/i915_vma.c | 50 + drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 drivers/gpu/drm/scheduler/sched_entity.c | 12 drivers/gpu/drm/ttm/ttm_bo_util.c | 13 drivers/gpu/drm/ttm/ttm_tt.c | 13 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 drivers/gpu/drm/xe/xe_query.c | 2 drivers/hwmon/amc6821.c | 11 drivers/iio/adc/rockchip_saradc.c | 6 drivers/iommu/dma-iommu.c | 9 drivers/irqchip/irq-renesas-rzg2l.c | 67 ++ drivers/leds/trigger/ledtrig-netdev.c | 4 drivers/md/dm-raid.c | 93 ++- drivers/md/dm-snap.c | 4 drivers/md/md-bitmap.c | 9 drivers/md/md.c | 82 ++- drivers/md/md.h | 38 + drivers/md/raid5.c | 58 +- drivers/media/mc/mc-entity.c | 93 ++- drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 drivers/media/tuners/xc4000.c | 4 drivers/mfd/Kconfig | 1 drivers/mfd/intel-lpss-pci.c | 28 - drivers/mfd/intel-lpss.c | 9 drivers/mfd/intel-lpss.h | 14 drivers/mmc/core/block.c | 14 drivers/mmc/host/sdhci-of-dwcmshc.c | 28 - drivers/mmc/host/sdhci-omap.c | 3 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/nand/raw/nand_base.c | 85 ++- drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/phy/at803x.c | 4 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c | 15 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 60 -- drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c | 33 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 33 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c | 16 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 drivers/net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 11 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 drivers/net/wireless/realtek/rtw88/mac.c | 7 drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 40 + drivers/nvmem/meson-efuse.c | 25 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/controller/dwc/pcie-qcom.c | 41 + drivers/pci/controller/pci-hyperv.c | 3 drivers/pci/pci-driver.c | 7 drivers/pci/pcie/err.c | 20 drivers/pci/quirks.c | 2 drivers/phy/tegra/xusb.c | 13 drivers/pinctrl/pinctrl-amd.c | 2 drivers/pinctrl/qcom/Kconfig | 2 drivers/platform/x86/intel/tpmi.c | 9 drivers/powercap/intel_rapl_common.c | 34 + drivers/powercap/intel_rapl_msr.c | 8 drivers/powercap/intel_rapl_tpmi.c | 15 drivers/pwm/pwm-img.c | 4 drivers/remoteproc/remoteproc_virtio.c | 6 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/libsas/sas_expander.c | 51 + drivers/scsi/lpfc/lpfc_bsg.c | 4 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_init.c | 128 ++-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_os.c | 3 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/scsi/scsi_scan.c | 34 + drivers/scsi/sd.c | 23 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 25 drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/thermal/devfreq_cooling.c | 2 drivers/thermal/intel/int340x_thermal/processor_thermal_device.c | 8 drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c | 8 drivers/thermal/intel/intel_tcc.c | 12 drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 drivers/thermal/mediatek/auxadc_thermal.c | 3 drivers/thermal/thermal_trip.c | 19 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/max310x.c | 7 drivers/tty/serial/serial_core.c | 12 drivers/ufs/host/ufs-qcom.c | 6 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 38 + drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 drivers/usb/dwc2/hcd.c | 49 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/dwc2/platform.c | 2 drivers/usb/dwc3/core.c | 2 drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/dwc3-am62.c | 13 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/dwc3/gadget.c | 10 drivers/usb/dwc3/host.c | 11 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 39 - drivers/usb/host/xhci.c | 2 drivers/usb/misc/usb-ljca.c | 22 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/uas.c | 28 - drivers/usb/typec/class.c | 7 drivers/usb/typec/tcpm/tcpm.c | 6 drivers/usb/typec/ucsi/ucsi.c | 46 + drivers/usb/typec/ucsi/ucsi.h | 4 drivers/usb/typec/ucsi/ucsi_acpi.c | 75 +- drivers/usb/typec/ucsi/ucsi_glink.c | 14 drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 drivers/vfio/pci/pds/lm.c | 13 drivers/vfio/pci/pds/lm.h | 1 drivers/vfio/pci/pds/vfio_dev.c | 4 drivers/vfio/pci/vfio_pci_intrs.c | 176 ++++-- drivers/vfio/platform/vfio_platform_irq.c | 105 ++-- drivers/vfio/virqfd.c | 21 drivers/video/fbdev/Kconfig | 3 drivers/virtio/virtio.c | 4 fs/btrfs/block-group.c | 3 fs/btrfs/compression.c | 8 fs/btrfs/defrag.c | 4 fs/btrfs/disk-io.c | 13 fs/btrfs/export.c | 2 fs/btrfs/extent_io.c | 61 +- fs/btrfs/extent_io.h | 1 fs/btrfs/extent_map.c | 16 fs/btrfs/file.c | 14 fs/btrfs/free-space-cache.c | 2 fs/btrfs/fs.h | 11 fs/btrfs/inode.c | 54 +- fs/btrfs/ioctl.c | 58 -- fs/btrfs/lzo.c | 4 fs/btrfs/props.c | 2 fs/btrfs/qgroup.c | 61 ++ fs/btrfs/qgroup.h | 3 fs/btrfs/reflink.c | 12 fs/btrfs/relocation.c | 2 fs/btrfs/scrub.c | 12 fs/btrfs/send.c | 2 fs/btrfs/super.c | 2 fs/btrfs/volumes.c | 69 ++ fs/btrfs/zoned.c | 14 fs/debugfs/inode.c | 25 fs/dlm/user.c | 10 fs/exec.c | 1 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/f2fs/f2fs.h | 1 fs/f2fs/segment.c | 4 fs/fat/nfs.c | 6 fs/fuse/dir.c | 6 fs/fuse/file.c | 8 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/nfs/direct.c | 11 fs/nfs/read.c | 2 fs/nfs/write.c | 2 fs/nfsd/trace.h | 2 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/smb/client/cached_dir.c | 3 fs/smb/client/cifs_debug.c | 2 fs/smb/client/cifsglob.h | 4 fs/smb/client/cifsproto.h | 6 fs/smb/client/connect.c | 6 fs/smb/client/file.c | 8 fs/smb/client/fs_context.c | 27 - fs/smb/client/inode.c | 13 fs/smb/client/readdir.c | 2 fs/smb/client/sess.c | 4 fs/smb/client/smb2ops.c | 2 fs/smb/client/smb2pdu.c | 10 fs/smb/server/smb2misc.c | 26 - fs/smb/server/smb2pdu.c | 228 +++++--- fs/smb/server/smb_common.c | 11 fs/smb/server/vfs.c | 12 fs/ubifs/dir.c | 2 fs/ubifs/file.c | 13 include/drm/drm_bridge.h | 33 + include/drm/drm_modeset_helper_vtables.h | 3 include/drm/ttm/ttm_tt.h | 9 include/linux/cpufreq.h | 15 include/linux/framer/framer.h | 4 include/linux/intel_rapl.h | 6 include/linux/intel_tcc.h | 2 include/linux/interrupt.h | 3 include/linux/libata.h | 1 include/linux/lsm_hook_defs.h | 4 include/linux/mman.h | 8 include/linux/mtd/spinand.h | 2 include/linux/nfs_fs.h | 1 include/linux/oid_registry.h | 4 include/linux/phy/tegra/xusb.h | 1 include/linux/ring_buffer.h | 4 include/linux/security.h | 8 include/linux/serial_core.h | 3 include/linux/skbuff.h | 10 include/linux/syscalls.h | 6 include/linux/trace_events.h | 5 include/linux/vfio.h | 2 include/media/media-entity.h | 2 include/net/cfg80211.h | 2 include/net/cfg802154.h | 1 include/scsi/scsi_driver.h | 1 include/scsi/scsi_host.h | 1 include/uapi/linux/btrfs.h | 1 init/initramfs.c | 2 io_uring/futex.c | 1 io_uring/io_uring.c | 5 io_uring/net.c | 5 io_uring/poll.c | 19 io_uring/rw.c | 4 io_uring/waitid.c | 7 kernel/bounds.c | 2 kernel/crash_core.c | 8 kernel/dma/swiotlb.c | 35 - kernel/entry/common.c | 8 kernel/irq/manage.c | 9 kernel/module/Kconfig | 5 kernel/power/suspend.c | 1 kernel/printk/printk.c | 27 - kernel/sys.c | 7 kernel/time/posix-clock.c | 16 kernel/trace/ring_buffer.c | 161 +++--- kernel/trace/trace.c | 43 + kernel/workqueue.c | 2 lib/pci_iomap.c | 2 mm/filemap.c | 16 mm/kasan/kasan_test.c | 3 mm/memtest.c | 4 mm/shmem_quota.c | 10 mm/swapfile.c | 13 mm/zswap.c | 8 net/bluetooth/hci_core.c | 6 net/bluetooth/hci_sync.c | 5 net/ipv4/esp4.c | 8 net/ipv6/esp6.c | 8 net/mac80211/cfg.c | 7 net/mac80211/ieee80211_i.h | 2 net/mac80211/rate.c | 2 net/mac80211/sta_info.h | 6 net/mac80211/vht.c | 46 - net/mac802154/llsec.c | 18 net/netfilter/nf_tables_api.c | 3 net/wireless/wext-core.c | 7 scripts/Makefile.extrawarn | 2 security/apparmor/lsm.c | 4 security/landlock/syscalls.c | 18 security/lsm_syscalls.c | 10 security/security.c | 20 security/selinux/hooks.c | 4 security/smack/smack_lsm.c | 16 sound/pci/hda/tas2781_hda_i2c.c | 83 +-- sound/sh/aica.c | 17 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/amd/yc/pci-acp6x.c | 1 tools/include/linux/btf_ids.h | 2 tools/testing/selftests/lsm/common.h | 6 tools/testing/selftests/lsm/lsm_get_self_attr_test.c | 10 tools/testing/selftests/lsm/lsm_list_modules_test.c | 8 tools/testing/selftests/lsm/lsm_set_self_attr_test.c | 6 tools/testing/selftests/mm/gup_test.c | 2 tools/testing/selftests/mm/soft-dirty.c | 2 tools/testing/selftests/mm/split_huge_page_test.c | 2 tools/testing/selftests/mm/uffd-common.c | 3 tools/testing/selftests/mm/uffd-common.h | 2 tools/testing/selftests/mm/uffd-unit-tests.c | 13 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/wireguard/qemu/arch/riscv32.config | 1 tools/testing/selftests/wireguard/qemu/arch/riscv64.config | 1 virt/kvm/async_pf.c | 31 + 481 files changed, 4772 insertions(+), 2551 deletions(-) Adamos Ttofari (1): x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Akira Yokosawa (2): docs: Restore "smart quotes" for quotes docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than htmldocs Alan Stern (3): USB: core: Fix deadlock in usb_deauthorize_interface() USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in port "disable" sysfs attribute Aleksandrs Vinarskis (2): mfd: intel-lpss: Switch to generalized quirk table mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 Alex Williamson (7): vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio/platform: Disable virqfds on cleanup vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler Alexander Aring (1): dlm: fix user space lkb refcounting Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Sverdlin (1): mfd: twl: Select MFD_CORE Alison Schofield (1): cxl/trace: Properly initialize cxl_poison region name Allen Pan (1): drm/amd/display: Add a dc_state NULL check in dc_state_release Alvin Lee (1): drm/amd/display: Remove pixle rate limit for subvp Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Anand Jain (2): btrfs: do not skip re-registration for the mounted device btrfs: validate device maj:min during open André Rösti (1): entry: Respect changes to system call number by trace_sys_enter() Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Ard Biesheuvel (6): x86/efistub: Call mixed mode boot services on the firmware's stack x86/sev: Fix position dependent variable references in startup code ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores x86/efistub: Add missing boot_params for mixed mode compat entry efi/libstub: Cast away type warning in use of max() x86/efistub: Reinstate soft limit for initrd loading Arend van Spriel (2): wifi: brcmfmac: avoid invalid list operation when vendor attach fails wifi: brcmfmac: add per-vendor feature detection callback Aric Cyr (1): drm/amd/display: Unify optimize_required flags and VRR adjustments Arnd Bergmann (2): kasan/test: avoid gcc warning for intentional overflow staging: vc04_services: changen strncpy() to strscpy_pad() Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Audra Mitchell (1): workqueue: Shorten events_freezable_power_efficient name Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Baokun Li (1): ext4: correct best extent lstart adjustment logic Baoquan He (1): crash: use macro to add crashk_res into iomem early for specific arch Bart Van Assche (1): Revert "block/mq-deadline: use correct way to throttling write requests" Benjamin Coddington (1): NFS: Read unlock folio on nfs_page_create_from_folio() error Bernd Schubert (1): fuse: fix VM_MAYSHARE and direct_io_allow_mmap Bharath SM (1): cifs: prevent updating file size from server if we have a read/write lease Biju Das (4): irqchip/renesas-rzg2l: Flush posted write in irq_eoi() irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Bikash Hazarika (1): scsi: qla2xxx: Update manufacturer detail Bitterblue Smith (1): wifi: rtw88: 8821cu: Fix connection failure Borislav Petkov (AMD) (3): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT x86/bugs: Fix the SRSO mitigation on Zen3/4 Breno Leitao (1): x86/nmi: Fix the inverse "in NMI handler" check Brett Creeley (2): vfio/pds: Always clear the save/restore FDs on reset vfio/pds: Make sure migration file isn't accessed after reset Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Carlos Maiolino (1): tmpfs: fix race on handling dquot rbtree Casey Schaufler (1): lsm: use 32-bit compatible data types in LSM syscalls Chris Bainbridge (1): drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau Chris Park (1): drm/amd/display: Prevent crash when disable stream Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (4): usb: typec: ucsi: Clear EVENT_PENDING under PPM lock usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi_acpi: Refactor and fix DELL quirk usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christian Marangi (2): leds: trigger: netdev: Fix kernel panic on interface rename trig notify net: phy: qcom: at803x: fix kernel panic with at8031_probe Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API ChunTao Tso (1): drm/amd/display: Amend coasting vtotal for replay low hz Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Damian Muszynski (2): crypto: qat - change SLAs cleanup flow at shutdown crypto: qat - resolve race condition during AER recovery Damien Le Moal (3): block: Clear zone limits for a non-zoned stacked queue block: Do not force full zone append completion in req_bio_endio() scsi: sd: Fix TCG OPAL unlock on system resume Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Lezcano (1): Revert "thermal: core: Don't update trip points inside the hysteresis range" Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Hansen (1): Revert "x86/bugs: Use fixed addressing for VERW operand" David Hildenbrand (1): virtio: reenable config if freezing device failed David Sterba (5): btrfs: replace sb::s_blocksize by fs_info::sectorsize btrfs: add helpers to get inode from page/folio pointers btrfs: add helpers to get fs_info from page/folio pointers btrfs: add helper to get fs_info from struct inode pointer btrfs: handle errors returned from unpin_extent_cache() David Woodhouse (1): KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Dillon Varone (1): drm/amd/display: Init DPPCLK from SMU on dcn32 Dmitry Baryshkov (1): scsi: ufs: qcom: Provide default cycles_in_1us value Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Dragos Tatulea (1): net: esp: fix bad handling of pages from page_pool Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (2): nouveau/dmem: handle kcalloc() allocation failure ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edward Liaw (2): selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM selftests/mm: fix ARM related issue with fork after pthread_create Eric Biggers (1): Revert "crypto: pkcs7 - remove sha1 support" Eric Huang (1): drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Eugene Korenevsky (1): cifs: open_cached_dir(): add FILE_READ_EA to desired access Ezra Buehler (1): mtd: spinand: Add support for 5-byte IDs Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (3): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() btrfs: fix warning messages not printing interval at unpin_extent_range() btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache() Frank Wunderlich (1): thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Gabor Juhos (7): clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays George Shen (1): drm/amd/display: Remove MPC rate control logic from DCN30 and above Gergo Koteles (2): ALSA: hda/tas2781: remove digital gain kcontrol ALSA: hda/tas2781: add locks to kcontrols Greg Kroah-Hartman (1): Linux 6.8.3 Guenter Roeck (5): parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (2): media: xc4000: Fix atomicity violation in xc4000_get_frequency md/raid5: fix atomicity violation in raid5_cache_count Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Hamza Mahfooz (1): drm/amd/display: fix IPX enablement Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harry Wentland (1): Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Hector Martin (2): wifi: brcmfmac: cfg80211: Use WSEC to set SAE password wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Heikki Krogerus (1): usb: dwc3: pci: Drop duplicate ID Heming Zhao (1): md/md-bitmap: fix incorrect usage for sb_index Herve Codina (1): net: wan: framer: Add missing static inline qualifiers Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Huacai Chen (2): LoongArch: Change __my_cpu_offset definition to avoid mis-optimization LoongArch: Define the __io_aw() hook as mmiowb() Hugo Villeneuve (1): serial: max310x: fix NULL pointer dereference in I2C instantiation Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (9): drm/probe-helper: warn about negative .get_modes() drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() drm/bridge: add ->edid_read hook and drm_bridge_edid_read() drm/bridge: lt8912b: use drm_bridge_edid_read() drm/bridge: lt8912b: clear the EDID property on failures drm/bridge: lt8912b: do not return negative values from .get_modes() Janusz Krzysztofik (2): drm/i915/hwmon: Fix locking inversion in sysfs getter drm/i915/vma: Fix UAF on destroy against retire race Jason A. Donenfeld (3): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Jens Axboe (4): io_uring/net: correctly handle multishot recvmsg retry setup io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry io_uring/futex: always remove futex entry for cancel all io_uring/waitid: always remove waitid entry for cancel all Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jiawei Wang (2): ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" ASoC: amd: yc: Revert "add new YC platform variant (0x63) support" Joakim Zhang (1): remoteproc: virtio: Fix wdg cannot recovery remote processor Jocelyn Falempe (1): drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Johan Hovold (1): PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p Johannes Berg (6): wifi: mac80211: track capability/opmode NSS separately debugfs: fix wait/cancellation handling during remove wifi: cfg80211: add a flag to disable wireless extensions wifi: iwlwifi: mvm: disable MLO for the time being wifi: iwlwifi: fw: don't always use FW dump trig wifi: iwlwifi: mvm: handle debugfs names more carefully Johannes Thumshirn (3): btrfs: zoned: don't skip block groups with 100% zone unusable btrfs: zoned: use zone aware sb location for scrub btrfs: zoned: fix use-after-free in do_zone_finish() Johannes Weiner (3): mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion mm: cachestat: fix two shmem bugs drm/amdgpu: fix deadlock while reading mqd from debugfs John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Jonas Gorski (1): serial: core: only stop transmit when HW fifo is empty Jonathon Hall (1): drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Josef Bacik (1): nfs: fix UAF in direct writes Josip Pavic (1): drm/amd/display: Allow dirty rects to be sent to dmub when abm is active Josua Mayer (1): hwmon: (amc6821) add of_match table KONDO KAZUMA(近藤　和真) (1): efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Kevin Loughlin (1): x86/sev: Skip ROM range scans and validation for SEV-SNP guests Krishna Kurapati (1): usb: typec: ucsi: Fix race between typec_switch and role_switch Krishna chaitanya chundru (1): arm64: dts: qcom: sc7280: Add additional MSI interrupts Krzysztof Kozlowski (4): arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name Kyle Tso (3): usb: typec: tcpm: Correct port source pdo array in pd_set callback usb: typec: tcpm: Update PD of Type-C port upon pd_set usb: typec: Return size of buffer if pd_set operation succeeds Laurent Pinchart (6): media: mc: Add local pad to pipeline regardless of the link state media: mc: Fix flags handling when creating pad links media: mc: Add num_links flag to media_pad media: mc: Rename pad variable to clarify intent media: mc: Expand MUST_CONNECT flag to always require an enabled link media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Ley Foon Tan (1): clocksource/drivers/timer-riscv: Clear timer interrupt on timer initialization Li Lingfeng (1): md: use RCU lock to protect traversal in md_spares_need_change() Liming Sun (1): sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Lino Sanfilippo (1): tpm,tpm_tis: Avoid warning splat at shutdown Linus Torvalds (1): Fix memory leak in posix_clock_open() Luiz Augusto von Dentz (1): Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Ma Jun (2): drm/amdgpu/pm: Fix NULL pointer dereference when get power limit drm/amdgpu/pm: Check the validity of overdiver power limit Manivannan Sadhasivam (1): PCI: qcom: Enable BDF to SID translation properly Marcel Ziswiler (1): Bluetooth: btnxpuart: Fix btnxpuart_close Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Marek Vasut (1): media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Mario Limonciello (1): drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Marios Makassikis (2): ksmbd: replace generic_fillattr with vfs_getattr ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Martin Blumenstingl (1): clocksource/drivers/arm_global_timer: Fix maximum prescaler value Masami Hiramatsu (Google) (1): kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Matthew Auld (1): drm/xe/query: fix gt_id bounds check Matthew Wilcox (Oracle) (3): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place btrfs: add set_folio_extent_mapped() helper Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (1): ext4: fix corruption during on-line resize Michael Ellerman (3): powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core powerpc/smp: Increase nr_cpu_ids to include the boot CPU powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (1): PCI: hv: Fix ring buffer size calculation Mickaël Salaün (1): landlock: Warn once if a Landlock action is requested while disabled Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (3): fuse: replace remaining make_bad_inode() with fuse_make_bad() fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (5): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: Fix exiting from clock gating usb: dwc2: gadget: LPM flow fix Miquel Raynal (4): mtd: rawnand: Fix and simplify again the continuous read derivations mtd: rawnand: Add a helper for calculating a page index mtd: rawnand: Ensure all continuous terms are always in sync mtd: rawnand: Constrain even more when continuous reads are enabled Muhammad Usama Anjum (2): scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() scsi: lpfc: Correct size for wqe for memset() Namjae Jeon (2): ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() ksmbd: fix potencial out-of-bounds when buffer offset is invalid Natanael Copa (1): tools/resolve_btfids: fix build with musl libc Nathan Chancellor (3): powerpc: xor_vmx: Add '-mhard-float' to CFLAGS kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 hexagon: vmlinux.lds.S: handle attributes section Nicholas Kazlauskas (2): drm/amd/display: Fix idle check for shared firmware state drm/amd/display: Add more checks for exiting idle in DC Nick Morrow (1): wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Nicolin Chen (1): iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Oleksandr Tymoshenko (1): efi: fix panic in kdump kernel Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (1): netfilter: nf_tables: reject constant set with timeout Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Paul Moore (1): lsm: handle the NULL buffer case in lsm_fill_user_ctx() Pavel Begunkov (4): io_uring: fix mshot read defer taskrun cqe posting io_uring: fix io_queue_proc modifying req->flags io_uring: fix mshot io-wq checks io_uring: clean rings on NO_MMAP alloc fail Pawan Gupta (1): x86/bugs: Use fixed addressing for VERW operand Peter Collingbourne (1): serial: Lock console when calling into driver before registration Philip Yang (1): drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Philipp Stanner (1): pci_iounmap(): Fix MMIO mapping leak Prashanth K (1): usb: xhci: Add error handling in xhci_map_urb_for_dma Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Qu Wenruo (2): btrfs: qgroup: always free reserved space for extent records btrfs: qgroup: validate btrfs_qgroup_inherit parameter Quentin Schulz (2): iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 iio: adc: rockchip_saradc: use mask for write_enable bitfield Quinn Tran (6): scsi: qla2xxx: Prevent command send on chip reset scsi: qla2xxx: Fix N2N stuck connection scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: NVME|FCP prefer flag not being honored scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error Rafael J. Wysocki (2): PCI/PM: Drain runtime-idle callbacks before driver removal genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Roger Quadros (2): usb: dwc3-am62: fix module unload/reload behavior usb: dwc3-am62: Disable wakeup at remove Romain Naour (1): mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Roman Li (1): drm/amd/display: Fix bounds check for dcn35 DcfClocks Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Sam Ravnborg (1): sparc32: Fix parport build with sparc32 Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Saurav Kashyap (3): scsi: qla2xxx: Fix double free of the ha->vp_map pointer scsi: qla2xxx: Fix double free of fcport scsi: qla2xxx: Change debug message during driver unload Sean Anderson (2): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (1): KVM: Always flush async #PF workqueue when vCPU is being destroyed SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Shivnandan Kumar (1): cpufreq: Limit resolving a frequency to policy min/max Shyam Prasad N (2): cifs: make sure server interfaces are requested only for SMB3+ cifs: reduce warning log level for server not advertising interfaces Sohaib Nadeem (1): drm/amd/display: Override min required DCFCLK in dml1_validate Song Liu (1): Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" Srinivas Pandruvada (1): platform/x86/intel/tpmi: Change vsec offset to u64 Srinivasan Shanmugam (1): drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Steve French (1): cifs: allow changing password during remount Steven Rostedt (Google) (8): ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix full_waiters_pending in poll ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() tracing/ring-buffer: Fix wait_on_pipe() race NFSD: Fix nfsd_clid_class use of __string_len() macro drm/i915: Add missing ; to __assign_str() macros in tracepoint code net: hns3: tracing: fix hclgevf trace event strings ring-buffer: Make wake once of ring_buffer_wait() more robust Sunmin Jeong (2): f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag f2fs: truncate page cache before clearing flags when aborting atomic write Swapnil Patel (1): drm/amd/display: Change default size for dummy plane in DML2 Tavian Barnes (1): btrfs: fix race in read_extent_buffer_pages() Thinh Nguyen (1): usb: dwc3: Properly set system wakeup Thomas Gleixner (1): x86/mpparse: Register APIC address only once Thomas Zimmermann (1): fbdev: Select I/O-memory framebuffer ops for SBus Tom Zanussi (1): crypto: iaa - Fix nr_cpus < nr_iaa case Tony Battersby (1): block: Fix page refcounts for unaligned buffers in __bio_release_pages() Tor Vic (1): cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Ville Syrjälä (9): drm/i915: Replace a memset() with zero initialization drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports drm/i915: Include the PLL name in the debug messages drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() drm/i915/vrr: Generate VRR "safe window" for DSB drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly drm/i915/dsb: Fix DSB vblank waits when using VRR drm/i915: Pre-populate the cursor physical dma address Vitaly Chikunov (1): selftests/mm: Fix build with _FORTIFY_SOURCE Vitaly Prosyak (2): drm/amdgpu: fix use-after-free bug drm/sched: fix null-ptr-deref in init entity Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Weitao Wang (1): USB: UAS: return ENODEV when submit urbs fail with device not attached Wenjing Liu (4): drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane drm/amd/display: Lock all enabled otg pipes even with no planes drm/amd/display: Implement wait_for_odm_update_pending_complete drm/amd/display: Revert Remove pixle rate limit for subvp Will Deacon (3): swiotlb: Fix double-allocation of slots due to broken alignment handling swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() swiotlb: Fix alignment checks when both allocation and DMA masks are present Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Xi Liu (1): drm/amd/display: Set DCN351 BB and IP the same as DCN35 Xingui Yang (2): scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() scsi: libsas: Fix disk not being scanned in after being removed Xu Yang (1): usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() Ye Zhang (1): thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Yongqiang Liu (1): ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Yongzhi Liu (1): usb: misc: ljca: Fix double free in error handling path Yu Kuai (9): md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume md: export helpers to stop sync_thread md: export helper md_is_rdwr() md: add a new helper reshape_interrupted() dm-raid: really frozen sync_thread during suspend md/dm-raid: don't call md_reap_sync_thread() directly dm-raid: add a new helper prepare_suspend() in md_personality dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape dm-raid: fix lockdep waring in "pers->hot_add_disk" Yuli Wang (1): LoongArch/crypto: Clean up useless assignment operations Zack Rusin (4): drm/vmwgfx: Unmap the surface before resetting it on a plane state drm/vmwgfx: Fix possible null pointer derefence with invalid contexts drm/vmwgfx: Fix the lifetime of the bo cursor memory drm/ttm: Make sure the mapped tt pages are decrypted when needed Zev Weiss (2): prctl: generalize PR_SET_MDWE support check to be per-arch ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Zhang Rui (5): thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature powercap: intel_rapl: Fix a NULL pointer dereference powercap: intel_rapl: Fix locking in TPMI RAPL powercap: intel_rapl_tpmi: Fix a register bug powercap: intel_rapl_tpmi: Fix System Domain probing Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zhihao Cheng (1): ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Zoltan HERPAI (1): pwm: img: fix pwm clock lookup yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 5 months

1
1
0 0

Linux 6.6.24

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.24 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 4 Documentation/arch/x86/amd-memory-encryption.rst | 16 Documentation/conf.py | 6 Documentation/userspace-api/media/mediactl/media-types.rst | 11 Makefile | 2 arch/arm/Kconfig | 4 arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 arch/arm/configs/imx_v6_v7_defconfig | 1 arch/arm/include/asm/mman.h | 14 arch/arm/kernel/Makefile | 2 arch/arm/kernel/iwmmxt.S | 51 - arch/arm/kernel/pj4-cp0.c | 135 ----- arch/arm/mm/flush.c | 3 arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/loongarch/crypto/crc32-loongarch.c | 2 arch/loongarch/include/asm/Kbuild | 1 arch/loongarch/include/asm/io.h | 2 arch/loongarch/include/asm/percpu.h | 7 arch/loongarch/include/asm/qspinlock.h | 18 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/parisc/include/asm/mman.h | 14 arch/parisc/kernel/unaligned.c | 27 - arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/kernel/prom.c | 12 arch/powerpc/lib/Makefile | 2 arch/sparc/include/asm/parport.h | 259 ---------- arch/sparc/include/asm/parport_64.h | 256 +++++++++ arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 13 arch/x86/boot/compressed/efi_mixed.S | 29 - arch/x86/coco/core.c | 7 arch/x86/include/asm/asm.h | 14 arch/x86/include/asm/coco.h | 8 arch/x86/include/asm/mem_encrypt.h | 15 arch/x86/include/asm/sev.h | 4 arch/x86/include/asm/suspend_32.h | 10 arch/x86/include/asm/x86_init.h | 3 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/eisa.c | 3 arch/x86/kernel/fpu/xstate.c | 5 arch/x86/kernel/fpu/xstate.h | 14 arch/x86/kernel/kprobes/core.c | 11 arch/x86/kernel/mpparse.c | 10 arch/x86/kernel/nmi.c | 2 arch/x86/kernel/probe_roms.c | 10 arch/x86/kernel/setup.c | 3 arch/x86/kernel/sev-shared.c | 12 arch/x86/kernel/sev.c | 31 - arch/x86/kernel/x86_init.c | 2 arch/x86/kvm/cpuid.c | 21 arch/x86/kvm/lapic.c | 5 arch/x86/kvm/reverse_cpuid.h | 35 - arch/x86/kvm/svm/sev.c | 23 arch/x86/kvm/x86.c | 10 arch/x86/kvm/xen.c | 2 arch/x86/kvm/xen.h | 18 arch/x86/mm/mem_encrypt_amd.c | 18 arch/x86/mm/mem_encrypt_identity.c | 38 - block/bio.c | 7 block/blk-mq.c | 9 block/blk-settings.c | 4 block/mq-deadline.c | 3 drivers/accessibility/speakup/synth.c | 4 drivers/ata/ahci.c | 5 drivers/ata/libata-eh.c | 5 drivers/ata/libata-scsi.c | 9 drivers/base/power/wakeirq.c | 4 drivers/bluetooth/btnxpuart.c | 3 drivers/char/tpm/tpm_tis_core.c | 3 drivers/clk/qcom/gcc-ipq5018.c | 3 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-ipq9574.c | 1 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/clocksource/arm_global_timer.c | 2 drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 34 - drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 4 drivers/cxl/core/trace.h | 14 drivers/firewire/ohci.c | 2 drivers/firmware/efi/efi.c | 2 drivers/firmware/efi/libstub/randomalloc.c | 2 drivers/firmware/efi/libstub/x86-stub.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c | 20 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 49 + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 17 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/display/modules/info_packet/info_packet.c | 13 drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 drivers/gpu/drm/drm_bridge.c | 46 + drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/drm_probe_helper.c | 7 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/display/icl_dsi.c | 3 drivers/gpu/drm/i915/display/intel_bios.c | 46 + drivers/gpu/drm/i915/display/intel_display_power_well.c | 17 drivers/gpu/drm/i915/display/intel_display_trace.h | 6 drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 2 drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 3 drivers/gpu/drm/i915/i915_hwmon.c | 37 - drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1 drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 drivers/gpu/drm/nouveau/nouveau_gem.c | 2 drivers/gpu/drm/nouveau/nvkm/core/client.c | 1 drivers/gpu/drm/nouveau/nvkm/core/object.c | 26 - drivers/gpu/drm/ttm/ttm_bo_util.c | 13 drivers/gpu/drm/ttm/ttm_tt.c | 13 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 drivers/hwmon/amc6821.c | 11 drivers/i2c/busses/i2c-i801.c | 4 drivers/iio/accel/adxl367.c | 8 drivers/iio/accel/adxl367_i2c.c | 2 drivers/iio/adc/rockchip_saradc.c | 6 drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 5 drivers/input/joystick/xpad.c | 6 drivers/iommu/dma-iommu.c | 9 drivers/irqchip/irq-renesas-rzg2l.c | 93 ++- drivers/leds/trigger/ledtrig-netdev.c | 4 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/md/md-bitmap.c | 9 drivers/md/raid5.c | 14 drivers/media/mc/mc-entity.c | 93 ++- drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 drivers/media/tuners/xc4000.c | 4 drivers/misc/fastrpc.c | 10 drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/block.c | 14 drivers/mmc/host/sdhci-of-dwcmshc.c | 28 - drivers/mmc/host/sdhci-omap.c | 3 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/nand/raw/nand_base.c | 46 + drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c | 15 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 60 -- drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c | 33 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 33 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c | 16 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 8 drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 12 drivers/net/wireless/realtek/rtw88/mac.c | 7 drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 40 + drivers/nvmem/meson-efuse.c | 25 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/controller/dwc/pcie-qcom.c | 10 drivers/pci/controller/pci-hyperv.c | 3 drivers/pci/pci-driver.c | 7 drivers/pci/pcie/err.c | 20 drivers/pci/quirks.c | 2 drivers/phy/tegra/xusb.c | 13 drivers/platform/x86/intel/tpmi.c | 9 drivers/powercap/intel_rapl_common.c | 34 + drivers/powercap/intel_rapl_msr.c | 8 drivers/powercap/intel_rapl_tpmi.c | 15 drivers/pwm/pwm-img.c | 4 drivers/remoteproc/remoteproc_virtio.c | 6 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/libsas/sas_expander.c | 51 + drivers/scsi/lpfc/lpfc_bsg.c | 4 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_init.c | 128 ++-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_os.c | 3 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/scsi/scsi_scan.c | 34 + drivers/scsi/sd.c | 23 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 25 drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/tee/optee/device.c | 3 drivers/thermal/devfreq_cooling.c | 2 drivers/thermal/intel/int340x_thermal/processor_thermal_device.c | 8 drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c | 8 drivers/thermal/intel/intel_tcc.c | 12 drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 drivers/thermal/mediatek/auxadc_thermal.c | 3 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/imx.c | 22 drivers/tty/serial/max310x.c | 7 drivers/tty/serial/qcom_geni_serial.c | 10 drivers/tty/serial/serial_core.c | 12 drivers/tty/serial/serial_port.c | 25 drivers/tty/vt/vt.c | 2 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 43 + drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 drivers/usb/dwc2/hcd.c | 49 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/dwc2/platform.c | 2 drivers/usb/dwc3/core.c | 2 drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/dwc3-am62.c | 13 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/dwc3/gadget.c | 10 drivers/usb/dwc3/host.c | 11 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 39 - drivers/usb/host/xhci-ring.c | 8 drivers/usb/host/xhci.c | 2 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/storage/uas.c | 28 - drivers/usb/typec/altmodes/displayport.c | 18 drivers/usb/typec/class.c | 7 drivers/usb/typec/tcpm/tcpm.c | 7 drivers/usb/typec/ucsi/ucsi.c | 46 + drivers/usb/typec/ucsi/ucsi.h | 4 drivers/usb/typec/ucsi/ucsi_acpi.c | 75 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 drivers/vfio/pci/pds/lm.c | 13 drivers/vfio/pci/pds/lm.h | 1 drivers/vfio/pci/pds/vfio_dev.c | 4 drivers/vfio/pci/vfio_pci_intrs.c | 176 ++++-- drivers/vfio/platform/vfio_platform_irq.c | 105 ++-- drivers/vfio/virqfd.c | 21 drivers/virtio/virtio.c | 10 fs/aio.c | 8 fs/btrfs/block-group.c | 3 fs/btrfs/extent_io.c | 75 ++ fs/btrfs/qgroup.c | 10 fs/btrfs/scrub.c | 12 fs/btrfs/volumes.c | 2 fs/dlm/user.c | 10 fs/exec.c | 1 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/f2fs/f2fs.h | 1 fs/f2fs/segment.c | 4 fs/fat/nfs.c | 6 fs/fuse/dir.c | 6 fs/fuse/file.c | 8 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/nfs/direct.c | 11 fs/nfs/read.c | 2 fs/nfs/write.c | 2 fs/nfsd/trace.h | 2 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/smb/client/cached_dir.c | 3 fs/smb/client/cifs_debug.c | 2 fs/smb/client/cifsglob.h | 5 fs/smb/client/cifsproto.h | 8 fs/smb/client/connect.c | 10 fs/smb/client/file.c | 8 fs/smb/client/fs_context.c | 27 - fs/smb/client/inode.c | 17 fs/smb/client/readdir.c | 133 ++--- fs/smb/client/sess.c | 45 - fs/smb/client/smb2ops.c | 2 fs/smb/client/smb2pdu.c | 10 fs/smb/server/smb2pdu.c | 180 ++++-- fs/smb/server/smb_common.c | 11 fs/smb/server/vfs.c | 12 fs/ubifs/file.c | 13 fs/xfs/libxfs/xfs_ag.c | 36 + fs/xfs/libxfs/xfs_ag.h | 2 fs/xfs/libxfs/xfs_attr.c | 6 fs/xfs/libxfs/xfs_bmap.c | 75 +- fs/xfs/libxfs/xfs_btree_staging.c | 4 fs/xfs/libxfs/xfs_btree_staging.h | 6 fs/xfs/libxfs/xfs_da_btree.c | 7 fs/xfs/libxfs/xfs_defer.c | 105 ++-- fs/xfs/libxfs/xfs_defer.h | 5 fs/xfs/libxfs/xfs_format.h | 2 fs/xfs/libxfs/xfs_log_recover.h | 5 fs/xfs/libxfs/xfs_rtbitmap.c | 2 fs/xfs/libxfs/xfs_rtbitmap.h | 83 +++ fs/xfs/libxfs/xfs_sb.c | 20 fs/xfs/libxfs/xfs_sb.h | 2 fs/xfs/libxfs/xfs_types.h | 13 fs/xfs/scrub/common.c | 6 fs/xfs/scrub/common.h | 25 fs/xfs/scrub/fscounters.c | 2 fs/xfs/scrub/inode.c | 8 fs/xfs/scrub/reap.c | 2 fs/xfs/scrub/rtbitmap.c | 3 fs/xfs/scrub/rtsummary.c | 3 fs/xfs/scrub/trace.h | 3 fs/xfs/xfs_attr_item.c | 23 fs/xfs/xfs_bmap_item.c | 14 fs/xfs/xfs_buf.c | 44 + fs/xfs/xfs_buf.h | 1 fs/xfs/xfs_extfree_item.c | 14 fs/xfs/xfs_fsmap.c | 2 fs/xfs/xfs_fsops.c | 9 fs/xfs/xfs_inode_item.c | 3 fs/xfs/xfs_log.c | 1 fs/xfs/xfs_log_priv.h | 1 fs/xfs/xfs_log_recover.c | 118 ++-- fs/xfs/xfs_refcount_item.c | 13 fs/xfs/xfs_rmap_item.c | 14 fs/xfs/xfs_rtalloc.c | 14 fs/xfs/xfs_rtalloc.h | 73 -- fs/xfs/xfs_trans.h | 4 include/drm/drm_bridge.h | 33 + include/drm/drm_modeset_helper_vtables.h | 3 include/drm/ttm/ttm_tt.h | 9 include/linux/cpu.h | 2 include/linux/cpufreq.h | 15 include/linux/gfp.h | 9 include/linux/hyperv.h | 22 include/linux/intel_rapl.h | 6 include/linux/intel_tcc.h | 2 include/linux/libata.h | 1 include/linux/mman.h | 8 include/linux/mtd/spinand.h | 2 include/linux/nfs_fs.h | 1 include/linux/phy/tegra/xusb.h | 1 include/linux/ring_buffer.h | 1 include/linux/serial_core.h | 3 include/linux/skbuff.h | 10 include/linux/vfio.h | 2 include/media/media-entity.h | 2 include/net/cfg80211.h | 2 include/net/cfg802154.h | 1 include/scsi/scsi_driver.h | 1 include/scsi/scsi_host.h | 1 include/uapi/linux/snmp.h | 3 init/Kconfig | 6 init/initramfs.c | 2 io_uring/io_uring.c | 5 io_uring/net.c | 5 kernel/bounds.c | 2 kernel/cgroup/cpuset.c | 2 kernel/dma/swiotlb.c | 35 - kernel/entry/common.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 27 - kernel/sched/core.c | 38 - kernel/sys.c | 7 kernel/trace/ring_buffer.c | 233 +++++--- kernel/trace/trace.c | 21 kernel/workqueue.c | 2 lib/pci_iomap.c | 2 mm/compaction.c | 7 mm/filemap.c | 16 mm/kasan/kasan_test.c | 3 mm/memtest.c | 4 mm/mmap.c | 10 mm/page_alloc.c | 10 mm/shmem_quota.c | 10 mm/swapfile.c | 13 mm/vmscan.c | 5 net/bluetooth/hci_core.c | 6 net/bluetooth/hci_sync.c | 5 net/ipv4/esp4.c | 8 net/ipv4/ip_output.c | 2 net/ipv4/proc.c | 3 net/ipv6/esp6.c | 8 net/ipv6/ip6_output.c | 6 net/ipv6/mcast.c | 5 net/ipv6/ndisc.c | 2 net/ipv6/proc.c | 3 net/ipv6/raw.c | 2 net/mac80211/cfg.c | 5 net/mac802154/llsec.c | 18 net/netfilter/nf_tables_api.c | 7 net/wireless/wext-core.c | 7 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/landlock/syscalls.c | 18 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 13 sound/pci/hda/tas2781_hda_i2c.c | 83 +-- sound/sh/aica.c | 17 sound/soc/amd/yc/acp6x-mach.c | 7 tools/include/linux/btf_ids.h | 2 tools/perf/builtin-top.c | 4 tools/testing/selftests/mm/gup_test.c | 67 +- tools/testing/selftests/mm/soft-dirty.c | 2 tools/testing/selftests/mm/split_huge_page_test.c | 2 tools/testing/selftests/mm/uffd-common.c | 3 tools/testing/selftests/mm/uffd-common.h | 2 tools/testing/selftests/mm/uffd-unit-tests.c | 13 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/mptcp/diag.sh | 6 tools/testing/selftests/wireguard/qemu/arch/riscv32.config | 1 tools/testing/selftests/wireguard/qemu/arch/riscv64.config | 1 virt/kvm/async_pf.c | 31 + 440 files changed, 4308 insertions(+), 2478 deletions(-) Adamos Ttofari (1): x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Akira Yokosawa (1): docs: Restore "smart quotes" for quotes Alan Stern (4): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Fix deadlock in usb_deauthorize_interface() USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in port "disable" sysfs attribute Alex Deucher (1): drm/amd/display: handle range offsets in VRR ranges Alex Williamson (7): vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio/platform: Disable virqfds on cleanup vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger Alexander Aring (1): dlm: fix user space lkb refcounting Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Usyskin (2): mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID Alison Schofield (1): cxl/trace: Properly initialize cxl_poison region name Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrey Albershteyn (1): xfs: reset XFS_ATTR_INCOMPLETE filter on node removal Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Andrey Skvortsov (1): crypto: sun8i-ce - Fix use after free in unprepare André Rösti (1): entry: Respect changes to system call number by trace_sys_enter() Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Ard Biesheuvel (6): x86/efistub: Call mixed mode boot services on the firmware's stack x86/sev: Fix position dependent variable references in startup code ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores x86/efistub: Add missing boot_params for mixed mode compat entry efi/libstub: Cast away type warning in use of max() x86/efistub: Reinstate soft limit for initrd loading Arend van Spriel (2): wifi: brcmfmac: avoid invalid list operation when vendor attach fails wifi: brcmfmac: add per-vendor feature detection callback Arnd Bergmann (2): kasan/test: avoid gcc warning for intentional overflow staging: vc04_services: changen strncpy() to strscpy_pad() Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Audra Mitchell (1): workqueue: Shorten events_freezable_power_efficient name Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Badhri Jagan Sridharan (1): usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (2): Revert "block/mq-deadline: use correct way to throttling write requests" fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Benjamin Coddington (1): NFS: Read unlock folio on nfs_page_create_from_folio() error Bernd Schubert (1): fuse: fix VM_MAYSHARE and direct_io_allow_mmap Bharath SM (1): cifs: prevent updating file size from server if we have a read/write lease Biju Das (4): irqchip/renesas-rzg2l: Flush posted write in irq_eoi() irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Bikash Hazarika (1): scsi: qla2xxx: Update manufacturer detail Bitterblue Smith (1): wifi: rtw88: 8821cu: Fix connection failure Borislav Petkov (AMD) (2): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Breno Leitao (1): x86/nmi: Fix the inverse "in NMI handler" check Brett Creeley (2): vfio/pds: Always clear the save/restore FDs on reset vfio/pds: Make sure migration file isn't accessed after reset Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Carlos Maiolino (1): tmpfs: fix race on handling dquot rbtree Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (4): usb: typec: ucsi: Clear EVENT_PENDING under PPM lock usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi_acpi: Refactor and fix DELL quirk usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christian Marangi (1): leds: trigger: netdev: Fix kernel panic on interface rename trig notify Christoph Hellwig (1): xfs: consider minlen sized extents in xfs_rtallocate_extent_block Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Claudiu Beznea (2): irqchip/renesas-rzg2l: Implement restriction when writing ISCR register irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Cosmin Tanislav (2): iio: accel: adxl367: fix DEVID read after reset iio: accel: adxl367: fix I2C FIFO data register Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Damien Le Moal (3): block: Clear zone limits for a non-zoned stacked queue block: Do not force full zone append completion in req_bio_endio() scsi: sd: Fix TCG OPAL unlock on system resume Dan Carpenter (3): cifs: delete unnecessary NULL checks in cifs_chan_update_iface() cifs: make cifs_chan_update_iface() a void function staging: vc04_services: fix information leak in create_component() Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Darrick J. Wong (16): xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t xfs: don't leak recovered attri intent items xfs: use xfs_defer_pending objects to recover intent items xfs: pass the xfs_defer_pending object to iop_recover xfs: transfer recovered intent item ownership in ->iop_recover xfs: make rextslog computation consistent with mkfs xfs: fix 32-bit truncation in xfs_compute_rextslog xfs: don't allow overly small or large realtime volumes xfs: make xchk_iget safer in the presence of corrupt inode btrees xfs: remove unused fields from struct xbtree_ifakeroot xfs: recompute growfsrtfree transaction reservation while growing rt volume xfs: fix an off-by-one error in xreap_agextent_binval xfs: force all buffers to be written during btree bulk load xfs: add missing nrext64 inode flag check to scrub xfs: remove conditional building of rt geometry validator functions Dave Airlie (1): nouveau: lock the client object tree. Dave Chinner (1): xfs: initialise di_crc in xfs_log_dinode Dave Hansen (1): Revert "x86/bugs: Use fixed addressing for VERW operand" David Hildenbrand (1): virtio: reenable config if freezing device failed David Woodhouse (1): KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Douglas Anderson (1): Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()" Dragos Tatulea (1): net: esp: fix bad handling of pages from page_pool Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (2): nouveau/dmem: handle kcalloc() allocation failure ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edmund Raile (1): firewire: ohci: prevent leak of left-over IRQ on unbind Edward Liaw (2): selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM selftests/mm: fix ARM related issue with fork after pthread_create Ekansh Gupta (1): misc: fastrpc: Pass proper arguments to scm call Eric Huang (1): drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Eric Sandeen (1): xfs: short circuit xfs_growfs_data_private() if delta is zero Eugene Korenevsky (1): cifs: open_cached_dir(): add FILE_READ_EA to desired access Ezra Buehler (1): mtd: spinand: Add support for 5-byte IDs Fabio Estevam (1): ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Frank Wunderlich (1): thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Gabor Juhos (6): clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geliang Tang (1): selftests: mptcp: diag: return KSFT_FAIL not test_cnt George Shen (1): drm/amd/display: Disconnect phantom pipe OPP from OPTC being disabled Gergo Koteles (2): ALSA: hda/tas2781: remove digital gain kcontrol ALSA: hda/tas2781: add locks to kcontrols Greg Kroah-Hartman (1): Linux 6.6.24 Guenter Roeck (5): parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (2): media: xc4000: Fix atomicity violation in xc4000_get_frequency md/raid5: fix atomicity violation in raid5_cache_count Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Hans de Goede (1): misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harry Wentland (1): Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Hector Martin (2): wifi: brcmfmac: cfg80211: Use WSEC to set SAE password wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Heikki Krogerus (1): usb: dwc3: pci: Drop duplicate ID Heiner Kallweit (1): i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Heming Zhao (1): md/md-bitmap: fix incorrect usage for sb_index Heng Guo (1): net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. Herbert Xu (1): crypto: rk3288 - Fix use after free in unprepare Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Huacai Chen (2): LoongArch: Change __my_cpu_offset definition to avoid mis-optimization LoongArch: Define the __io_aw() hook as mmiowb() Hugo Villeneuve (1): serial: max310x: fix NULL pointer dereference in I2C instantiation Ilya Bakoulin (2): drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 drm/amd/display: Clear OPTC mem select on disable Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (9): drm/probe-helper: warn about negative .get_modes() drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() drm/bridge: add ->edid_read hook and drm_bridge_edid_read() drm/bridge: lt8912b: use drm_bridge_edid_read() drm/bridge: lt8912b: clear the EDID property on failures drm/bridge: lt8912b: do not return negative values from .get_modes() Janusz Krzysztofik (1): drm/i915/hwmon: Fix locking inversion in sysfs getter Jason A. Donenfeld (3): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Jean-Baptiste Maneyrol (2): iio: imu: inv_mpu6050: fix frequency setting when chip is off iio: imu: inv_mpu6050: fix FIFO parsing when empty Jeff Layton (1): server: convert to new timestamp accessors Jens Axboe (1): io_uring/net: correctly handle multishot recvmsg retry setup Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jiachen Zhang (1): xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real Jiawei Wang (1): ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Jim Mattson (2): KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace KVM: x86: Use a switch statement and macros in __feature_translate() Joakim Zhang (1): remoteproc: virtio: Fix wdg cannot recovery remote processor Jocelyn Falempe (1): drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Johan Hovold (1): arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed Johannes Berg (4): wifi: iwlwifi: pcie: fix RB status reading wifi: cfg80211: add a flag to disable wireless extensions wifi: iwlwifi: mvm: disable MLO for the time being wifi: iwlwifi: fw: don't always use FW dump trig Johannes Thumshirn (2): btrfs: zoned: don't skip block groups with 100% zone unusable btrfs: zoned: use zone aware sb location for scrub Johannes Weiner (2): mm: cachestat: fix two shmem bugs drm/amdgpu: fix deadlock while reading mqd from debugfs John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Jonas Gorski (1): serial: core: only stop transmit when HW fifo is empty Jonathon Hall (1): drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Josef Bacik (2): nfs: fix UAF in direct writes btrfs: fix deadlock with fiemap and extent locking Josua Mayer (1): hwmon: (amc6821) add of_match table KONDO KAZUMA(近藤　和真) (1): efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Kailang Yang (2): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Kamalesh Babulal (1): cgroup/cpuset: Fix retval in update_cpumask() Kan Liang (1): perf top: Use evsel's cpus to replace user_requested_cpus Karol Herbst (1): drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf Kees Cook (1): init/Kconfig: lower GCC version check for -Warray-bounds Kevin Loughlin (1): x86/sev: Skip ROM range scans and validation for SEV-SNP guests Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Krishna chaitanya chundru (1): arm64: dts: qcom: sc7280: Add additional MSI interrupts Krzysztof Kozlowski (2): arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping Kyle Tso (1): usb: typec: Return size of buffer if pd_set operation succeeds Laurent Pinchart (6): media: mc: Add local pad to pipeline regardless of the link state media: mc: Fix flags handling when creating pad links media: mc: Add num_links flag to media_pad media: mc: Rename pad variable to clarify intent media: mc: Expand MUST_CONNECT flag to always require an enabled link media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Liming Sun (1): sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Lino Sanfilippo (1): tpm,tpm_tis: Avoid warning splat at shutdown Long Li (2): xfs: add lock protection when remove perag from radix tree xfs: fix perag leak when growfs fails Luiz Augusto von Dentz (1): Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Ma Jun (1): drm/amdgpu/pm: Fix the error of pwm1_enable setting Manivannan Sadhasivam (1): PCI: qcom: Enable BDF to SID translation properly Marcel Ziswiler (1): Bluetooth: btnxpuart: Fix btnxpuart_close Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Marek Vasut (1): media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Mario Limonciello (1): drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Marios Makassikis (2): ksmbd: replace generic_fillattr with vfs_getattr ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Martin Blumenstingl (1): clocksource/drivers/arm_global_timer: Fix maximum prescaler value Masami Hiramatsu (Google) (1): kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Mathias Nyman (2): usb: port: Don't try to peer unused USB ports based on location xhci: Fix failure to detect ring expansion need. Matthew Wilcox (Oracle) (2): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Max Nguyen (1): Input: xpad - add additional HyperX Controller Identifiers Maximilian Heyne (1): ext4: fix corruption during on-line resize Michael Ellerman (3): powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core powerpc/smp: Increase nr_cpu_ids to include the boot CPU powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (2): PCI: hv: Fix ring buffer size calculation Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Mickaël Salaün (1): landlock: Warn once if a Landlock action is requested while disabled Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (3): fuse: replace remaining make_bad_inode() with fuse_make_bad() fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (5): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: Fix exiting from clock gating usb: dwc2: gadget: LPM flow fix Miquel Raynal (2): mtd: rawnand: Fix and simplify again the continuous read derivations mtd: rawnand: Constrain even more when continuous reads are enabled Muhammad Usama Anjum (3): selftests/mm: gup_test: conform test to TAP format output scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() scsi: lpfc: Correct size for wqe for memset() Natanael Copa (1): tools/resolve_btfids: fix build with musl libc Nathan Chancellor (4): powerpc: xor_vmx: Add '-mhard-float' to CFLAGS kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() hexagon: vmlinux.lds.S: handle attributes section Nick Morrow (1): wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Nicolin Chen (1): iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Nirmoy Das (1): drm/i915: Check before removing mm notifier Oleksandr Tymoshenko (1): efi: fix panic in kdump kernel Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (3): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout Paolo Bonzini (1): SEV: disable SEV-ES DebugSwap by default Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Paulo Alcantara (1): smb: client: stop revalidating reparse points unnecessarily Pavel Begunkov (2): io_uring: fix mshot io-wq checks io_uring: clean rings on NO_MMAP alloc fail Pawan Gupta (1): x86/bugs: Use fixed addressing for VERW operand Peter Collingbourne (1): serial: Lock console when calling into driver before registration Peter Zijlstra (1): sched: Simplify tg_set_cfs_bandwidth() Philip Yang (1): drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Philipp Stanner (1): pci_iounmap(): Fix MMIO mapping leak Prashanth K (1): usb: xhci: Add error handling in xhci_map_urb_for_dma Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Qu Wenruo (1): btrfs: qgroup: always free reserved space for extent records Quentin Schulz (2): iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 iio: adc: rockchip_saradc: use mask for write_enable bitfield Quinn Tran (6): scsi: qla2xxx: Prevent command send on chip reset scsi: qla2xxx: Fix N2N stuck connection scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: NVME|FCP prefer flag not being honored scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error RD Babiera (1): usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Rickard x Andersson (1): tty: serial: imx: Fix broken RS485 Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Roger Quadros (2): usb: dwc3-am62: fix module unload/reload behavior usb: dwc3-am62: Disable wakeup at remove Romain Naour (1): mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Sam Ravnborg (1): sparc32: Fix parport build with sparc32 Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Saurav Kashyap (3): scsi: qla2xxx: Fix double free of the ha->vp_map pointer scsi: qla2xxx: Fix double free of fcport scsi: qla2xxx: Change debug message during driver unload Sean Anderson (2): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (3): KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: x86: Mark target gfn of emulated atomic instruction as dirty KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Shivnandan Kumar (1): cpufreq: Limit resolving a frequency to policy min/max Shyam Prasad N (4): cifs: add xid to query server interface call cifs: make sure server interfaces are requested only for SMB3+ cifs: do not let cifs_chan_update_iface deallocate channels cifs: reduce warning log level for server not advertising interfaces Srinivas Pandruvada (1): platform/x86/intel/tpmi: Change vsec offset to u64 Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Steve French (1): cifs: allow changing password during remount Steven Rostedt (Google) (9): ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() NFSD: Fix nfsd_clid_class use of __string_len() macro drm/i915: Add missing ; to __assign_str() macros in tracepoint code net: hns3: tracing: fix hclgevf trace event strings tracing: Use .flush() call to wake up readers Sumit Garg (1): tee: optee: Fix kernel panic caused by incorrect error handling Sunmin Jeong (2): f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag f2fs: truncate page cache before clearing flags when aborting atomic write Tavian Barnes (1): btrfs: fix race in read_extent_buffer_pages() Thinh Nguyen (1): usb: dwc3: Properly set system wakeup Thomas Gleixner (1): x86/mpparse: Register APIC address only once Tony Battersby (1): block: Fix page refcounts for unaligned buffers in __bio_release_pages() Tor Vic (1): cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Ville Syrjälä (3): drm/i915: Don't explode when the dig port we don't have an AUX CH drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Vitaly Chikunov (1): selftests/mm: Fix build with _FORTIFY_SOURCE Vitaly Prosyak (1): drm/amdgpu: fix use-after-free bug Vlastimil Babka (2): mm, mmap: fix vma_merge() case 7 with vma_ops->close mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Weitao Wang (1): USB: UAS: return ENODEV when submit urbs fail with device not attached Will Deacon (3): swiotlb: Fix double-allocation of slots due to broken alignment handling swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() swiotlb: Fix alignment checks when both allocation and DMA masks are present Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Xingui Yang (2): scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() scsi: libsas: Fix disk not being scanned in after being removed Ye Zhang (1): thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Yicong Yang (1): serial: port: Don't suspend if the port is still busy Yongqiang Liu (1): ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Yuli Wang (1): LoongArch/crypto: Clean up useless assignment operations Zack Rusin (4): drm/vmwgfx: Unmap the surface before resetting it on a plane state drm/vmwgfx: Fix possible null pointer derefence with invalid contexts drm/vmwgfx: Fix the lifetime of the bo cursor memory drm/ttm: Make sure the mapped tt pages are decrypted when needed Zev Weiss (2): prctl: generalize PR_SET_MDWE support check to be per-arch ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Zhang Rui (5): thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature powercap: intel_rapl: Fix a NULL pointer dereference powercap: intel_rapl: Fix locking in TPMI RAPL powercap: intel_rapl_tpmi: Fix a register bug powercap: intel_rapl_tpmi: Fix System Domain probing Zhang Tianci (1): xfs: update dir3 leaf block metadata after swap Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zoltan HERPAI (1): pwm: img: fix pwm clock lookup yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 5 months

1
1
0 0

Linux 6.1.84

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.84 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 17 Documentation/admin-guide/kernel-parameters.txt | 10 Documentation/userspace-api/media/mediactl/media-types.rst | 11 Documentation/x86/amd-memory-encryption.rst | 16 Makefile | 2 arch/arm/boot/dts/mmp2-brownstone.dts | 2 arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/loongarch/include/asm/io.h | 2 arch/loongarch/include/asm/percpu.h | 7 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/parisc/kernel/unaligned.c | 27 - arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/kernel/prom.c | 12 arch/powerpc/lib/Makefile | 2 arch/sparc/crypto/crop_devid.c | 2 arch/sparc/include/asm/floppy_32.h | 2 arch/sparc/include/asm/floppy_64.h | 2 arch/sparc/include/asm/parport.h | 258 ------------ arch/sparc/include/asm/parport_64.h | 256 +++++++++++ arch/sparc/kernel/apc.c | 2 arch/sparc/kernel/auxio_32.c | 1 arch/sparc/kernel/auxio_64.c | 3 arch/sparc/kernel/central.c | 2 arch/sparc/kernel/chmc.c | 3 arch/sparc/kernel/ioport.c | 2 arch/sparc/kernel/leon_kernel.c | 2 arch/sparc/kernel/leon_pci.c | 3 arch/sparc/kernel/leon_pci_grpci1.c | 3 arch/sparc/kernel/leon_pci_grpci2.c | 4 arch/sparc/kernel/nmi.c | 2 arch/sparc/kernel/of_device_32.c | 2 arch/sparc/kernel/of_device_64.c | 4 arch/sparc/kernel/of_device_common.c | 4 arch/sparc/kernel/pci.c | 3 arch/sparc/kernel/pci_common.c | 3 arch/sparc/kernel/pci_fire.c | 3 arch/sparc/kernel/pci_impl.h | 1 arch/sparc/kernel/pci_msi.c | 2 arch/sparc/kernel/pci_psycho.c | 4 arch/sparc/kernel/pci_sun4v.c | 3 arch/sparc/kernel/pmc.c | 2 arch/sparc/kernel/power.c | 3 arch/sparc/kernel/prom_irqtrans.c | 1 arch/sparc/kernel/psycho_common.c | 1 arch/sparc/kernel/sbus.c | 3 arch/sparc/kernel/time_32.c | 1 arch/sparc/mm/io-unit.c | 3 arch/sparc/mm/iommu.c | 5 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 13 arch/x86/boot/compressed/efi_mixed.S | 29 + arch/x86/coco/core.c | 20 arch/x86/coco/tdx/tdx.c | 2 arch/x86/include/asm/asm.h | 14 arch/x86/include/asm/coco.h | 10 arch/x86/include/asm/cpufeatures.h | 1 arch/x86/include/asm/mem_encrypt.h | 15 arch/x86/include/asm/msr-index.h | 2 arch/x86/include/asm/sev.h | 4 arch/x86/include/asm/suspend_32.h | 10 arch/x86/include/asm/x86_init.h | 3 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 138 +++--- arch/x86/kernel/cpu/common.c | 19 arch/x86/kernel/cpu/mshyperv.c | 2 arch/x86/kernel/eisa.c | 3 arch/x86/kernel/fpu/xstate.c | 5 arch/x86/kernel/fpu/xstate.h | 14 arch/x86/kernel/kprobes/core.c | 11 arch/x86/kernel/probe_roms.c | 10 arch/x86/kernel/setup.c | 3 arch/x86/kernel/sev-shared.c | 12 arch/x86/kernel/sev.c | 31 - arch/x86/kernel/x86_init.c | 2 arch/x86/kvm/cpuid.c | 29 + arch/x86/kvm/lapic.c | 5 arch/x86/kvm/reverse_cpuid.h | 42 + arch/x86/kvm/svm/sev.c | 16 arch/x86/kvm/x86.c | 10 arch/x86/kvm/xen.c | 2 arch/x86/kvm/xen.h | 18 arch/x86/mm/mem_encrypt_amd.c | 18 arch/x86/mm/mem_encrypt_identity.c | 38 - block/bio.c | 11 block/blk-mq.c | 33 + block/blk-settings.c | 4 block/mq-deadline.c | 3 drivers/accessibility/speakup/synth.c | 4 drivers/ata/ahci.c | 5 drivers/ata/libata-eh.c | 5 drivers/ata/libata-scsi.c | 9 drivers/base/power/wakeirq.c | 4 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/clocksource/arm_global_timer.c | 2 drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 - drivers/firmware/efi/efi.c | 2 drivers/firmware/efi/libstub/randomalloc.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/drm_probe_helper.c | 7 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/display/intel_bios.c | 3 drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 drivers/hwmon/amc6821.c | 11 drivers/i2c/busses/i2c-i801.c | 4 drivers/iio/accel/adxl367.c | 8 drivers/iio/accel/adxl367_i2c.c | 2 drivers/iommu/dma-iommu.c | 9 drivers/iommu/iommu.c | 3 drivers/irqchip/irq-renesas-rzg2l.c | 93 +++- drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/md/raid5.c | 14 drivers/media/mc/mc-entity.c | 93 +++- drivers/media/tuners/xc4000.c | 4 drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/block.c | 14 drivers/mmc/host/sdhci-omap.c | 3 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 drivers/nvmem/meson-efuse.c | 25 - drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/controller/dwc/pcie-qcom.c | 153 +++---- drivers/pci/controller/pci-hyperv.c | 3 drivers/pci/pci-driver.c | 7 drivers/pci/pcie/err.c | 20 drivers/pci/quirks.c | 2 drivers/phy/tegra/xusb.c | 13 drivers/platform/x86/p2sb.c | 25 - drivers/pwm/pwm-img.c | 4 drivers/remoteproc/remoteproc_virtio.c | 6 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/libsas/sas_expander.c | 51 +- drivers/scsi/lpfc/lpfc_bsg.c | 4 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_init.c | 128 +++-- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++- drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_os.c | 2 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/scsi/scsi_scan.c | 34 + drivers/scsi/sd.c | 25 - drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 25 - drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/tee/optee/device.c | 3 drivers/thermal/devfreq_cooling.c | 2 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/imx.c | 22 - drivers/tty/serial/max310x.c | 7 drivers/tty/serial/serial_core.c | 12 drivers/tty/vt/vt.c | 2 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 - drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 43 +- drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 72 ++- drivers/usb/dwc2/gadget.c | 10 drivers/usb/dwc2/hcd.c | 49 +- drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/dwc2/platform.c | 2 drivers/usb/dwc3/dwc3-am62.c | 90 +--- drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 39 + drivers/usb/host/xhci.c | 2 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 - drivers/usb/storage/uas.c | 28 - drivers/usb/typec/class.c | 7 drivers/usb/typec/ucsi/ucsi.c | 46 +- drivers/usb/typec/ucsi/ucsi.h | 4 drivers/usb/typec/ucsi/ucsi_acpi.c | 75 +-- drivers/vfio/container.c | 2 drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 drivers/vfio/pci/vfio_pci_config.c | 6 drivers/vfio/pci/vfio_pci_core.c | 7 drivers/vfio/pci/vfio_pci_igd.c | 2 drivers/vfio/pci/vfio_pci_intrs.c | 206 +++++---- drivers/vfio/pci/vfio_pci_rdwr.c | 2 drivers/vfio/platform/vfio_platform_irq.c | 106 +++- drivers/vfio/virqfd.c | 23 + fs/aio.c | 8 fs/btrfs/block-group.c | 3 fs/btrfs/qgroup.c | 10 fs/btrfs/scrub.c | 12 fs/btrfs/volumes.c | 2 fs/exec.c | 1 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/f2fs/f2fs.h | 1 fs/f2fs/segment.c | 4 fs/fat/nfs.c | 6 fs/fuse/dir.c | 4 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/nfs/direct.c | 11 fs/nfs/write.c | 2 fs/nfsd/trace.h | 2 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/smb/client/cached_dir.c | 3 fs/smb/server/smb2pdu.c | 10 fs/ubifs/file.c | 13 include/drm/drm_modeset_helper_vtables.h | 3 include/linux/cpufreq.h | 15 include/linux/gfp.h | 9 include/linux/hyperv.h | 22 - include/linux/libata.h | 1 include/linux/minmax.h | 17 include/linux/nfs_fs.h | 1 include/linux/phy/tegra/xusb.h | 1 include/linux/ring_buffer.h | 1 include/linux/timer.h | 18 include/linux/vfio.h | 2 include/media/media-entity.h | 2 include/net/cfg802154.h | 1 include/scsi/scsi_driver.h | 1 include/scsi/scsi_host.h | 1 init/Kconfig | 6 init/initramfs.c | 2 io_uring/net.c | 3 kernel/bounds.c | 2 kernel/dma/swiotlb.c | 11 kernel/entry/common.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 27 + kernel/time/timer.c | 164 ++++--- kernel/trace/ring_buffer.c | 233 ++++++---- kernel/trace/trace.c | 21 lib/pci_iomap.c | 2 mm/compaction.c | 7 mm/kasan/kasan_test.c | 3 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/swapfile.c | 25 - mm/vmscan.c | 5 net/bluetooth/hci_core.c | 6 net/bluetooth/hci_sync.c | 5 net/mac80211/cfg.c | 5 net/mac802154/llsec.c | 18 net/netfilter/nf_tables_api.c | 7 net/tls/tls_sw.c | 60 ++ net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/landlock/syscalls.c | 18 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 13 sound/sh/aica.c | 17 sound/soc/amd/yc/acp6x-mach.c | 7 tools/include/linux/btf_ids.h | 2 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/mptcp/diag.sh | 6 virt/kvm/async_pf.c | 31 + 303 files changed, 2970 insertions(+), 1661 deletions(-) Adamos Ttofari (1): x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Alan Stern (4): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in port "disable" sysfs attribute USB: core: Fix deadlock in usb_deauthorize_interface() Alex Deucher (1): drm/amd/display: handle range offsets in VRR ranges Alex Williamson (7): vfio/pci: Lock external INTx masking ops vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Usyskin (2): mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports André Rösti (1): entry: Respect changes to system call number by trace_sys_enter() Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Ard Biesheuvel (4): x86/efistub: Call mixed mode boot services on the firmware's stack x86/sev: Fix position dependent variable references in startup code x86/efistub: Add missing boot_params for mixed mode compat entry efi/libstub: Cast away type warning in use of max() Arnd Bergmann (2): kasan/test: avoid gcc warning for intentional overflow staging: vc04_services: changen strncpy() to strscpy_pad() Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (2): Revert "block/mq-deadline: use correct way to throttling write requests" fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Biju Das (4): irqchip/renesas-rzg2l: Flush posted write in irq_eoi() irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Bikash Hazarika (1): scsi: qla2xxx: Update manufacturer detail Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (4): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/coco: Export cc_vendor x86/coco: Get rid of accessor functions x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Charan Teja Kalla (1): iommu: Avoid races around default domain allocations Chengming Zhou (1): blk-mq: release scheduler resource when request completes Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (4): usb: typec: ucsi: Clear EVENT_PENDING under PPM lock usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi_acpi: Refactor and fix DELL quirk usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Claudiu Beznea (2): irqchip/renesas-rzg2l: Implement restriction when writing ISCR register irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Cosmin Tanislav (2): iio: accel: adxl367: fix DEVID read after reset iio: accel: adxl367: fix I2C FIFO data register Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Damien Le Moal (3): block: Clear zone limits for a non-zoned stacked queue block: Do not force full zone append completion in req_bio_endio() scsi: sd: Fix TCG OPAL unlock on system resume Dan Carpenter (1): staging: vc04_services: fix information leak in create_component() Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB David Laight (1): minmax: add umin(a, b) and umax(a, b) David Woodhouse (1): KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (2): nouveau/dmem: handle kcalloc() allocation failure ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Eric Huang (1): drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Eugene Korenevsky (1): cifs: open_cached_dir(): add FILE_READ_EA to desired access Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (4): clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geliang Tang (1): selftests: mptcp: diag: return KSFT_FAIL not test_cnt Greg Kroah-Hartman (2): cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Linux 6.1.84 Guenter Roeck (5): parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (2): media: xc4000: Fix atomicity violation in xc4000_get_frequency md/raid5: fix atomicity violation in raid5_cache_count Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Hans de Goede (2): platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Heiner Kallweit (1): i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Huacai Chen (2): LoongArch: Change __my_cpu_offset definition to avoid mis-optimization LoongArch: Define the __io_aw() hook as mmiowb() Huang Ying (1): swap: comments get_swap_device() with usage rule Hugo Villeneuve (1): serial: max310x: fix NULL pointer dereference in I2C instantiation Jakub Kicinski (2): tls: fix race between tx work scheduling and socket close net: tls: handle backlogging of crypto requests Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (5): drm/probe-helper: warn about negative .get_modes() drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jason A. Donenfeld (2): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer Jason Gunthorpe (1): vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations Jens Axboe (1): io_uring/net: correctly handle multishot recvmsg retry setup Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jiawei Wang (1): ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Jim Mattson (2): KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace KVM: x86: Use a switch statement and macros in __feature_translate() Joakim Zhang (1): remoteproc: virtio: Fix wdg cannot recovery remote processor Jocelyn Falempe (1): drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Johannes Berg (1): wifi: iwlwifi: fw: don't always use FW dump trig Johannes Thumshirn (2): btrfs: zoned: don't skip block groups with 100% zone unusable btrfs: zoned: use zone aware sb location for scrub John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josef Bacik (1): nfs: fix UAF in direct writes Josua Mayer (1): hwmon: (amc6821) add of_match table KONDO KAZUMA(近藤　和真) (1): efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Kailang Yang (2): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Kees Cook (1): init/Kconfig: lower GCC version check for -Warray-bounds Kevin Loughlin (1): x86/sev: Skip ROM range scans and validation for SEV-SNP guests Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Krishna chaitanya chundru (1): arm64: dts: qcom: sc7280: Add additional MSI interrupts Kyle Tso (1): usb: typec: Return size of buffer if pd_set operation succeeds Ladislav Michl (1): usb: dwc3-am62: Rename private data Laurent Pinchart (5): media: mc: Add local pad to pipeline regardless of the link state media: mc: Fix flags handling when creating pad links media: mc: Add num_links flag to media_pad media: mc: Rename pad variable to clarify intent media: mc: Expand MUST_CONNECT flag to always require an enabled link Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Luiz Augusto von Dentz (1): Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Ma Jun (1): drm/amdgpu/pm: Fix the error of pwm1_enable setting Manivannan Sadhasivam (2): PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP version PCI: qcom: Enable BDF to SID translation properly Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Marios Makassikis (1): ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Martin Blumenstingl (1): clocksource/drivers/arm_global_timer: Fix maximum prescaler value Masami Hiramatsu (Google) (1): kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (1): ext4: fix corruption during on-line resize Michael Ellerman (3): powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core powerpc/smp: Increase nr_cpu_ids to include the boot CPU powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (2): PCI: hv: Fix ring buffer size calculation Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Mickaël Salaün (1): landlock: Warn once if a Landlock action is requested while disabled Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (2): fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (5): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: Fix exiting from clock gating usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (2): scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() scsi: lpfc: Correct size for wqe for memset() Natanael Copa (1): tools/resolve_btfids: fix build with musl libc Nathan Chancellor (4): powerpc: xor_vmx: Add '-mhard-float' to CFLAGS kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() hexagon: vmlinux.lds.S: handle attributes section Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Nicolin Chen (1): iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Nirmoy Das (1): drm/i915: Check before removing mm notifier Oleksandr Tymoshenko (1): efi: fix panic in kdump kernel Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (3): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Peter Collingbourne (1): serial: Lock console when calling into driver before registration Philip Yang (1): drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Philipp Stanner (1): pci_iounmap(): Fix MMIO mapping leak Prashanth K (1): usb: xhci: Add error handling in xhci_map_urb_for_dma Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Qu Wenruo (1): btrfs: qgroup: always free reserved space for extent records Quinn Tran (6): scsi: qla2xxx: Prevent command send on chip reset scsi: qla2xxx: Fix N2N stuck connection scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: NVME|FCP prefer flag not being honored scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Reinette Chatre (2): vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable vfio/pci: Remove negative check on unsigned vector Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Rickard x Andersson (1): tty: serial: imx: Fix broken RS485 Rob Herring (1): sparc: Explicitly include correct DT includes Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Roger Quadros (1): usb: dwc3-am62: fix module unload/reload behavior Romain Naour (1): mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Sabrina Dubroca (1): tls: fix use-after-free on failed backlog decryption Sam Ravnborg (1): sparc32: Fix parport build with sparc32 Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Saurav Kashyap (2): scsi: qla2xxx: Fix double free of fcport scsi: qla2xxx: Change debug message during driver unload Sean Anderson (2): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (4): KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: x86: Mark target gfn of emulated atomic instruction as dirty KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Shivnandan Kumar (1): cpufreq: Limit resolving a frequency to policy min/max Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Steven Rostedt (Google) (8): ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() NFSD: Fix nfsd_clid_class use of __string_len() macro net: hns3: tracing: fix hclgevf trace event strings tracing: Use .flush() call to wake up readers Sumit Garg (1): tee: optee: Fix kernel panic caused by incorrect error handling Sunmin Jeong (2): f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag f2fs: truncate page cache before clearing flags when aborting atomic write Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Thomas Gleixner (3): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() Tony Battersby (1): block: Fix page refcounts for unaligned buffers in __bio_release_pages() Tor Vic (1): cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Ville Syrjälä (1): drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Weitao Wang (1): USB: UAS: return ENODEV when submit urbs fail with device not attached Will Deacon (1): swiotlb: Fix alignment checks when both allocation and DMA masks are present Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Xingui Yang (2): scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() scsi: libsas: Fix disk not being scanned in after being removed Ye Zhang (1): thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zack Rusin (1): drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Zoltan HERPAI (1): pwm: img: fix pwm clock lookup yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 5 months

1
1
0 0

[PATCH 4/4] io_uring/kbuf: hold io_buffer_list reference over mmap

by Jens Axboe

If we look up the kbuf, ensure that it doesn't get unregistered until after we're done with it. Since we're inside mmap, we cannot safely use the io_uring lock. Rely on the fact that we can lookup the buffer list under RCU now and grab a reference to it, preventing it from being unregistered until we're done with it. The lookup returns the io_buffer_list directly with it referenced. Cc: stable(a)vger.kernel.org # v6.4+ Fixes: 5cf4f52e6d8a ("io_uring: free io_buffer_list entries via RCU") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/io_uring.c | 11 ++++++----- io_uring/kbuf.c | 35 +++++++++++++++++++++++++++-------- io_uring/kbuf.h | 4 +++- 3 files changed, 36 insertions(+), 14 deletions(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index bc730f59265f..4521c2b66b98 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -3447,14 +3447,15 @@ static void *io_uring_validate_mmap_request(struct file *file, ptr = ctx->sq_sqes; break; case IORING_OFF_PBUF_RING: { + struct io_buffer_list *bl; unsigned int bgid; bgid = (offset & ~IORING_OFF_MMAP_MASK) >> IORING_OFF_PBUF_SHIFT; - rcu_read_lock(); - ptr = io_pbuf_get_address(ctx, bgid); - rcu_read_unlock(); - if (!ptr) - return ERR_PTR(-EINVAL); + bl = io_pbuf_get_bl(ctx, bgid); + if (IS_ERR(bl)) + return bl; + ptr = bl->buf_ring; + io_put_bl(ctx, bl); break; } default: diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 2edc6854f6f3..3aa16e27f509 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -266,7 +266,7 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx, return i; } -static void io_put_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +void io_put_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) { if (atomic_dec_and_test(&bl->refs)) { __io_remove_buffers(ctx, bl, -1U); @@ -719,16 +719,35 @@ int io_register_pbuf_status(struct io_ring_ctx *ctx, void __user *arg) return 0; } -void *io_pbuf_get_address(struct io_ring_ctx *ctx, unsigned long bgid) +struct io_buffer_list *io_pbuf_get_bl(struct io_ring_ctx *ctx, + unsigned long bgid) { struct io_buffer_list *bl; + bool ret; - bl = __io_buffer_get_list(ctx, bgid); - - if (!bl || !bl->is_mmap) - return NULL; - - return bl->buf_ring; + /* + * We have to be a bit careful here - we're inside mmap and cannot grab + * the uring_lock. This means the buffer_list could be simultaneously + * going away, if someone is trying to be sneaky. Look it up under rcu + * so we know it's not going away, and attempt to grab a reference to + * it. If the ref is already zero, then fail the mapping. If successful, + * the caller will call io_put_bl() to drop the the reference at at the + * end. This may then safely free the buffer_list (and drop the pages) + * at that point, vm_insert_pages() would've already grabbed the + * necessary vma references. + */ + rcu_read_lock(); + bl = xa_load(&ctx->io_bl_xa, bgid); + /* must be a mmap'able buffer ring and have pages */ + ret = false; + if (bl && bl->is_mmap) + ret = atomic_inc_not_zero(&bl->refs); + rcu_read_unlock(); + + if (ret) + return bl; + + return ERR_PTR(-EINVAL); } /* diff --git a/io_uring/kbuf.h b/io_uring/kbuf.h index 8b868a1744e2..df365b8860cf 100644 --- a/io_uring/kbuf.h +++ b/io_uring/kbuf.h @@ -61,7 +61,9 @@ void __io_put_kbuf(struct io_kiocb *req, unsigned issue_flags); bool io_kbuf_recycle_legacy(struct io_kiocb *req, unsigned issue_flags); -void *io_pbuf_get_address(struct io_ring_ctx *ctx, unsigned long bgid); +void io_put_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl); +struct io_buffer_list *io_pbuf_get_bl(struct io_ring_ctx *ctx, + unsigned long bgid); static inline bool io_kbuf_recycle_ring(struct io_kiocb *req) { -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 3/4] io_uring/kbuf: protect io_buffer_list teardown with a reference

by Jens Axboe

No functional changes in this patch, just in preparation for being able to keep the buffer list alive outside of the ctx->uring_lock. Cc: stable(a)vger.kernel.org # v6.4+ Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/kbuf.c | 15 +++++++++++---- io_uring/kbuf.h | 2 ++ 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 011280d873e7..2edc6854f6f3 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -61,6 +61,7 @@ static int io_buffer_add_list(struct io_ring_ctx *ctx, * always under the ->uring_lock, but the RCU lookup from mmap does. */ bl->bgid = bgid; + atomic_set(&bl->refs, 1); return xa_err(xa_store(&ctx->io_bl_xa, bgid, bl, GFP_KERNEL)); } @@ -265,6 +266,14 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx, return i; } +static void io_put_bl(struct io_ring_ctx *ctx, struct io_buffer_list *bl) +{ + if (atomic_dec_and_test(&bl->refs)) { + __io_remove_buffers(ctx, bl, -1U); + kfree_rcu(bl, rcu); + } +} + void io_destroy_buffers(struct io_ring_ctx *ctx) { struct io_buffer_list *bl; @@ -274,8 +283,7 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) xa_for_each(&ctx->io_bl_xa, index, bl) { xa_erase(&ctx->io_bl_xa, bl->bgid); - __io_remove_buffers(ctx, bl, -1U); - kfree_rcu(bl, rcu); + io_put_bl(ctx, bl); } /* @@ -680,9 +688,8 @@ int io_unregister_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) if (!bl->is_buf_ring) return -EINVAL; - __io_remove_buffers(ctx, bl, -1U); xa_erase(&ctx->io_bl_xa, bl->bgid); - kfree_rcu(bl, rcu); + io_put_bl(ctx, bl); return 0; } diff --git a/io_uring/kbuf.h b/io_uring/kbuf.h index fdbb10449513..8b868a1744e2 100644 --- a/io_uring/kbuf.h +++ b/io_uring/kbuf.h @@ -25,6 +25,8 @@ struct io_buffer_list { __u16 head; __u16 mask; + atomic_t refs; + /* ring mapped provided buffers */ __u8 is_buf_ring; /* ring mapped provided buffers, but mmap'ed by application */ -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 2/4] io_uring/kbuf: get rid of bl->is_ready

by Jens Axboe

Now that xarray is being exclusively used for the buffer_list lookup, this check is no longer needed. Get rid of it and the is_ready member. Cc: stable(a)vger.kernel.org # v6.4+ Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/kbuf.c | 8 -------- io_uring/kbuf.h | 2 -- 2 files changed, 10 deletions(-) diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 8bf0121f00af..011280d873e7 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -61,7 +61,6 @@ static int io_buffer_add_list(struct io_ring_ctx *ctx, * always under the ->uring_lock, but the RCU lookup from mmap does. */ bl->bgid = bgid; - smp_store_release(&bl->is_ready, 1); return xa_err(xa_store(&ctx->io_bl_xa, bgid, bl, GFP_KERNEL)); } @@ -721,13 +720,6 @@ void *io_pbuf_get_address(struct io_ring_ctx *ctx, unsigned long bgid) if (!bl || !bl->is_mmap) return NULL; - /* - * Ensure the list is fully setup. Only strictly needed for RCU lookup - * via mmap, and in that case only for the array indexed groups. For - * the xarray lookups, it's either visible and ready, or not at all. - */ - if (!smp_load_acquire(&bl->is_ready)) - return NULL; return bl->buf_ring; } diff --git a/io_uring/kbuf.h b/io_uring/kbuf.h index 1c7b654ee726..fdbb10449513 100644 --- a/io_uring/kbuf.h +++ b/io_uring/kbuf.h @@ -29,8 +29,6 @@ struct io_buffer_list { __u8 is_buf_ring; /* ring mapped provided buffers, but mmap'ed by application */ __u8 is_mmap; - /* bl is visible from an RCU point of view for lookup */ - __u8 is_ready; }; struct io_buffer { -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 1/4] io_uring/kbuf: get rid of lower BGID lists

by Jens Axboe

Just rely on the xarray for any kind of bgid. This simplifies things, and it really doesn't bring us much, if anything. Cc: stable(a)vger.kernel.org # v6.4+ Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- include/linux/io_uring_types.h | 1 - io_uring/io_uring.c | 2 - io_uring/kbuf.c | 70 ++++------------------------------ 3 files changed, 8 insertions(+), 65 deletions(-) diff --git a/include/linux/io_uring_types.h b/include/linux/io_uring_types.h index e24893625085..05df0e399d7c 100644 --- a/include/linux/io_uring_types.h +++ b/include/linux/io_uring_types.h @@ -294,7 +294,6 @@ struct io_ring_ctx { struct io_submit_state submit_state; - struct io_buffer_list *io_bl; struct xarray io_bl_xa; struct io_hash_table cancel_table_locked; diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index d1defb99b89e..bc730f59265f 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -351,7 +351,6 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p) err: kfree(ctx->cancel_table.hbs); kfree(ctx->cancel_table_locked.hbs); - kfree(ctx->io_bl); xa_destroy(&ctx->io_bl_xa); kfree(ctx); return NULL; @@ -2932,7 +2931,6 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx) io_napi_free(ctx); kfree(ctx->cancel_table.hbs); kfree(ctx->cancel_table_locked.hbs); - kfree(ctx->io_bl); xa_destroy(&ctx->io_bl_xa); kfree(ctx); } diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c index 693c26da4ee1..8bf0121f00af 100644 --- a/io_uring/kbuf.c +++ b/io_uring/kbuf.c @@ -17,8 +17,6 @@ #define IO_BUFFER_LIST_BUF_PER_PAGE (PAGE_SIZE / sizeof(struct io_uring_buf)) -#define BGID_ARRAY 64 - /* BIDs are addressed by a 16-bit field in a CQE */ #define MAX_BIDS_PER_BGID (1 << 16) @@ -40,13 +38,9 @@ struct io_buf_free { int inuse; }; -static struct io_buffer_list *__io_buffer_get_list(struct io_ring_ctx *ctx, - struct io_buffer_list *bl, - unsigned int bgid) +static inline struct io_buffer_list *__io_buffer_get_list(struct io_ring_ctx *ctx, + unsigned int bgid) { - if (bl && bgid < BGID_ARRAY) - return &bl[bgid]; - return xa_load(&ctx->io_bl_xa, bgid); } @@ -55,7 +49,7 @@ static inline struct io_buffer_list *io_buffer_get_list(struct io_ring_ctx *ctx, { lockdep_assert_held(&ctx->uring_lock); - return __io_buffer_get_list(ctx, ctx->io_bl, bgid); + return __io_buffer_get_list(ctx, bgid); } static int io_buffer_add_list(struct io_ring_ctx *ctx, @@ -68,10 +62,6 @@ static int io_buffer_add_list(struct io_ring_ctx *ctx, */ bl->bgid = bgid; smp_store_release(&bl->is_ready, 1); - - if (bgid < BGID_ARRAY) - return 0; - return xa_err(xa_store(&ctx->io_bl_xa, bgid, bl, GFP_KERNEL)); } @@ -208,24 +198,6 @@ void __user *io_buffer_select(struct io_kiocb *req, size_t *len, return ret; } -static __cold int io_init_bl_list(struct io_ring_ctx *ctx) -{ - struct io_buffer_list *bl; - int i; - - bl = kcalloc(BGID_ARRAY, sizeof(struct io_buffer_list), GFP_KERNEL); - if (!bl) - return -ENOMEM; - - for (i = 0; i < BGID_ARRAY; i++) { - INIT_LIST_HEAD(&bl[i].buf_list); - bl[i].bgid = i; - } - - smp_store_release(&ctx->io_bl, bl); - return 0; -} - /* * Mark the given mapped range as free for reuse */ @@ -300,13 +272,6 @@ void io_destroy_buffers(struct io_ring_ctx *ctx) struct list_head *item, *tmp; struct io_buffer *buf; unsigned long index; - int i; - - for (i = 0; i < BGID_ARRAY; i++) { - if (!ctx->io_bl) - break; - __io_remove_buffers(ctx, &ctx->io_bl[i], -1U); - } xa_for_each(&ctx->io_bl_xa, index, bl) { xa_erase(&ctx->io_bl_xa, bl->bgid); @@ -489,12 +454,6 @@ int io_provide_buffers(struct io_kiocb *req, unsigned int issue_flags) io_ring_submit_lock(ctx, issue_flags); - if (unlikely(p->bgid < BGID_ARRAY && !ctx->io_bl)) { - ret = io_init_bl_list(ctx); - if (ret) - goto err; - } - bl = io_buffer_get_list(ctx, p->bgid); if (unlikely(!bl)) { bl = kzalloc(sizeof(*bl), GFP_KERNEL_ACCOUNT); @@ -507,14 +466,9 @@ int io_provide_buffers(struct io_kiocb *req, unsigned int issue_flags) if (ret) { /* * Doesn't need rcu free as it was never visible, but - * let's keep it consistent throughout. Also can't - * be a lower indexed array group, as adding one - * where lookup failed cannot happen. + * let's keep it consistent throughout. */ - if (p->bgid >= BGID_ARRAY) - kfree_rcu(bl, rcu); - else - WARN_ON_ONCE(1); + kfree_rcu(bl, rcu); goto err; } } @@ -679,12 +633,6 @@ int io_register_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) if (reg.ring_entries >= 65536) return -EINVAL; - if (unlikely(reg.bgid < BGID_ARRAY && !ctx->io_bl)) { - int ret = io_init_bl_list(ctx); - if (ret) - return ret; - } - bl = io_buffer_get_list(ctx, reg.bgid); if (bl) { /* if mapped buffer ring OR classic exists, don't allow */ @@ -734,10 +682,8 @@ int io_unregister_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg) return -EINVAL; __io_remove_buffers(ctx, bl, -1U); - if (bl->bgid >= BGID_ARRAY) { - xa_erase(&ctx->io_bl_xa, bl->bgid); - kfree_rcu(bl, rcu); - } + xa_erase(&ctx->io_bl_xa, bl->bgid); + kfree_rcu(bl, rcu); return 0; } @@ -771,7 +717,7 @@ void *io_pbuf_get_address(struct io_ring_ctx *ctx, unsigned long bgid) { struct io_buffer_list *bl; - bl = __io_buffer_get_list(ctx, smp_load_acquire(&ctx->io_bl), bgid); + bl = __io_buffer_get_list(ctx, bgid); if (!bl || !bl->is_mmap) return NULL; -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 6.7 000/432] 6.7.12-rc1 review

by Greg Kroah-Hartman

Note, this will be the LAST 6.7.y kernel release. After this one it will be end-of-life. Please move to 6.8.y now. ------------------------------------------ This is the start of the stable review cycle for the 6.7.12 release. There are 432 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.12-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.12-rc1 Natanael Copa <ncopa(a)alpinelinux.org> tools/resolve_btfids: fix build with musl libc Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Skip ROM range scans and validation for SEV-SNP guests Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix disk not being scanned in after being removed Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Drop duplicate ID Dave Hansen <dave.hansen(a)linux.intel.com> Revert "x86/bugs: Use fixed addressing for VERW operand" Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use fixed addressing for VERW operand Baoquan He <bhe(a)redhat.com> crash: use macro to add crashk_res into iomem early for specific arch Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of the ha->vp_map pointer Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi_acpi: Refactor and fix DELL quirk Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Kyle Tso <kyletso(a)google.com> usb: typec: Return size of buffer if pd_set operation succeeds Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in port "disable" sysfs attribute Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Properly set system wakeup Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Fix TCG OPAL unlock on system resume Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> scsi: ufs: qcom: Provide default cycles_in_1us value Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Make sure migration file isn't accessed after reset Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amdgpu: make damage clips support configurable Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: set odm_combine_policy based on context in dcn32 resource Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Yongzhi Liu <hyperlyzcs(a)gmail.com> usb: misc: ljca: Fix double free in error handling path Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> mtd: spinand: Add support for 5-byte IDs Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Roman Li <roman.li(a)amd.com> drm/amd/display: Fix bounds check for dcn35 DcfClocks Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Jonathon Hall <jonathon.hall(a)puri.sm> drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsb: Fix DSB vblank waits when using VRR Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Generate VRR "safe window" for DSB Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/hwmon: Fix locking inversion in sysfs getter Xi Liu <xi.liu(a)amd.com> drm/amd/display: Set DCN351 BB and IP the same as DCN35 George Shen <george.shen(a)amd.com> drm/amd/display: Remove MPC rate control logic from DCN30 and above Johannes Weiner <hannes(a)cmpxchg.org> drm/amdgpu: fix deadlock while reading mqd from debugfs Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Jocelyn Falempe <jfalempe(a)redhat.com> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Duoming Zhou <duoming(a)zju.edu.cn> nouveau/dmem: handle kcalloc() allocation failure Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Damien Le Moal <dlemoal(a)kernel.org> block: Do not force full zone append completion in req_bio_endio() Liming Sun <limings(a)nvidia.com> sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Romain Naour <romain.naour(a)skf.com> mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Edward Liaw <edliaw(a)google.com> selftests/mm: fix ARM related issue with fork after pthread_create Edward Liaw <edliaw(a)google.com> selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Johannes Weiner <hannes(a)cmpxchg.org> mm: cachestat: fix two shmem bugs Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Harry Wentland <harry.wentland(a)amd.com> Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: handle debugfs names more carefully Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: don't always use FW dump trig Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: disable MLO for the time being Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: add a flag to disable wireless extensions Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: don't skip block groups with 100% zone unusable Tavian Barnes <tavianator(a)tavianator.com> btrfs: fix race in read_extent_buffer_pages() Anand Jain <anand.jain(a)oracle.com> btrfs: validate device maj:min during open Carlos Maiolino <cem(a)kernel.org> tmpfs: fix race on handling dquot rbtree Zev Weiss <zev(a)bewilderbeest.net> ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Zev Weiss <zev(a)bewilderbeest.net> prctl: generalize PR_SET_MDWE support check to be per-arch Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Reinstate soft limit for initrd loading Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Cast away type warning in use of max() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Add missing boot_params for mixed mode compat entry John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: add locks to kcontrols Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: remove digital gain kcontrol Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Include the PLL name in the debug messages Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Replace a memset() with zero initialization Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Use named initializers for DPLL info Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Stop printing pipe name as hex Kan Liang <kan.liang(a)linux.intel.com> perf top: Use evsel's cpus to replace user_requested_cpus Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> mfd: intel-lpss: Switch to generalized quirk table Anand Jain <anand.jain(a)oracle.com> btrfs: do not skip re-registration for the mounted device Vitaly Chikunov <vt(a)altlinux.org> selftests/mm: Fix build with _FORTIFY_SOURCE Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: gup_test: conform test to TAP format output Zoltan HERPAI <wigyori(a)uid0.hu> pwm: img: fix pwm clock lookup Oleksandr Tymoshenko <ovt(a)google.com> efi: fix panic in kdump kernel Adamos Ttofari <attofari(a)amazon.de> x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Thomas Gleixner <tglx(a)linutronix.de> x86/mpparse: Register APIC address only once KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Flush posted write in irq_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Implement restriction when writing ISCR register John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present Will Deacon <will(a)kernel.org> swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() Will Deacon <will(a)kernel.org> swiotlb: Fix double-allocation of slots due to broken alignment handling André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Yongqiang Liu <liuyongqiang13(a)huawei.com> ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Ard Biesheuvel <ardb(a)kernel.org> ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Fix position dependent variable references in startup code Borislav Petkov (AMD) <bp(a)alien8.de> x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Josef Bacik <josef(a)toxicpanda.com> btrfs: fix deadlock with fiemap and extent locking Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8821cu: Fix connection failure Linus Torvalds <torvalds(a)linux-foundation.org> Fix memory leak in posix_clock_open() Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Call mixed mode boot services on the firmware's stack Li Ma <li.ma(a)amd.com> drm/amd/swsmu: modify the gfx activity scaling Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: handle range offsets in VRR ranges Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Don't explode when the dig port we don't have an AUX CH Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_mpu6050: fix FIFO parsing when empty Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_mpu6050: fix frequency setting when chip is off Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Fix using mux_pdev before it's set Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix I2C FIFO data register Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix DEVID read after reset Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Fabio Estevam <festevam(a)denx.de> ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Douglas Anderson <dianders(a)chromium.org> Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()" Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Yicong Yang <yangyicong(a)hisilicon.com> serial: port: Don't suspend if the port is still busy Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Pass proper arguments to scm call Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Peter Collingbourne <pcc(a)google.com> serial: 8250_dw: Do not reclock if already at correct rate Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix failure to detect ring expansion need. Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the error of pwm1_enable setting Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Paolo Bonzini <pbonzini(a)redhat.com> SEV: disable SEV-ES DebugSwap by default Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Edmund Raile <edmund.raile(a)proton.me> firewire: ohci: prevent leak of left-over IRQ on unbind Kees Cook <keescook(a)chromium.org> init/Kconfig: lower GCC version check for -Warray-bounds Max Nguyen <maxwell.nguyen(a)hp.com> Input: xpad - add additional HyperX Controller Identifiers Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix a memory leak in update_exclusive_cpumask() Kamalesh Babulal <kamalesh.babulal(a)oracle.com> cgroup/cpuset: Fix retval in update_cpumask() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Vlastimil Babka <vbabka(a)suse.cz> mm, mmap: fix vma_merge() case 7 with vma_ops->close Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Eric Biggers <ebiggers(a)google.com> Revert "crypto: pkcs7 - remove sha1 support" Andrey Skvortsov <andrej.skvortzov(a)gmail.com> crypto: sun8i-ce - Fix use after free in unprepare Herbert Xu <herbert(a)gondor.apana.org.au> crypto: rk3288 - Fix use after free in unprepare Karol Herbst <kherbst(a)redhat.com> drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf Dave Airlie <airlied(a)redhat.com> nouveau: lock the client object tree. Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Audra Mitchell <audra(a)redhat.com> workqueue: Shorten events_freezable_power_efficient name Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: clear the EDID property on failures Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: use drm_bridge_edid_read() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: add ->edid_read hook and drm_bridge_edid_read() Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Make sure the mapped tt pages are decrypted when needed Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: add per-vendor feature detection callback Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle check for shared firmware state Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Init DPPCLK from SMU on dcn32 Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Add dml2 copy functions Josip Pavic <josip.pavic(a)amd.com> drm/amd/display: Allow dirty rects to be sent to dmub when abm is active Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: Override min required DCFCLK in dml1_validate Relja Vojvodic <relja.vojvodic(a)amd.com> drm/amd/display: Add ODM check during pipe split/merge validation Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the validity of overdiver power limit Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Swapnil Patel <swapnil.patel(a)amd.com> drm/amd/display: Change default size for dummy plane in DML2 Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Yuli Wang <wangyuli(a)uniontech.com> LoongArch/crypto: Clean up useless assignment operations Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define the __io_aw() hook as mmiowb() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change __my_cpu_offset definition to avoid mis-optimization David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Feng Liu <feliu(a)nvidia.com> virtio: Define feature bit for administration virtqueue Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potencial out-of-bounds when buffer offset is invalid Alison Schofield <alison.schofield(a)intel.com> cxl/trace: Properly initialize cxl_poison region name Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> drm/i915: Add missing ; to __assign_str() macros in tracepoint code Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Dragos Tatulea <dtatulea(a)nvidia.com> net: esp: fix bad handling of pages from page_pool Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Jens Axboe <axboe(a)kernel.dk> io_uring/waitid: always remove waitid entry for cancel all Jens Axboe <axboe(a)kernel.dk> io_uring/futex: always remove futex entry for cancel all Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Constrain even more when continuous reads are enabled Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure all continuous terms are always in sync Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Add a helper for calculating a page index Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Fix and simplify again the continuous read derivations Eugene Korenevsky <ekorenevsky(a)astralinux.ru> cifs: open_cached_dir(): add FILE_READ_EA to desired access Shyam Prasad N <sprasad(a)microsoft.com> cifs: reduce warning log level for server not advertising interfaces Dan Carpenter <dan.carpenter(a)linaro.org> cifs: make cifs_chan_update_iface() a void function Dan Carpenter <dan.carpenter(a)linaro.org> cifs: delete unnecessary NULL checks in cifs_chan_update_iface() Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure server interfaces are requested only for SMB3+ Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: truncate page cache before clearing flags when aborting atomic write Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Bart Van Assche <bvanassche(a)acm.org> Revert "block/mq-deadline: use correct way to throttling write requests" Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Ley Foon Tan <leyfoon.tan(a)starfivetech.com> clocksource/drivers/timer-riscv: Clear timer interrupt on timer initialization Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/probe-helper: warn about negative .get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Alexander Aring <aahringo(a)redhat.com> dlm: fix user space lkb refcounting Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Pavel Begunkov <asml.silence(a)gmail.com> io_uring: clean rings on NO_MMAP alloc fail Jens Axboe <axboe(a)kernel.dk> io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/tpmi: Change vsec offset to u64 Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: replace generic_fillattr with vfs_getattr Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm,tpm_tis: Avoid warning splat at shutdown Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Christian Brauner <brauner(a)kernel.org> eventfd: simplify eventfd_signal() Christian Brauner <brauner(a)kernel.org> i915: make inject_virtual_interrupt() void Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Frank Wunderlich <frank-w(a)public-files.de> thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Steve French <stfrench(a)microsoft.com> cifs: allow changing password during remount Bharath SM <bharathsm(a)microsoft.com> cifs: prevent updating file size from server if we have a read/write lease Paulo Alcantara <pc(a)manguebit.com> smb: client: stop revalidating reparse points unnecessarily Michael Kelley <mhklinux(a)outlook.com> PCI: hv: Fix ring buffer size calculation Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Enable BDF to SID translation properly Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Benjamin Coddington <bcodding(a)redhat.com> NFS: Read unlock folio on nfs_page_create_from_folio() error Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Sam Ravnborg <sam(a)ravnborg.org> sparc32: Fix parport build with sparc32 Johan Hovold <johan+linaro(a)kernel.org> PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot io-wq checks Jens Axboe <axboe(a)kernel.dk> io_uring/net: correctly handle multishot recvmsg retry setup Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Johannes Berg <johannes.berg(a)intel.com> debugfs: fix wait/cancellation handling during remove Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_queue_proc modifying req->flags Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot read defer taskrun cqe posting Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Christian Marangi <ansuelsmth(a)gmail.com> leds: trigger: netdev: Fix kernel panic on interface rename trig notify Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Bluetooth: btnxpuart: Fix btnxpuart_close Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Tony Battersby <tonyb(a)cybernetics.com> block: Fix page refcounts for unaligned buffers in __bio_release_pages() Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Yu Kuai <yukuai3(a)huawei.com> dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape Yu Kuai <yukuai3(a)huawei.com> dm-raid: add a new helper prepare_suspend() in md_personality Yu Kuai <yukuai3(a)huawei.com> md/dm-raid: don't call md_reap_sync_thread() directly Yu Kuai <yukuai3(a)huawei.com> dm-raid: really frozen sync_thread during suspend Yu Kuai <yukuai3(a)huawei.com> md: add a new helper reshape_interrupted() Yu Kuai <yukuai3(a)huawei.com> md: export helper md_is_rdwr() Yu Kuai <yukuai3(a)huawei.com> md: export helpers to stop sync_thread Yu Kuai <yukuai3(a)huawei.com> md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Nick Morrow <morrownr(a)gmail.com> wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: always free reserved space for extent records Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Jonas Gorski <jonas.gorski(a)gmail.com> serial: core: only stop transmit when HW fifo is empty Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: Disable wakeup at remove Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: fix module unload/reload behavior Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Miklos Szeredi <mszeredi(a)redhat.com> fuse: replace remaining make_bad_inode() with fuse_make_bad() Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: track capability/opmode NSS separately Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Always clear the save/restore FDs on reset Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Shivnandan Kumar <quic_kshivnan(a)quicinc.com> cpufreq: Limit resolving a frequency to policy min/max Akira Yokosawa <akiyks(a)gmail.com> docs: Restore "smart quotes" for quotes Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: use mask for write_enable bitfield Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 Gui-Dong Han <2045gemini(a)gmail.com> md/raid5: fix atomicity violation in raid5_cache_count Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Guenter Roeck <linux(a)roeck-us.net> parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Breno Leitao <leitao(a)debian.org> x86/nmi: Fix the inverse "in NMI handler" check Heming Zhao <heming.zhao(a)suse.com> md/md-bitmap: fix incorrect usage for sb_index Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Alexander Sverdlin <alexander.sverdlin(a)siemens.com> mfd: twl: Select MFD_CORE Bernd Schubert <bschubert(a)ddn.com> fuse: fix VM_MAYSHARE and direct_io_allow_mmap Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - change SLAs cleanup flow at shutdown Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Increase nr_cpu_ids to include the boot CPU Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix System Domain probing Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix a register bug Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix locking in TPMI RAPL Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix a NULL pointer dereference Zhang Rui <rui.zhang(a)intel.com> thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature Tor Vic <torvic9(a)mailbox.org> cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Li Lingfeng <lilingfeng3(a)huawei.com> md: use RCU lock to protect traversal in md_spares_need_change() Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Expand MUST_CONNECT flag to always require an enabled link Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Rename pad variable to clarify intent Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add num_links flag to media_pad Marek Vasut <marex(a)denx.de> media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix flags handling when creating pad links Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add local pad to pipeline regardless of the link state Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix the lifetime of the bo cursor memory Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Joakim Zhang <joakim.zhang(a)cixtech.com> remoteproc: virtio: Fix wdg cannot recovery remote processor Krishna chaitanya chundru <quic_krichai(a)quicinc.com> arm64: dts: qcom: sc7280: Add additional MSI interrupts Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: avoid invalid list operation when vendor attach fails Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Unmap the surface before resetting it on a plane state Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/x86/amd-memory-encryption.rst | 16 +- Documentation/conf.py | 6 +- .../userspace-api/media/mediactl/media-types.rst | 11 +- Makefile | 4 +- arch/arm/Kconfig | 4 +- arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 +- arch/arm/configs/imx_v6_v7_defconfig | 1 + arch/arm/include/asm/mman.h | 14 ++ arch/arm/kernel/Makefile | 2 - arch/arm/kernel/iwmmxt.S | 51 ++-- arch/arm/kernel/pj4-cp0.c | 135 ----------- arch/arm/mm/flush.c | 3 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 + arch/arm64/boot/dts/qcom/sm8450-hdk.dts | 4 +- arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/loongarch/crypto/crc32-loongarch.c | 2 - arch/loongarch/include/asm/Kbuild | 1 + arch/loongarch/include/asm/io.h | 2 + arch/loongarch/include/asm/percpu.h | 7 +- arch/loongarch/include/asm/qspinlock.h | 18 -- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/parisc/include/asm/mman.h | 14 ++ arch/parisc/kernel/unaligned.c | 27 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/kernel/prom.c | 12 + arch/powerpc/lib/Makefile | 2 +- arch/sparc/include/asm/parport.h | 259 +-------------------- arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++ arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 -- arch/x86/boot/compressed/efi_mixed.S | 29 ++- arch/x86/coco/core.c | 7 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 14 ++ arch/x86/include/asm/coco.h | 8 +- arch/x86/include/asm/crash_core.h | 2 + arch/x86/include/asm/mem_encrypt.h | 15 +- arch/x86/include/asm/nospec-branch.h | 21 +- arch/x86/include/asm/sev.h | 4 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/x86_init.h | 3 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/eisa.c | 3 +- arch/x86/kernel/fpu/xstate.c | 5 +- arch/x86/kernel/fpu/xstate.h | 14 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/nmi.c | 2 +- arch/x86/kernel/probe_roms.c | 10 - arch/x86/kernel/setup.c | 3 +- arch/x86/kernel/sev-shared.c | 12 +- arch/x86/kernel/sev.c | 31 ++- arch/x86/kernel/x86_init.c | 2 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/hyperv.c | 2 +- arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/reverse_cpuid.h | 33 ++- arch/x86/kvm/svm/sev.c | 25 +- arch/x86/kvm/x86.c | 10 + arch/x86/kvm/xen.c | 4 +- arch/x86/kvm/xen.h | 18 ++ arch/x86/lib/retpoline.S | 11 +- arch/x86/mm/mem_encrypt_amd.c | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 38 ++- block/bio.c | 7 +- block/blk-mq.c | 9 +- block/blk-settings.c | 4 + block/mq-deadline.c | 3 +- crypto/asymmetric_keys/mscode_parser.c | 3 + crypto/asymmetric_keys/pkcs7_parser.c | 4 + crypto/asymmetric_keys/public_key.c | 3 +- crypto/asymmetric_keys/signature.c | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 8 + crypto/testmgr.h | 80 +++++++ drivers/accel/habanalabs/common/device.c | 2 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/cppc_acpi.c | 31 ++- drivers/ata/ahci.c | 5 - drivers/ata/libata-eh.c | 5 +- drivers/ata/libata-scsi.c | 9 + drivers/base/power/wakeirq.c | 4 +- drivers/bluetooth/btnxpuart.c | 3 + drivers/char/tpm/tpm_tis_core.c | 3 +- drivers/clk/qcom/gcc-ipq5018.c | 3 + drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-ipq9574.c | 1 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/clocksource/timer-riscv.c | 3 + drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 2 +- .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 34 +-- drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 +- drivers/crypto/intel/qat/qat_common/adf_rl.c | 20 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 4 +- drivers/cxl/core/trace.h | 14 +- drivers/firewire/ohci.c | 2 + drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 1 + drivers/fpga/dfl.c | 2 +- drivers/gpio/gpiolib-cdev.c | 38 ++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 13 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 60 +++-- .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 ++ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 30 +-- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.c | 54 +++-- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.h | 14 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_mpc.c | 5 +- .../gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 19 +- .../gpu/drm/amd/display/dc/dcn32/dcn32_resource.h | 5 + .../amd/display/dc/dcn32/dcn32_resource_helpers.c | 32 +++ .../drm/amd/display/dc/dcn321/dcn321_resource.c | 2 + .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 16 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 24 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 53 ++++- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 7 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 3 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 41 ++-- .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 12 +- .../drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 41 ---- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 48 +--- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 41 ---- drivers/gpu/drm/amd/display/dc/inc/resource.h | 20 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + .../amd/display/modules/info_packet/info_packet.c | 13 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 19 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 19 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 31 +-- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 18 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 18 +- drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 2 - .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_0_ppt.c | 5 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 +- drivers/gpu/drm/drm_bridge.c | 46 +++- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/drm_probe_helper.c | 7 + drivers/gpu/drm/drm_syncobj.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/display/icl_dsi.c | 3 +- drivers/gpu/drm/i915/display/intel_bios.c | 46 +++- .../drm/i915/display/intel_display_power_well.c | 17 +- drivers/gpu/drm/i915/display/intel_display_trace.h | 6 +- drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 200 +++++++++------- drivers/gpu/drm/i915/display/intel_dpll_mgr.h | 4 + drivers/gpu/drm/i915/display/intel_dsb.c | 14 ++ drivers/gpu/drm/i915/display/intel_vrr.c | 7 +- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/i915/gvt/interrupt.c | 13 +- drivers/gpu/drm/i915/i915_hwmon.c | 37 +-- drivers/gpu/drm/i915/i915_reg.h | 2 +- drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 +- drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1 + drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +- drivers/gpu/drm/nouveau/nvkm/core/client.c | 1 + drivers/gpu/drm/nouveau/nvkm/core/object.c | 26 ++- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/ttm/ttm_tt.c | 13 ++ drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 6 +- drivers/iio/accel/adxl367.c | 8 +- drivers/iio/accel/adxl367_i2c.c | 2 +- drivers/iio/adc/rockchip_saradc.c | 6 +- drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 + drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 5 + drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/input/joystick/xpad.c | 6 + drivers/iommu/dma-iommu.c | 9 + drivers/irqchip/irq-renesas-rzg2l.c | 93 +++++--- drivers/leds/trigger/ledtrig-netdev.c | 4 +- drivers/md/dm-raid.c | 93 ++++++-- drivers/md/dm-snap.c | 4 +- drivers/md/md-bitmap.c | 9 +- drivers/md/md.c | 82 +++++-- drivers/md/md.h | 38 ++- drivers/md/raid5.c | 46 +++- drivers/media/mc/mc-entity.c | 93 ++++++-- .../platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/mfd/Kconfig | 1 + drivers/mfd/intel-lpss-pci.c | 28 ++- drivers/mfd/intel-lpss.c | 9 +- drivers/mfd/intel-lpss.h | 14 +- drivers/misc/fastrpc.c | 10 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/ocxl/file.c | 2 +- drivers/mmc/core/block.c | 14 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 28 ++- drivers/mmc/host/sdhci-omap.c | 3 + drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/nand/raw/nand_base.c | 87 ++++--- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/bca/core.c | 15 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 60 ++--- .../broadcom/brcm80211/brcmfmac/cfg80211.h | 2 + .../broadcom/brcm80211/brcmfmac/cyw/core.c | 33 ++- .../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 + .../broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 39 ++-- .../broadcom/brcm80211/brcmfmac/wcc/core.c | 16 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +- .../net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw88/mac.c | 7 + drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 46 ++-- drivers/nvmem/meson-efuse.c | 25 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/controller/dwc/pcie-qcom.c | 41 +++- drivers/pci/controller/pci-hyperv.c | 3 +- drivers/pci/pci-driver.c | 7 + drivers/pci/pcie/err.c | 20 ++ drivers/pci/quirks.c | 2 + drivers/phy/tegra/xusb.c | 13 ++ drivers/platform/x86/intel/tpmi.c | 9 +- drivers/powercap/intel_rapl_common.c | 34 ++- drivers/powercap/intel_rapl_msr.c | 8 +- drivers/powercap/intel_rapl_tpmi.c | 15 ++ drivers/pwm/pwm-img.c | 4 +- drivers/remoteproc/remoteproc_virtio.c | 6 +- drivers/s390/cio/vfio_ccw_chp.c | 2 +- drivers/s390/cio/vfio_ccw_drv.c | 4 +- drivers/s390/cio/vfio_ccw_ops.c | 6 +- drivers/s390/crypto/vfio_ap_ops.c | 2 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/libsas/sas_expander.c | 51 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +++++----- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++-- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 3 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/scsi_scan.c | 34 +++ drivers/scsi/sd.c | 23 +- drivers/scsi/sg.c | 4 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 25 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- .../int340x_thermal/processor_thermal_device.c | 8 +- .../intel/int340x_thermal/processor_thermal_rapl.c | 8 +- drivers/thermal/intel/intel_tcc.c | 12 +- drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 +- drivers/thermal/mediatek/auxadc_thermal.c | 3 + drivers/thunderbolt/switch.c | 3 + drivers/tty/serial/8250/8250_dw.c | 6 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/qcom_geni_serial.c | 10 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/serial/serial_port.c | 25 +- drivers/tty/vt/vt.c | 2 +- drivers/ufs/host/ufs-qcom.c | 6 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 43 +++- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 72 ++++-- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/dwc3/core.c | 2 + drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-am62.c | 13 +- drivers/usb/dwc3/dwc3-pci.c | 2 - drivers/usb/dwc3/gadget.c | 10 + drivers/usb/dwc3/host.c | 11 + drivers/usb/gadget/function/f_fs.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++-- drivers/usb/host/xhci-ring.c | 8 +- drivers/usb/host/xhci.c | 2 + drivers/usb/misc/usb-ljca.c | 22 +- drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/uas.c | 28 ++- drivers/usb/typec/altmodes/displayport.c | 18 +- drivers/usb/typec/class.c | 7 +- drivers/usb/typec/tcpm/tcpm.c | 7 +- drivers/usb/typec/ucsi/ucsi.c | 56 ++++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++--- drivers/usb/typec/ucsi/ucsi_glink.c | 14 ++ drivers/vdpa/vdpa_user/vduse_dev.c | 6 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 9 +- drivers/vfio/pci/pds/lm.c | 13 ++ drivers/vfio/pci/pds/lm.h | 1 + drivers/vfio/pci/pds/vfio_dev.c | 4 +- drivers/vfio/pci/vfio_pci_core.c | 6 +- drivers/vfio/pci/vfio_pci_intrs.c | 190 +++++++++------ drivers/vfio/platform/vfio_platform_irq.c | 105 ++++++--- drivers/vfio/virqfd.c | 21 ++ drivers/vhost/vdpa.c | 4 +- drivers/vhost/vhost.c | 10 +- drivers/vhost/vhost.h | 2 +- drivers/virt/acrn/ioeventfd.c | 2 +- drivers/virtio/virtio.c | 10 +- drivers/xen/privcmd.c | 2 +- fs/aio.c | 10 +- fs/btrfs/block-group.c | 3 +- fs/btrfs/extent_io.c | 75 ++++-- fs/btrfs/qgroup.c | 10 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 69 +++++- fs/debugfs/inode.c | 25 +- fs/dlm/user.c | 10 +- fs/eventfd.c | 11 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 4 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 6 +- fs/fuse/file.c | 8 +- fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/nfs/direct.c | 11 +- fs/nfs/read.c | 2 + fs/nfs/write.c | 2 +- fs/nfsd/trace.h | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifs_debug.c | 2 + fs/smb/client/cifsglob.h | 5 + fs/smb/client/cifsproto.h | 8 +- fs/smb/client/connect.c | 6 +- fs/smb/client/file.c | 8 +- fs/smb/client/fs_context.c | 27 ++- fs/smb/client/inode.c | 17 +- fs/smb/client/readdir.c | 133 +++++------ fs/smb/client/sess.c | 45 ++-- fs/smb/client/smb2ops.c | 2 + fs/smb/client/smb2pdu.c | 10 +- fs/smb/server/smb2misc.c | 26 ++- fs/smb/server/smb2pdu.c | 228 +++++++++++------- fs/smb/server/smb_common.c | 11 +- fs/smb/server/vfs.c | 12 +- fs/ubifs/file.c | 13 +- include/drm/drm_bridge.h | 33 +++ include/drm/drm_modeset_helper_vtables.h | 3 +- include/drm/ttm/ttm_tt.h | 9 +- include/linux/cpufreq.h | 15 +- include/linux/eventfd.h | 4 +- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/intel_rapl.h | 6 + include/linux/intel_tcc.h | 2 +- include/linux/libata.h | 1 + include/linux/mman.h | 8 + include/linux/mtd/spinand.h | 2 +- include/linux/nfs_fs.h | 1 + include/linux/oid_registry.h | 4 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/serial_core.h | 3 +- include/linux/skbuff.h | 10 + include/linux/vfio.h | 2 + include/media/media-entity.h | 2 + include/net/cfg80211.h | 2 + include/net/cfg802154.h | 1 + include/scsi/scsi_driver.h | 1 + include/scsi/scsi_host.h | 1 + include/uapi/linux/virtio_config.h | 8 +- init/Kconfig | 6 +- init/initramfs.c | 2 +- io_uring/futex.c | 1 + io_uring/io_uring.c | 5 +- io_uring/net.c | 5 +- io_uring/poll.c | 19 +- io_uring/rw.c | 4 + io_uring/waitid.c | 7 +- kernel/bounds.c | 2 +- kernel/cgroup/cpuset.c | 8 +- kernel/crash_core.c | 8 + kernel/dma/swiotlb.c | 37 +-- kernel/entry/common.c | 8 +- kernel/module/Kconfig | 5 + kernel/power/suspend.c | 1 + kernel/printk/printk.c | 27 ++- kernel/sys.c | 7 +- kernel/time/posix-clock.c | 16 +- kernel/trace/ring_buffer.c | 233 ++++++++++-------- kernel/trace/trace.c | 21 +- kernel/workqueue.c | 2 +- lib/pci_iomap.c | 2 +- mm/compaction.c | 7 +- mm/filemap.c | 16 ++ mm/kasan/kasan_test.c | 3 +- mm/memcontrol.c | 10 +- mm/memtest.c | 4 +- mm/mmap.c | 10 +- mm/page_alloc.c | 10 +- mm/shmem_quota.c | 10 +- mm/swapfile.c | 13 +- mm/vmpressure.c | 2 +- mm/vmscan.c | 5 +- net/bluetooth/hci_core.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/ipv4/esp4.c | 8 +- net/ipv6/esp6.c | 8 +- net/mac80211/cfg.c | 7 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/rate.c | 2 +- net/mac80211/sta_info.h | 6 +- net/mac80211/vht.c | 46 ++-- net/mac802154/llsec.c | 18 +- net/netfilter/nf_tables_api.c | 7 + net/wireless/wext-core.c | 7 +- net/xfrm/xfrm_user.c | 3 + samples/vfio-mdev/mtty.c | 4 +- scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 13 +- sound/pci/hda/tas2781_hda_i2c.c | 83 ++++--- sound/sh/aica.c | 17 +- sound/soc/amd/yc/acp6x-mach.c | 7 - tools/include/linux/btf_ids.h | 2 + tools/perf/builtin-top.c | 4 +- tools/testing/selftests/mm/gup_test.c | 67 +++--- tools/testing/selftests/mm/soft-dirty.c | 2 +- tools/testing/selftests/mm/split_huge_page_test.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 3 + tools/testing/selftests/mm/uffd-common.h | 2 + tools/testing/selftests/mm/uffd-unit-tests.c | 13 +- tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- .../selftests/wireguard/qemu/arch/riscv32.config | 1 + .../selftests/wireguard/qemu/arch/riscv64.config | 1 + virt/kvm/async_pf.c | 31 ++- virt/kvm/eventfd.c | 4 +- 486 files changed, 5040 insertions(+), 2801 deletions(-)

1 year, 5 months

13
447
0 0

[PATCH 6.6 000/396] 6.6.24-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.24 release. There are 396 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.24-rc1 Natanael Copa <ncopa(a)alpinelinux.org> tools/resolve_btfids: fix build with musl libc Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Skip ROM range scans and validation for SEV-SNP guests Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix disk not being scanned in after being removed Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: Drop duplicate ID Dave Hansen <dave.hansen(a)linux.intel.com> Revert "x86/bugs: Use fixed addressing for VERW operand" Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use fixed addressing for VERW operand Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of the ha->vp_map pointer Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi_acpi: Refactor and fix DELL quirk Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Kyle Tso <kyletso(a)google.com> usb: typec: Return size of buffer if pd_set operation succeeds yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in port "disable" sysfs attribute Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Properly set system wakeup Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Fix TCG OPAL unlock on system resume Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Make sure migration file isn't accessed after reset Ilya Bakoulin <ilya.bakoulin(a)amd.com> drm/amd/display: Clear OPTC mem select on disable George Shen <george.shen(a)amd.com> drm/amd/display: Disconnect phantom pipe OPP from OPTC being disabled Ilya Bakoulin <ilya.bakoulin(a)amd.com> drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> mtd: spinand: Add support for 5-byte IDs Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Jonathon Hall <jonathon.hall(a)puri.sm> drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/hwmon: Fix locking inversion in sysfs getter Johannes Weiner <hannes(a)cmpxchg.org> drm/amdgpu: fix deadlock while reading mqd from debugfs Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Jocelyn Falempe <jfalempe(a)redhat.com> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Duoming Zhou <duoming(a)zju.edu.cn> nouveau/dmem: handle kcalloc() allocation failure Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Damien Le Moal <dlemoal(a)kernel.org> block: Do not force full zone append completion in req_bio_endio() Liming Sun <limings(a)nvidia.com> sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Romain Naour <romain.naour(a)skf.com> mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Edward Liaw <edliaw(a)google.com> selftests/mm: fix ARM related issue with fork after pthread_create Edward Liaw <edliaw(a)google.com> selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Johannes Weiner <hannes(a)cmpxchg.org> mm: cachestat: fix two shmem bugs Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Harry Wentland <harry.wentland(a)amd.com> Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: don't always use FW dump trig Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: disable MLO for the time being Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: add a flag to disable wireless extensions Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: don't skip block groups with 100% zone unusable Tavian Barnes <tavianator(a)tavianator.com> btrfs: fix race in read_extent_buffer_pages() Carlos Maiolino <cem(a)kernel.org> tmpfs: fix race on handling dquot rbtree Zev Weiss <zev(a)bewilderbeest.net> ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Zev Weiss <zev(a)bewilderbeest.net> prctl: generalize PR_SET_MDWE support check to be per-arch Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Reinstate soft limit for initrd loading Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Cast away type warning in use of max() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Add missing boot_params for mixed mode compat entry John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: add locks to kcontrols Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: remove digital gain kcontrol Kan Liang <kan.liang(a)linux.intel.com> perf top: Use evsel's cpus to replace user_requested_cpus Vitaly Chikunov <vt(a)altlinux.org> selftests/mm: Fix build with _FORTIFY_SOURCE Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: gup_test: conform test to TAP format output Zoltan HERPAI <wigyori(a)uid0.hu> pwm: img: fix pwm clock lookup Oleksandr Tymoshenko <ovt(a)google.com> efi: fix panic in kdump kernel Adamos Ttofari <attofari(a)amazon.de> x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Thomas Gleixner <tglx(a)linutronix.de> x86/mpparse: Register APIC address only once KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Flush posted write in irq_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Implement restriction when writing ISCR register John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present Will Deacon <will(a)kernel.org> swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() Will Deacon <will(a)kernel.org> swiotlb: Fix double-allocation of slots due to broken alignment handling André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Yongqiang Liu <liuyongqiang13(a)huawei.com> ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Ard Biesheuvel <ardb(a)kernel.org> ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Fix position dependent variable references in startup code Borislav Petkov (AMD) <bp(a)alien8.de> x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Josef Bacik <josef(a)toxicpanda.com> btrfs: fix deadlock with fiemap and extent locking Darrick J. Wong <djwong(a)kernel.org> xfs: remove conditional building of rt geometry validator functions Andrey Albershteyn <aalbersh(a)redhat.com> xfs: reset XFS_ATTR_INCOMPLETE filter on node removal Zhang Tianci <zhangtianci.1997(a)bytedance.com> xfs: update dir3 leaf block metadata after swap Jiachen Zhang <zhangjiachen.jaycee(a)bytedance.com> xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real Long Li <leo.lilong(a)huawei.com> xfs: fix perag leak when growfs fails Long Li <leo.lilong(a)huawei.com> xfs: add lock protection when remove perag from radix tree Eric Sandeen <sandeen(a)redhat.com> xfs: short circuit xfs_growfs_data_private() if delta is zero Dave Chinner <dchinner(a)redhat.com> xfs: initialise di_crc in xfs_log_dinode Darrick J. Wong <djwong(a)kernel.org> xfs: add missing nrext64 inode flag check to scrub Darrick J. Wong <djwong(a)kernel.org> xfs: force all buffers to be written during btree bulk load Darrick J. Wong <djwong(a)kernel.org> xfs: fix an off-by-one error in xreap_agextent_binval Darrick J. Wong <djwong(a)kernel.org> xfs: recompute growfsrtfree transaction reservation while growing rt volume Darrick J. Wong <djwong(a)kernel.org> xfs: remove unused fields from struct xbtree_ifakeroot Darrick J. Wong <djwong(a)kernel.org> xfs: make xchk_iget safer in the presence of corrupt inode btrees Darrick J. Wong <djwong(a)kernel.org> xfs: don't allow overly small or large realtime volumes Darrick J. Wong <djwong(a)kernel.org> xfs: fix 32-bit truncation in xfs_compute_rextslog Darrick J. Wong <djwong(a)kernel.org> xfs: make rextslog computation consistent with mkfs Darrick J. Wong <djwong(a)kernel.org> xfs: transfer recovered intent item ownership in ->iop_recover Darrick J. Wong <djwong(a)kernel.org> xfs: pass the xfs_defer_pending object to iop_recover Darrick J. Wong <djwong(a)kernel.org> xfs: use xfs_defer_pending objects to recover intent items Darrick J. Wong <djwong(a)kernel.org> xfs: don't leak recovered attri intent items Christoph Hellwig <hch(a)lst.de> xfs: consider minlen sized extents in xfs_rtallocate_extent_block Darrick J. Wong <djwong(a)kernel.org> xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t Darrick J. Wong <djwong(a)kernel.org> xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8821cu: Fix connection failure Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pcie: fix RB status reading Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Call mixed mode boot services on the firmware's stack Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: handle range offsets in VRR ranges Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Don't explode when the dig port we don't have an AUX CH Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_mpu6050: fix FIFO parsing when empty Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_mpu6050: fix frequency setting when chip is off Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix I2C FIFO data register Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix DEVID read after reset Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Fabio Estevam <festevam(a)denx.de> ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Douglas Anderson <dianders(a)chromium.org> Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()" Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Yicong Yang <yangyicong(a)hisilicon.com> serial: port: Don't suspend if the port is still busy Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Pass proper arguments to scm call Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Peter Collingbourne <pcc(a)google.com> serial: 8250_dw: Do not reclock if already at correct rate Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix failure to detect ring expansion need. Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the error of pwm1_enable setting Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Paolo Bonzini <pbonzini(a)redhat.com> SEV: disable SEV-ES DebugSwap by default Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Edmund Raile <edmund.raile(a)proton.me> firewire: ohci: prevent leak of left-over IRQ on unbind Kees Cook <keescook(a)chromium.org> init/Kconfig: lower GCC version check for -Warray-bounds Max Nguyen <maxwell.nguyen(a)hp.com> Input: xpad - add additional HyperX Controller Identifiers Kamalesh Babulal <kamalesh.babulal(a)oracle.com> cgroup/cpuset: Fix retval in update_cpumask() Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Vlastimil Babka <vbabka(a)suse.cz> mm, mmap: fix vma_merge() case 7 with vma_ops->close Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Andrey Skvortsov <andrej.skvortzov(a)gmail.com> crypto: sun8i-ce - Fix use after free in unprepare Herbert Xu <herbert(a)gondor.apana.org.au> crypto: rk3288 - Fix use after free in unprepare Karol Herbst <kherbst(a)redhat.com> drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf Dave Airlie <airlied(a)redhat.com> nouveau: lock the client object tree. Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Heng Guo <heng.guo(a)windriver.com> net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Audra Mitchell <audra(a)redhat.com> workqueue: Shorten events_freezable_power_efficient name Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: clear the EDID property on failures Jani Nikula <jani.nikula(a)intel.com> drm/bridge: lt8912b: use drm_bridge_edid_read() Jani Nikula <jani.nikula(a)intel.com> drm/bridge: add ->edid_read hook and drm_bridge_edid_read() Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Make sure the mapped tt pages are decrypted when needed Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Hector Martin <marcan(a)marcan.st> wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: add per-vendor feature detection callback Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Yuli Wang <wangyuli(a)uniontech.com> LoongArch/crypto: Clean up useless assignment operations Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define the __io_aw() hook as mmiowb() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change __my_cpu_offset definition to avoid mis-optimization David Hildenbrand <david(a)redhat.com> virtio: reenable config if freezing device failed Alison Schofield <alison.schofield(a)intel.com> cxl/trace: Properly initialize cxl_poison region name Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> drm/i915: Add missing ; to __assign_str() macros in tracepoint code Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Dragos Tatulea <dtatulea(a)nvidia.com> net: esp: fix bad handling of pages from page_pool Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Constrain even more when continuous reads are enabled Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Fix and simplify again the continuous read derivations Eugene Korenevsky <ekorenevsky(a)astralinux.ru> cifs: open_cached_dir(): add FILE_READ_EA to desired access Shyam Prasad N <sprasad(a)microsoft.com> cifs: reduce warning log level for server not advertising interfaces Dan Carpenter <dan.carpenter(a)linaro.org> cifs: make cifs_chan_update_iface() a void function Dan Carpenter <dan.carpenter(a)linaro.org> cifs: delete unnecessary NULL checks in cifs_chan_update_iface() Shyam Prasad N <sprasad(a)microsoft.com> cifs: do not let cifs_chan_update_iface deallocate channels Shyam Prasad N <sprasad(a)microsoft.com> cifs: make sure server interfaces are requested only for SMB3+ Shyam Prasad N <sprasad(a)microsoft.com> cifs: add xid to query server interface call Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: truncate page cache before clearing flags when aborting atomic write Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Bart Van Assche <bvanassche(a)acm.org> Revert "block/mq-deadline: use correct way to throttling write requests" Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/probe-helper: warn about negative .get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Alexander Aring <aahringo(a)redhat.com> dlm: fix user space lkb refcounting Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Pavel Begunkov <asml.silence(a)gmail.com> io_uring: clean rings on NO_MMAP alloc fail Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/tpmi: Change vsec offset to u64 Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: replace generic_fillattr with vfs_getattr Jeff Layton <jlayton(a)kernel.org> server: convert to new timestamp accessors Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm,tpm_tis: Avoid warning splat at shutdown Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Frank Wunderlich <frank-w(a)public-files.de> thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Steve French <stfrench(a)microsoft.com> cifs: allow changing password during remount Bharath SM <bharathsm(a)microsoft.com> cifs: prevent updating file size from server if we have a read/write lease Paulo Alcantara <pc(a)manguebit.com> smb: client: stop revalidating reparse points unnecessarily Michael Kelley <mhklinux(a)outlook.com> PCI: hv: Fix ring buffer size calculation Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Enable BDF to SID translation properly Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Benjamin Coddington <bcodding(a)redhat.com> NFS: Read unlock folio on nfs_page_create_from_folio() error Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Sam Ravnborg <sam(a)ravnborg.org> sparc32: Fix parport build with sparc32 Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix mshot io-wq checks Jens Axboe <axboe(a)kernel.dk> io_uring/net: correctly handle multishot recvmsg retry setup Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Christian Marangi <ansuelsmth(a)gmail.com> leds: trigger: netdev: Fix kernel panic on interface rename trig notify Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Bluetooth: btnxpuart: Fix btnxpuart_close Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Tony Battersby <tonyb(a)cybernetics.com> block: Fix page refcounts for unaligned buffers in __bio_release_pages() Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Nick Morrow <morrownr(a)gmail.com> wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: always free reserved space for extent records Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Jonas Gorski <jonas.gorski(a)gmail.com> serial: core: only stop transmit when HW fifo is empty Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: Disable wakeup at remove Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: fix module unload/reload behavior Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Miklos Szeredi <mszeredi(a)redhat.com> fuse: replace remaining make_bad_inode() with fuse_make_bad() Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Always clear the save/restore FDs on reset Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Shivnandan Kumar <quic_kshivnan(a)quicinc.com> cpufreq: Limit resolving a frequency to policy min/max Akira Yokosawa <akiyks(a)gmail.com> docs: Restore "smart quotes" for quotes Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: use mask for write_enable bitfield Quentin Schulz <quentin.schulz(a)theobroma-systems.com> iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 Gui-Dong Han <2045gemini(a)gmail.com> md/raid5: fix atomicity violation in raid5_cache_count Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Guenter Roeck <linux(a)roeck-us.net> parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Breno Leitao <leitao(a)debian.org> x86/nmi: Fix the inverse "in NMI handler" check Heming Zhao <heming.zhao(a)suse.com> md/md-bitmap: fix incorrect usage for sb_index Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Bernd Schubert <bschubert(a)ddn.com> fuse: fix VM_MAYSHARE and direct_io_allow_mmap Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Increase nr_cpu_ids to include the boot CPU Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix System Domain probing Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix a register bug Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix locking in TPMI RAPL Peter Zijlstra <peterz(a)infradead.org> sched: Simplify tg_set_cfs_bandwidth() Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Fix a NULL pointer dereference Zhang Rui <rui.zhang(a)intel.com> thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature Tor Vic <torvic9(a)mailbox.org> cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Expand MUST_CONNECT flag to always require an enabled link Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Rename pad variable to clarify intent Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add num_links flag to media_pad Marek Vasut <marex(a)denx.de> media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix flags handling when creating pad links Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add local pad to pipeline regardless of the link state Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix the lifetime of the bo cursor memory Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Joakim Zhang <joakim.zhang(a)cixtech.com> remoteproc: virtio: Fix wdg cannot recovery remote processor Krishna chaitanya chundru <quic_krichai(a)quicinc.com> arm64: dts: qcom: sc7280: Add additional MSI interrupts Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: avoid invalid list operation when vendor attach fails Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Unmap the surface before resetting it on a plane state Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/x86/amd-memory-encryption.rst | 16 +- Documentation/conf.py | 6 +- .../userspace-api/media/mediactl/media-types.rst | 11 +- Makefile | 4 +- arch/arm/Kconfig | 4 +- arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 +- arch/arm/configs/imx_v6_v7_defconfig | 1 + arch/arm/include/asm/mman.h | 14 ++ arch/arm/kernel/Makefile | 2 - arch/arm/kernel/iwmmxt.S | 51 ++-- arch/arm/kernel/pj4-cp0.c | 135 ----------- arch/arm/mm/flush.c | 3 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 + arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/loongarch/crypto/crc32-loongarch.c | 2 - arch/loongarch/include/asm/Kbuild | 1 + arch/loongarch/include/asm/io.h | 2 + arch/loongarch/include/asm/percpu.h | 7 +- arch/loongarch/include/asm/qspinlock.h | 18 -- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/parisc/include/asm/mman.h | 14 ++ arch/parisc/kernel/unaligned.c | 27 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/kernel/prom.c | 12 + arch/powerpc/lib/Makefile | 2 +- arch/sparc/include/asm/parport.h | 259 +-------------------- arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++ arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 -- arch/x86/boot/compressed/efi_mixed.S | 29 ++- arch/x86/coco/core.c | 7 +- arch/x86/include/asm/asm.h | 14 ++ arch/x86/include/asm/coco.h | 8 +- arch/x86/include/asm/mem_encrypt.h | 15 +- arch/x86/include/asm/sev.h | 4 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/x86_init.h | 3 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/eisa.c | 3 +- arch/x86/kernel/fpu/xstate.c | 5 +- arch/x86/kernel/fpu/xstate.h | 14 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/nmi.c | 2 +- arch/x86/kernel/probe_roms.c | 10 - arch/x86/kernel/setup.c | 3 +- arch/x86/kernel/sev-shared.c | 12 +- arch/x86/kernel/sev.c | 31 ++- arch/x86/kernel/x86_init.c | 2 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/reverse_cpuid.h | 33 ++- arch/x86/kvm/svm/sev.c | 25 +- arch/x86/kvm/x86.c | 10 + arch/x86/kvm/xen.c | 2 +- arch/x86/kvm/xen.h | 18 ++ arch/x86/mm/mem_encrypt_amd.c | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 38 ++- block/bio.c | 7 +- block/blk-mq.c | 9 +- block/blk-settings.c | 4 + block/mq-deadline.c | 3 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/cppc_acpi.c | 31 ++- drivers/ata/ahci.c | 5 - drivers/ata/libata-eh.c | 5 +- drivers/ata/libata-scsi.c | 9 + drivers/base/power/wakeirq.c | 4 +- drivers/bluetooth/btnxpuart.c | 3 + drivers/char/tpm/tpm_tis_core.c | 3 +- drivers/clk/qcom/gcc-ipq5018.c | 3 + drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-ipq9574.c | 1 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/cpufreq-dt.c | 2 +- .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 34 +-- drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 4 +- drivers/cxl/core/trace.h | 14 +- drivers/firewire/ohci.c | 2 + drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 1 + drivers/gpio/gpiolib-cdev.c | 38 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 49 ++-- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 17 ++ .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + .../amd/display/modules/info_packet/info_packet.c | 13 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 +- drivers/gpu/drm/drm_bridge.c | 46 +++- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/drm_probe_helper.c | 7 + drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/display/icl_dsi.c | 3 +- drivers/gpu/drm/i915/display/intel_bios.c | 46 +++- .../drm/i915/display/intel_display_power_well.c | 17 +- drivers/gpu/drm/i915/display/intel_display_trace.h | 6 +- drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 2 +- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/i915/i915_hwmon.c | 37 +-- drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 +- drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1 + drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +- drivers/gpu/drm/nouveau/nvkm/core/client.c | 1 + drivers/gpu/drm/nouveau/nvkm/core/object.c | 26 ++- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/ttm/ttm_tt.c | 13 ++ drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/iio/accel/adxl367.c | 8 +- drivers/iio/accel/adxl367_i2c.c | 2 +- drivers/iio/adc/rockchip_saradc.c | 6 +- drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 + drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 5 + drivers/input/joystick/xpad.c | 6 + drivers/iommu/dma-iommu.c | 9 + drivers/irqchip/irq-renesas-rzg2l.c | 93 +++++--- drivers/leds/trigger/ledtrig-netdev.c | 4 +- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/md/md-bitmap.c | 9 +- drivers/md/raid5.c | 14 +- drivers/media/mc/mc-entity.c | 93 ++++++-- .../platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/fastrpc.c | 10 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 28 ++- drivers/mmc/host/sdhci-omap.c | 3 + drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/nand/raw/nand_base.c | 48 ++-- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/bca/core.c | 15 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 60 ++--- .../broadcom/brcm80211/brcmfmac/cfg80211.h | 2 + .../broadcom/brcm80211/brcmfmac/cyw/core.c | 33 ++- .../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 + .../broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 +- .../wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 39 ++-- .../broadcom/brcm80211/brcmfmac/wcc/core.c | 16 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 8 +- drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 12 +- drivers/net/wireless/realtek/rtw88/mac.c | 7 + drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 46 ++-- drivers/nvmem/meson-efuse.c | 25 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/controller/dwc/pcie-qcom.c | 10 + drivers/pci/controller/pci-hyperv.c | 3 +- drivers/pci/pci-driver.c | 7 + drivers/pci/pcie/err.c | 20 ++ drivers/pci/quirks.c | 2 + drivers/phy/tegra/xusb.c | 13 ++ drivers/platform/x86/intel/tpmi.c | 9 +- drivers/powercap/intel_rapl_common.c | 34 ++- drivers/powercap/intel_rapl_msr.c | 8 +- drivers/powercap/intel_rapl_tpmi.c | 15 ++ drivers/pwm/pwm-img.c | 4 +- drivers/remoteproc/remoteproc_virtio.c | 6 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/libsas/sas_expander.c | 51 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +++++----- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++-- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 3 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/scsi_scan.c | 34 +++ drivers/scsi/sd.c | 23 +- drivers/scsi/sg.c | 4 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 25 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- .../int340x_thermal/processor_thermal_device.c | 8 +- .../intel/int340x_thermal/processor_thermal_rapl.c | 8 +- drivers/thermal/intel/intel_tcc.c | 12 +- drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 +- drivers/thermal/mediatek/auxadc_thermal.c | 3 + drivers/tty/serial/8250/8250_dw.c | 6 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/qcom_geni_serial.c | 10 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/serial/serial_port.c | 25 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 43 +++- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 72 ++++-- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/dwc3/core.c | 2 + drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-am62.c | 13 +- drivers/usb/dwc3/dwc3-pci.c | 2 - drivers/usb/dwc3/gadget.c | 10 + drivers/usb/dwc3/host.c | 11 + drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++-- drivers/usb/host/xhci-ring.c | 8 +- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/uas.c | 28 ++- drivers/usb/typec/altmodes/displayport.c | 18 +- drivers/usb/typec/class.c | 7 +- drivers/usb/typec/tcpm/tcpm.c | 7 +- drivers/usb/typec/ucsi/ucsi.c | 56 ++++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++--- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/pds/lm.c | 13 ++ drivers/vfio/pci/pds/lm.h | 1 + drivers/vfio/pci/pds/vfio_dev.c | 4 +- drivers/vfio/pci/vfio_pci_intrs.c | 180 ++++++++------ drivers/vfio/platform/vfio_platform_irq.c | 105 ++++++--- drivers/vfio/virqfd.c | 21 ++ drivers/virtio/virtio.c | 10 +- fs/aio.c | 8 +- fs/btrfs/block-group.c | 3 +- fs/btrfs/extent_io.c | 75 ++++-- fs/btrfs/qgroup.c | 10 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/dlm/user.c | 10 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 4 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 6 +- fs/fuse/file.c | 8 +- fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/nfs/direct.c | 11 +- fs/nfs/read.c | 2 + fs/nfs/write.c | 2 +- fs/nfsd/trace.h | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/smb/client/cached_dir.c | 3 +- fs/smb/client/cifs_debug.c | 2 + fs/smb/client/cifsglob.h | 5 + fs/smb/client/cifsproto.h | 8 +- fs/smb/client/connect.c | 10 +- fs/smb/client/file.c | 8 +- fs/smb/client/fs_context.c | 27 ++- fs/smb/client/inode.c | 17 +- fs/smb/client/readdir.c | 133 +++++------ fs/smb/client/sess.c | 45 ++-- fs/smb/client/smb2ops.c | 2 + fs/smb/client/smb2pdu.c | 10 +- fs/smb/server/smb2pdu.c | 180 +++++++++----- fs/smb/server/smb_common.c | 11 +- fs/smb/server/vfs.c | 12 +- fs/ubifs/file.c | 13 +- fs/xfs/libxfs/xfs_ag.c | 36 ++- fs/xfs/libxfs/xfs_ag.h | 2 + fs/xfs/libxfs/xfs_attr.c | 6 +- fs/xfs/libxfs/xfs_bmap.c | 75 +++--- fs/xfs/libxfs/xfs_btree_staging.c | 4 +- fs/xfs/libxfs/xfs_btree_staging.h | 6 - fs/xfs/libxfs/xfs_da_btree.c | 7 + fs/xfs/libxfs/xfs_defer.c | 105 ++++++--- fs/xfs/libxfs/xfs_defer.h | 5 + fs/xfs/libxfs/xfs_format.h | 2 +- fs/xfs/libxfs/xfs_log_recover.h | 5 + fs/xfs/libxfs/xfs_rtbitmap.c | 2 + fs/xfs/libxfs/xfs_rtbitmap.h | 83 +++++++ fs/xfs/libxfs/xfs_sb.c | 20 +- fs/xfs/libxfs/xfs_sb.h | 2 + fs/xfs/libxfs/xfs_types.h | 13 ++ fs/xfs/scrub/common.c | 6 +- fs/xfs/scrub/common.h | 25 ++ fs/xfs/scrub/fscounters.c | 2 +- fs/xfs/scrub/inode.c | 8 +- fs/xfs/scrub/reap.c | 2 +- fs/xfs/scrub/rtbitmap.c | 3 +- fs/xfs/scrub/rtsummary.c | 3 +- fs/xfs/scrub/trace.h | 3 +- fs/xfs/xfs_attr_item.c | 23 +- fs/xfs/xfs_bmap_item.c | 14 +- fs/xfs/xfs_buf.c | 44 +++- fs/xfs/xfs_buf.h | 1 + fs/xfs/xfs_extfree_item.c | 14 +- fs/xfs/xfs_fsmap.c | 2 +- fs/xfs/xfs_fsops.c | 9 +- fs/xfs/xfs_inode_item.c | 3 + fs/xfs/xfs_log.c | 1 + fs/xfs/xfs_log_priv.h | 1 + fs/xfs/xfs_log_recover.c | 116 ++++----- fs/xfs/xfs_refcount_item.c | 13 +- fs/xfs/xfs_rmap_item.c | 14 +- fs/xfs/xfs_rtalloc.c | 14 +- fs/xfs/xfs_rtalloc.h | 73 ------ fs/xfs/xfs_trans.h | 4 +- include/drm/drm_bridge.h | 33 +++ include/drm/drm_modeset_helper_vtables.h | 3 +- include/drm/ttm/ttm_tt.h | 9 +- include/linux/cpu.h | 2 + include/linux/cpufreq.h | 15 +- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/intel_rapl.h | 6 + include/linux/intel_tcc.h | 2 +- include/linux/libata.h | 1 + include/linux/mman.h | 8 + include/linux/mtd/spinand.h | 2 +- include/linux/nfs_fs.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/serial_core.h | 3 +- include/linux/skbuff.h | 10 + include/linux/vfio.h | 2 + include/media/media-entity.h | 2 + include/net/cfg80211.h | 2 + include/net/cfg802154.h | 1 + include/scsi/scsi_driver.h | 1 + include/scsi/scsi_host.h | 1 + include/uapi/linux/snmp.h | 3 +- init/Kconfig | 6 +- init/initramfs.c | 2 +- io_uring/io_uring.c | 5 +- io_uring/net.c | 5 +- kernel/bounds.c | 2 +- kernel/cgroup/cpuset.c | 2 +- kernel/dma/swiotlb.c | 37 +-- kernel/entry/common.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 27 ++- kernel/sched/core.c | 38 +-- kernel/sys.c | 7 +- kernel/trace/ring_buffer.c | 233 ++++++++++-------- kernel/trace/trace.c | 21 +- kernel/workqueue.c | 2 +- lib/pci_iomap.c | 2 +- mm/compaction.c | 7 +- mm/filemap.c | 16 ++ mm/kasan/kasan_test.c | 3 +- mm/memtest.c | 4 +- mm/mmap.c | 10 +- mm/page_alloc.c | 10 +- mm/shmem_quota.c | 10 +- mm/swapfile.c | 13 +- mm/vmscan.c | 5 +- net/bluetooth/hci_core.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/ipv4/esp4.c | 8 +- net/ipv4/ip_output.c | 2 + net/ipv4/proc.c | 3 +- net/ipv6/esp6.c | 8 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/mcast.c | 5 +- net/ipv6/ndisc.c | 2 +- net/ipv6/proc.c | 3 +- net/ipv6/raw.c | 2 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/netfilter/nf_tables_api.c | 7 + net/wireless/wext-core.c | 7 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 13 +- sound/pci/hda/tas2781_hda_i2c.c | 83 ++++--- sound/sh/aica.c | 17 +- sound/soc/amd/yc/acp6x-mach.c | 7 - tools/include/linux/btf_ids.h | 2 + tools/perf/builtin-top.c | 4 +- tools/testing/selftests/mm/gup_test.c | 67 +++--- tools/testing/selftests/mm/soft-dirty.c | 2 +- tools/testing/selftests/mm/split_huge_page_test.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 3 + tools/testing/selftests/mm/uffd-common.h | 2 + tools/testing/selftests/mm/uffd-unit-tests.c | 13 +- tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- .../selftests/wireguard/qemu/arch/riscv32.config | 1 + .../selftests/wireguard/qemu/arch/riscv64.config | 1 + virt/kvm/async_pf.c | 31 ++- 443 files changed, 4373 insertions(+), 2498 deletions(-)

1 year, 5 months

15
413
0 0

[v2] drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init

by Maarten Lankhorst

Add a unreference bo in the error path, to prevent leaking a bo ref. Return 0 on success to clarify the success path. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/intel_fb_bo.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/display/intel_fb_bo.c b/drivers/gpu/drm/xe/display/intel_fb_bo.c index b21da7b745a5..a9c1f9885c6b 100644 --- a/drivers/gpu/drm/xe/display/intel_fb_bo.c +++ b/drivers/gpu/drm/xe/display/intel_fb_bo.c @@ -31,7 +31,7 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, ret = ttm_bo_reserve(&bo->ttm, true, false, NULL); if (ret) - return ret; + goto err; if (!(bo->flags & XE_BO_SCANOUT_BIT)) { /* @@ -42,12 +42,16 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, */ if (XE_IOCTL_DBG(i915, !list_empty(&bo->ttm.base.gpuva.list))) { ttm_bo_unreserve(&bo->ttm); - return -EINVAL; + ret = -EINVAL; + goto err; } bo->flags |= XE_BO_SCANOUT_BIT; } ttm_bo_unreserve(&bo->ttm); + return 0; +err: + xe_bo_put(bo); return ret; } -- 2.43.0

1 year, 5 months

1
0
0 0

Linux 6.7.12

by Greg Kroah-Hartman

Note, this is the LAST 6.7.y kernel to be released. This branch is now end-of-life. Please move to the 6.8.y branch at this point in time. ------------------------------- I'm announcing the release of the 6.7.12 kernel. All users of the 6.7 kernel series must upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 4 Documentation/arch/x86/amd-memory-encryption.rst | 16 Documentation/conf.py | 6 Documentation/userspace-api/media/mediactl/media-types.rst | 11 Makefile | 2 arch/arm/Kconfig | 4 arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 arch/arm/configs/imx_v6_v7_defconfig | 1 arch/arm/include/asm/mman.h | 14 arch/arm/kernel/Makefile | 2 arch/arm/kernel/iwmmxt.S | 51 - arch/arm/kernel/pj4-cp0.c | 135 ----- arch/arm/mm/flush.c | 3 arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 arch/arm64/boot/dts/qcom/sm8450-hdk.dts | 4 arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/loongarch/crypto/crc32-loongarch.c | 2 arch/loongarch/include/asm/Kbuild | 1 arch/loongarch/include/asm/io.h | 2 arch/loongarch/include/asm/percpu.h | 7 arch/loongarch/include/asm/qspinlock.h | 18 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/parisc/include/asm/mman.h | 14 arch/parisc/kernel/unaligned.c | 27 - arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/kernel/prom.c | 12 arch/powerpc/lib/Makefile | 2 arch/sparc/include/asm/parport.h | 259 ---------- arch/sparc/include/asm/parport_64.h | 256 +++++++++ arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 13 arch/x86/boot/compressed/efi_mixed.S | 29 - arch/x86/coco/core.c | 7 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/asm.h | 14 arch/x86/include/asm/coco.h | 8 arch/x86/include/asm/crash_core.h | 2 arch/x86/include/asm/mem_encrypt.h | 15 arch/x86/include/asm/nospec-branch.h | 21 arch/x86/include/asm/sev.h | 4 arch/x86/include/asm/suspend_32.h | 10 arch/x86/include/asm/x86_init.h | 3 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/eisa.c | 3 arch/x86/kernel/fpu/xstate.c | 5 arch/x86/kernel/fpu/xstate.h | 14 arch/x86/kernel/kprobes/core.c | 11 arch/x86/kernel/mpparse.c | 10 arch/x86/kernel/nmi.c | 2 arch/x86/kernel/probe_roms.c | 10 arch/x86/kernel/setup.c | 3 arch/x86/kernel/sev-shared.c | 12 arch/x86/kernel/sev.c | 31 - arch/x86/kernel/x86_init.c | 2 arch/x86/kvm/cpuid.c | 21 arch/x86/kvm/hyperv.c | 2 arch/x86/kvm/lapic.c | 5 arch/x86/kvm/reverse_cpuid.h | 35 - arch/x86/kvm/svm/sev.c | 23 arch/x86/kvm/x86.c | 10 arch/x86/kvm/xen.c | 4 arch/x86/kvm/xen.h | 18 arch/x86/lib/retpoline.S | 11 arch/x86/mm/mem_encrypt_amd.c | 18 arch/x86/mm/mem_encrypt_identity.c | 38 - block/bio.c | 7 block/blk-mq.c | 9 block/blk-settings.c | 4 block/mq-deadline.c | 3 crypto/asymmetric_keys/mscode_parser.c | 3 crypto/asymmetric_keys/pkcs7_parser.c | 4 crypto/asymmetric_keys/public_key.c | 3 crypto/asymmetric_keys/signature.c | 2 crypto/asymmetric_keys/x509_cert_parser.c | 8 crypto/testmgr.h | 80 +++ drivers/accel/habanalabs/common/device.c | 2 drivers/accessibility/speakup/synth.c | 4 drivers/ata/ahci.c | 5 drivers/ata/libata-eh.c | 5 drivers/ata/libata-scsi.c | 9 drivers/base/power/wakeirq.c | 4 drivers/bluetooth/btnxpuart.c | 3 drivers/char/tpm/tpm_tis_core.c | 3 drivers/clk/qcom/gcc-ipq5018.c | 3 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-ipq9574.c | 1 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/clocksource/arm_global_timer.c | 2 drivers/clocksource/timer-riscv.c | 3 drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 34 - drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 drivers/crypto/intel/qat/qat_common/adf_rl.c | 20 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 4 drivers/cxl/core/trace.h | 14 drivers/firewire/ohci.c | 2 drivers/firmware/efi/efi.c | 2 drivers/firmware/efi/libstub/randomalloc.c | 2 drivers/firmware/efi/libstub/x86-stub.c | 1 drivers/fpga/dfl.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c | 20 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 60 +- drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 14 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/core/dc.c | 30 - drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.c | 54 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_mpc.h | 14 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_mpc.c | 5 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 19 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.h | 5 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c | 32 + drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 16 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 24 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 53 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 7 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 41 - drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 41 - drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 48 - drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 41 - drivers/gpu/drm/amd/display/dc/inc/resource.h | 20 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/display/modules/info_packet/info_packet.c | 13 drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 19 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 19 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 31 - drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 18 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 18 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_0_ppt.c | 5 drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 drivers/gpu/drm/drm_bridge.c | 46 + drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/drm_probe_helper.c | 7 drivers/gpu/drm/drm_syncobj.c | 6 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/display/icl_dsi.c | 3 drivers/gpu/drm/i915/display/intel_bios.c | 46 + drivers/gpu/drm/i915/display/intel_display_power_well.c | 17 drivers/gpu/drm/i915/display/intel_display_trace.h | 6 drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 200 ++++--- drivers/gpu/drm/i915/display/intel_dpll_mgr.h | 4 drivers/gpu/drm/i915/display/intel_dsb.c | 14 drivers/gpu/drm/i915/display/intel_vrr.c | 7 drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 3 drivers/gpu/drm/i915/gvt/interrupt.c | 13 drivers/gpu/drm/i915/i915_hwmon.c | 37 - drivers/gpu/drm/i915/i915_reg.h | 2 drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1 drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 drivers/gpu/drm/nouveau/nouveau_gem.c | 2 drivers/gpu/drm/nouveau/nvkm/core/client.c | 1 drivers/gpu/drm/nouveau/nvkm/core/object.c | 26 - drivers/gpu/drm/scheduler/sched_entity.c | 12 drivers/gpu/drm/ttm/ttm_bo_util.c | 13 drivers/gpu/drm/ttm/ttm_tt.c | 13 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 drivers/hwmon/amc6821.c | 11 drivers/i2c/busses/i2c-i801.c | 6 drivers/iio/accel/adxl367.c | 8 drivers/iio/accel/adxl367_i2c.c | 2 drivers/iio/adc/rockchip_saradc.c | 6 drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 5 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/input/joystick/xpad.c | 6 drivers/iommu/dma-iommu.c | 9 drivers/irqchip/irq-renesas-rzg2l.c | 93 ++- drivers/leds/trigger/ledtrig-netdev.c | 4 drivers/md/dm-raid.c | 93 ++- drivers/md/dm-snap.c | 4 drivers/md/md-bitmap.c | 9 drivers/md/md.c | 82 ++- drivers/md/md.h | 38 + drivers/md/raid5.c | 46 + drivers/media/mc/mc-entity.c | 93 ++- drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 drivers/media/tuners/xc4000.c | 4 drivers/mfd/Kconfig | 1 drivers/mfd/intel-lpss-pci.c | 28 - drivers/mfd/intel-lpss.c | 9 drivers/mfd/intel-lpss.h | 14 drivers/misc/fastrpc.c | 10 drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/ocxl/file.c | 2 drivers/mmc/core/block.c | 14 drivers/mmc/host/sdhci-of-dwcmshc.c | 28 - drivers/mmc/host/sdhci-omap.c | 3 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/nand/raw/nand_base.c | 85 ++- drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c | 15 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 60 -- drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c | 33 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 33 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c | 16 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 drivers/net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 11 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 drivers/net/wireless/realtek/rtw88/mac.c | 7 drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 40 + drivers/nvmem/meson-efuse.c | 25 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/controller/dwc/pcie-qcom.c | 41 + drivers/pci/controller/pci-hyperv.c | 3 drivers/pci/pci-driver.c | 7 drivers/pci/pcie/err.c | 20 drivers/pci/quirks.c | 2 drivers/phy/tegra/xusb.c | 13 drivers/platform/x86/intel/tpmi.c | 9 drivers/powercap/intel_rapl_common.c | 34 + drivers/powercap/intel_rapl_msr.c | 8 drivers/powercap/intel_rapl_tpmi.c | 15 drivers/pwm/pwm-img.c | 4 drivers/remoteproc/remoteproc_virtio.c | 6 drivers/s390/cio/vfio_ccw_chp.c | 2 drivers/s390/cio/vfio_ccw_drv.c | 4 drivers/s390/cio/vfio_ccw_ops.c | 6 drivers/s390/crypto/vfio_ap_ops.c | 2 drivers/s390/crypto/zcrypt_api.c | 2 drivers/scsi/hosts.c | 7 drivers/scsi/libsas/sas_expander.c | 51 + drivers/scsi/lpfc/lpfc_bsg.c | 4 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_init.c | 128 ++-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_os.c | 3 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/scsi/scsi_scan.c | 34 + drivers/scsi/sd.c | 23 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 25 drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/tee/optee/device.c | 3 drivers/thermal/devfreq_cooling.c | 2 drivers/thermal/intel/int340x_thermal/processor_thermal_device.c | 8 drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c | 8 drivers/thermal/intel/intel_tcc.c | 12 drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 drivers/thermal/mediatek/auxadc_thermal.c | 3 drivers/thunderbolt/switch.c | 3 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/imx.c | 22 drivers/tty/serial/max310x.c | 7 drivers/tty/serial/qcom_geni_serial.c | 10 drivers/tty/serial/serial_core.c | 12 drivers/tty/serial/serial_port.c | 25 drivers/tty/vt/vt.c | 2 drivers/ufs/host/ufs-qcom.c | 6 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 43 + drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 drivers/usb/dwc2/hcd.c | 49 + drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/dwc2/platform.c | 2 drivers/usb/dwc3/core.c | 2 drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/dwc3-am62.c | 13 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/dwc3/gadget.c | 10 drivers/usb/dwc3/host.c | 11 drivers/usb/gadget/function/f_fs.c | 4 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 39 - drivers/usb/host/xhci-ring.c | 8 drivers/usb/host/xhci.c | 2 drivers/usb/misc/usb-ljca.c | 22 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/storage/uas.c | 28 - drivers/usb/typec/altmodes/displayport.c | 18 drivers/usb/typec/class.c | 7 drivers/usb/typec/tcpm/tcpm.c | 7 drivers/usb/typec/ucsi/ucsi.c | 46 + drivers/usb/typec/ucsi/ucsi.h | 4 drivers/usb/typec/ucsi/ucsi_acpi.c | 75 +- drivers/usb/typec/ucsi/ucsi_glink.c | 14 drivers/vdpa/vdpa_user/vduse_dev.c | 6 drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 9 drivers/vfio/pci/pds/lm.c | 13 drivers/vfio/pci/pds/lm.h | 1 drivers/vfio/pci/pds/vfio_dev.c | 4 drivers/vfio/pci/vfio_pci_core.c | 6 drivers/vfio/pci/vfio_pci_intrs.c | 186 ++++--- drivers/vfio/platform/vfio_platform_irq.c | 105 ++-- drivers/vfio/virqfd.c | 21 drivers/vhost/vdpa.c | 4 drivers/vhost/vhost.c | 10 drivers/vhost/vhost.h | 2 drivers/virt/acrn/ioeventfd.c | 2 drivers/virtio/virtio.c | 10 drivers/xen/privcmd.c | 2 fs/aio.c | 10 fs/btrfs/block-group.c | 3 fs/btrfs/extent_io.c | 75 ++ fs/btrfs/qgroup.c | 10 fs/btrfs/scrub.c | 12 fs/btrfs/volumes.c | 69 ++ fs/debugfs/inode.c | 25 fs/dlm/user.c | 10 fs/eventfd.c | 11 fs/exec.c | 1 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/f2fs/f2fs.h | 1 fs/f2fs/segment.c | 4 fs/fat/nfs.c | 6 fs/fuse/dir.c | 6 fs/fuse/file.c | 8 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/nfs/direct.c | 11 fs/nfs/read.c | 2 fs/nfs/write.c | 2 fs/nfsd/trace.h | 2 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/smb/client/cached_dir.c | 3 fs/smb/client/cifs_debug.c | 2 fs/smb/client/cifsglob.h | 5 fs/smb/client/cifsproto.h | 8 fs/smb/client/connect.c | 6 fs/smb/client/file.c | 8 fs/smb/client/fs_context.c | 27 - fs/smb/client/inode.c | 17 fs/smb/client/readdir.c | 133 ++--- fs/smb/client/sess.c | 45 - fs/smb/client/smb2ops.c | 2 fs/smb/client/smb2pdu.c | 10 fs/smb/server/smb2misc.c | 26 - fs/smb/server/smb2pdu.c | 228 +++++--- fs/smb/server/smb_common.c | 11 fs/smb/server/vfs.c | 12 fs/ubifs/file.c | 13 include/drm/drm_bridge.h | 33 + include/drm/drm_modeset_helper_vtables.h | 3 include/drm/ttm/ttm_tt.h | 9 include/linux/cpufreq.h | 15 include/linux/eventfd.h | 4 include/linux/gfp.h | 9 include/linux/hyperv.h | 22 include/linux/intel_rapl.h | 6 include/linux/intel_tcc.h | 2 include/linux/libata.h | 1 include/linux/mman.h | 8 include/linux/mtd/spinand.h | 2 include/linux/nfs_fs.h | 1 include/linux/oid_registry.h | 4 include/linux/phy/tegra/xusb.h | 1 include/linux/ring_buffer.h | 1 include/linux/serial_core.h | 3 include/linux/skbuff.h | 10 include/linux/vfio.h | 2 include/media/media-entity.h | 2 include/net/cfg80211.h | 2 include/net/cfg802154.h | 1 include/scsi/scsi_driver.h | 1 include/scsi/scsi_host.h | 1 include/uapi/linux/virtio_config.h | 8 init/Kconfig | 6 init/initramfs.c | 2 io_uring/futex.c | 1 io_uring/io_uring.c | 5 io_uring/net.c | 5 io_uring/poll.c | 19 io_uring/rw.c | 4 io_uring/waitid.c | 7 kernel/bounds.c | 2 kernel/cgroup/cpuset.c | 8 kernel/crash_core.c | 8 kernel/dma/swiotlb.c | 35 - kernel/entry/common.c | 8 kernel/module/Kconfig | 5 kernel/power/suspend.c | 1 kernel/printk/printk.c | 27 - kernel/sys.c | 7 kernel/time/posix-clock.c | 16 kernel/trace/ring_buffer.c | 233 +++++--- kernel/trace/trace.c | 21 kernel/workqueue.c | 2 lib/pci_iomap.c | 2 mm/compaction.c | 7 mm/filemap.c | 16 mm/kasan/kasan_test.c | 3 mm/memcontrol.c | 10 mm/memtest.c | 4 mm/mmap.c | 10 mm/page_alloc.c | 10 mm/shmem_quota.c | 10 mm/swapfile.c | 13 mm/vmpressure.c | 2 mm/vmscan.c | 5 net/bluetooth/hci_core.c | 6 net/bluetooth/hci_sync.c | 5 net/ipv4/esp4.c | 8 net/ipv6/esp6.c | 8 net/mac80211/cfg.c | 7 net/mac80211/ieee80211_i.h | 2 net/mac80211/rate.c | 2 net/mac80211/sta_info.h | 6 net/mac80211/vht.c | 46 - net/mac802154/llsec.c | 18 net/netfilter/nf_tables_api.c | 7 net/wireless/wext-core.c | 7 net/xfrm/xfrm_user.c | 3 samples/vfio-mdev/mtty.c | 4 scripts/Makefile.extrawarn | 2 security/landlock/syscalls.c | 18 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 13 sound/pci/hda/tas2781_hda_i2c.c | 83 +-- sound/sh/aica.c | 17 sound/soc/amd/yc/acp6x-mach.c | 7 tools/include/linux/btf_ids.h | 2 tools/perf/builtin-top.c | 4 tools/testing/selftests/mm/gup_test.c | 67 +- tools/testing/selftests/mm/soft-dirty.c | 2 tools/testing/selftests/mm/split_huge_page_test.c | 2 tools/testing/selftests/mm/uffd-common.c | 3 tools/testing/selftests/mm/uffd-common.h | 2 tools/testing/selftests/mm/uffd-unit-tests.c | 13 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/mptcp/diag.sh | 6 tools/testing/selftests/wireguard/qemu/arch/riscv32.config | 1 tools/testing/selftests/wireguard/qemu/arch/riscv64.config | 1 virt/kvm/async_pf.c | 31 + virt/kvm/eventfd.c | 4 484 files changed, 4983 insertions(+), 2783 deletions(-) Adamos Ttofari (1): x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Akira Yokosawa (1): docs: Restore "smart quotes" for quotes Alan Stern (4): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Fix deadlock in usb_deauthorize_interface() USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in port "disable" sysfs attribute Aleksandrs Vinarskis (2): mfd: intel-lpss: Switch to generalized quirk table mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530 Alex Deucher (1): drm/amd/display: handle range offsets in VRR ranges Alex Williamson (7): vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio/platform: Disable virqfds on cleanup vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler Alexander Aring (1): dlm: fix user space lkb refcounting Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Sverdlin (1): mfd: twl: Select MFD_CORE Alexander Usyskin (2): mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID Alison Schofield (1): cxl/trace: Properly initialize cxl_poison region name Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Anand Jain (2): btrfs: do not skip re-registration for the mounted device btrfs: validate device maj:min during open Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports Andrey Skvortsov (1): crypto: sun8i-ce - Fix use after free in unprepare André Rösti (1): entry: Respect changes to system call number by trace_sys_enter() Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Ard Biesheuvel (6): x86/efistub: Call mixed mode boot services on the firmware's stack x86/sev: Fix position dependent variable references in startup code ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores x86/efistub: Add missing boot_params for mixed mode compat entry efi/libstub: Cast away type warning in use of max() x86/efistub: Reinstate soft limit for initrd loading Arend van Spriel (2): wifi: brcmfmac: avoid invalid list operation when vendor attach fails wifi: brcmfmac: add per-vendor feature detection callback Arnd Bergmann (2): kasan/test: avoid gcc warning for intentional overflow staging: vc04_services: changen strncpy() to strscpy_pad() Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Audra Mitchell (1): workqueue: Shorten events_freezable_power_efficient name Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Badhri Jagan Sridharan (1): usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices Baokun Li (1): ext4: correct best extent lstart adjustment logic Baoquan He (1): crash: use macro to add crashk_res into iomem early for specific arch Bart Van Assche (2): Revert "block/mq-deadline: use correct way to throttling write requests" fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Benjamin Coddington (1): NFS: Read unlock folio on nfs_page_create_from_folio() error Bernd Schubert (1): fuse: fix VM_MAYSHARE and direct_io_allow_mmap Bharath SM (1): cifs: prevent updating file size from server if we have a read/write lease Biju Das (4): irqchip/renesas-rzg2l: Flush posted write in irq_eoi() irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Bikash Hazarika (1): scsi: qla2xxx: Update manufacturer detail Bitterblue Smith (1): wifi: rtw88: 8821cu: Fix connection failure Borislav Petkov (AMD) (3): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT x86/bugs: Fix the SRSO mitigation on Zen3/4 Breno Leitao (1): x86/nmi: Fix the inverse "in NMI handler" check Brett Creeley (2): vfio/pds: Always clear the save/restore FDs on reset vfio/pds: Make sure migration file isn't accessed after reset Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Carlos Maiolino (1): tmpfs: fix race on handling dquot rbtree Chris Park (1): drm/amd/display: Prevent crash when disable stream Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (4): usb: typec: ucsi: Clear EVENT_PENDING under PPM lock usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi_acpi: Refactor and fix DELL quirk usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Brauner (2): i915: make inject_virtual_interrupt() void eventfd: simplify eventfd_signal() Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christian Marangi (1): leds: trigger: netdev: Fix kernel panic on interface rename trig notify Christophe JAILLET (1): slimbus: core: Remove usage of the deprecated ida_simple_xx() API Claudiu Beznea (2): irqchip/renesas-rzg2l: Implement restriction when writing ISCR register irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Cosmin Tanislav (2): iio: accel: adxl367: fix DEVID read after reset iio: accel: adxl367: fix I2C FIFO data register Damian Muszynski (2): crypto: qat - change SLAs cleanup flow at shutdown crypto: qat - resolve race condition during AER recovery Damien Le Moal (3): block: Clear zone limits for a non-zoned stacked queue block: Do not force full zone append completion in req_bio_endio() scsi: sd: Fix TCG OPAL unlock on system resume Dan Carpenter (3): cifs: delete unnecessary NULL checks in cifs_chan_update_iface() cifs: make cifs_chan_update_iface() a void function staging: vc04_services: fix information leak in create_component() Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Dave Airlie (1): nouveau: lock the client object tree. Dave Hansen (1): Revert "x86/bugs: Use fixed addressing for VERW operand" David Hildenbrand (1): virtio: reenable config if freezing device failed David Woodhouse (1): KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Dillon Varone (2): drm/amd/display: Add dml2 copy functions drm/amd/display: Init DPPCLK from SMU on dcn32 Dmitry Baryshkov (1): scsi: ufs: qcom: Provide default cycles_in_1us value Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Douglas Anderson (1): Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()" Dragos Tatulea (1): net: esp: fix bad handling of pages from page_pool Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (2): nouveau/dmem: handle kcalloc() allocation failure ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Edmund Raile (1): firewire: ohci: prevent leak of left-over IRQ on unbind Edward Liaw (2): selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM selftests/mm: fix ARM related issue with fork after pthread_create Ekansh Gupta (1): misc: fastrpc: Pass proper arguments to scm call Eric Biggers (1): Revert "crypto: pkcs7 - remove sha1 support" Eric Huang (1): drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Eugene Korenevsky (1): cifs: open_cached_dir(): add FILE_READ_EA to desired access Ezra Buehler (1): mtd: spinand: Add support for 5-byte IDs Fabio Estevam (1): ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Feng Liu (1): virtio: Define feature bit for administration virtqueue Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Frank Wunderlich (1): thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Gabor Juhos (6): clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Geliang Tang (1): selftests: mptcp: diag: return KSFT_FAIL not test_cnt George Shen (1): drm/amd/display: Remove MPC rate control logic from DCN30 and above Gergo Koteles (2): ALSA: hda/tas2781: remove digital gain kcontrol ALSA: hda/tas2781: add locks to kcontrols Greg Kroah-Hartman (1): Linux 6.7.12 Guenter Roeck (5): parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (2): media: xc4000: Fix atomicity violation in xc4000_get_frequency md/raid5: fix atomicity violation in raid5_cache_count Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression Hamza Mahfooz (1): drm/amdgpu: make damage clips support configurable Hans de Goede (1): misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Harry Wentland (1): Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Hector Martin (2): wifi: brcmfmac: cfg80211: Use WSEC to set SAE password wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Heikki Krogerus (1): usb: dwc3: pci: Drop duplicate ID Heiner Kallweit (2): i2c: i801: Fix using mux_pdev before it's set i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Heming Zhao (1): md/md-bitmap: fix incorrect usage for sb_index Herbert Xu (1): crypto: rk3288 - Fix use after free in unprepare Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Huacai Chen (2): LoongArch: Change __my_cpu_offset definition to avoid mis-optimization LoongArch: Define the __io_aw() hook as mmiowb() Hugo Villeneuve (1): serial: max310x: fix NULL pointer dereference in I2C instantiation Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (9): drm/probe-helper: warn about negative .get_modes() drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() drm/bridge: add ->edid_read hook and drm_bridge_edid_read() drm/bridge: lt8912b: use drm_bridge_edid_read() drm/bridge: lt8912b: clear the EDID property on failures drm/bridge: lt8912b: do not return negative values from .get_modes() Janusz Krzysztofik (1): drm/i915/hwmon: Fix locking inversion in sysfs getter Jason A. Donenfeld (3): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Jean-Baptiste Maneyrol (2): iio: imu: inv_mpu6050: fix frequency setting when chip is off iio: imu: inv_mpu6050: fix FIFO parsing when empty Jens Axboe (4): io_uring/net: correctly handle multishot recvmsg retry setup io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry io_uring/futex: always remove futex entry for cancel all io_uring/waitid: always remove waitid entry for cancel all Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jiawei Wang (1): ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Jim Mattson (2): KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace KVM: x86: Use a switch statement and macros in __feature_translate() Joakim Zhang (1): remoteproc: virtio: Fix wdg cannot recovery remote processor Jocelyn Falempe (1): drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Johan Hovold (2): PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed Johannes Berg (6): wifi: mac80211: track capability/opmode NSS separately debugfs: fix wait/cancellation handling during remove wifi: cfg80211: add a flag to disable wireless extensions wifi: iwlwifi: mvm: disable MLO for the time being wifi: iwlwifi: fw: don't always use FW dump trig wifi: iwlwifi: mvm: handle debugfs names more carefully Johannes Thumshirn (2): btrfs: zoned: don't skip block groups with 100% zone unusable btrfs: zoned: use zone aware sb location for scrub Johannes Weiner (2): mm: cachestat: fix two shmem bugs drm/amdgpu: fix deadlock while reading mqd from debugfs John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Jonas Gorski (1): serial: core: only stop transmit when HW fifo is empty Jonathon Hall (1): drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Josef Bacik (2): nfs: fix UAF in direct writes btrfs: fix deadlock with fiemap and extent locking Josip Pavic (1): drm/amd/display: Allow dirty rects to be sent to dmub when abm is active Josua Mayer (1): hwmon: (amc6821) add of_match table KONDO KAZUMA(近藤　和真) (1): efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Kailang Yang (2): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Kamalesh Babulal (1): cgroup/cpuset: Fix retval in update_cpumask() Kan Liang (1): perf top: Use evsel's cpus to replace user_requested_cpus Karol Herbst (1): drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf Kees Cook (1): init/Kconfig: lower GCC version check for -Warray-bounds Kevin Loughlin (1): x86/sev: Skip ROM range scans and validation for SEV-SNP guests Krishna Kurapati (2): usb: gadget: ncm: Fix handling of zero block length packets usb: typec: ucsi: Fix race between typec_switch and role_switch Krishna chaitanya chundru (1): arm64: dts: qcom: sc7280: Add additional MSI interrupts Krzysztof Kozlowski (3): arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping Kyle Tso (1): usb: typec: Return size of buffer if pd_set operation succeeds Laurent Pinchart (6): media: mc: Add local pad to pipeline regardless of the link state media: mc: Fix flags handling when creating pad links media: mc: Add num_links flag to media_pad media: mc: Rename pad variable to clarify intent media: mc: Expand MUST_CONNECT flag to always require an enabled link media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Ley Foon Tan (1): clocksource/drivers/timer-riscv: Clear timer interrupt on timer initialization Li Lingfeng (1): md: use RCU lock to protect traversal in md_spares_need_change() Li Ma (1): drm/amd/swsmu: modify the gfx activity scaling Liming Sun (1): sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Lino Sanfilippo (1): tpm,tpm_tis: Avoid warning splat at shutdown Linus Torvalds (1): Fix memory leak in posix_clock_open() Luiz Augusto von Dentz (1): Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Ma Jun (3): drm/amdgpu/pm: Fix NULL pointer dereference when get power limit drm/amdgpu/pm: Check the validity of overdiver power limit drm/amdgpu/pm: Fix the error of pwm1_enable setting Manivannan Sadhasivam (1): PCI: qcom: Enable BDF to SID translation properly Marcel Ziswiler (1): Bluetooth: btnxpuart: Fix btnxpuart_close Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Marek Vasut (1): media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Mario Limonciello (1): drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Marios Makassikis (2): ksmbd: replace generic_fillattr with vfs_getattr ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Martin Blumenstingl (1): clocksource/drivers/arm_global_timer: Fix maximum prescaler value Masami Hiramatsu (Google) (1): kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Mathias Nyman (2): usb: port: Don't try to peer unused USB ports based on location xhci: Fix failure to detect ring expansion need. Matthew Wilcox (Oracle) (2): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Max Nguyen (1): Input: xpad - add additional HyperX Controller Identifiers Maximilian Heyne (1): ext4: fix corruption during on-line resize Michael Ellerman (3): powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core powerpc/smp: Increase nr_cpu_ids to include the boot CPU powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (2): PCI: hv: Fix ring buffer size calculation Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Mickaël Salaün (1): landlock: Warn once if a Landlock action is requested while disabled Mika Westerberg (1): thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (3): fuse: replace remaining make_bad_inode() with fuse_make_bad() fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (5): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: Fix exiting from clock gating usb: dwc2: gadget: LPM flow fix Miquel Raynal (4): mtd: rawnand: Fix and simplify again the continuous read derivations mtd: rawnand: Add a helper for calculating a page index mtd: rawnand: Ensure all continuous terms are always in sync mtd: rawnand: Constrain even more when continuous reads are enabled Muhammad Usama Anjum (3): selftests/mm: gup_test: conform test to TAP format output scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() scsi: lpfc: Correct size for wqe for memset() Namjae Jeon (2): ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() ksmbd: fix potencial out-of-bounds when buffer offset is invalid Natanael Copa (1): tools/resolve_btfids: fix build with musl libc Nathan Chancellor (4): powerpc: xor_vmx: Add '-mhard-float' to CFLAGS kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() hexagon: vmlinux.lds.S: handle attributes section Nicholas Kazlauskas (1): drm/amd/display: Fix idle check for shared firmware state Nick Morrow (1): wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Nicolin Chen (1): iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Nirmoy Das (1): drm/i915: Check before removing mm notifier Oleksandr Tymoshenko (1): efi: fix panic in kdump kernel Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Pablo Neira Ayuso (3): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout Paolo Bonzini (1): SEV: disable SEV-ES DebugSwap by default Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Paulo Alcantara (1): smb: client: stop revalidating reparse points unnecessarily Pavel Begunkov (4): io_uring: fix mshot read defer taskrun cqe posting io_uring: fix io_queue_proc modifying req->flags io_uring: fix mshot io-wq checks io_uring: clean rings on NO_MMAP alloc fail Pawan Gupta (1): x86/bugs: Use fixed addressing for VERW operand Peter Collingbourne (1): serial: Lock console when calling into driver before registration Philip Yang (1): drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Philipp Stanner (1): pci_iounmap(): Fix MMIO mapping leak Prashanth K (1): usb: xhci: Add error handling in xhci_map_urb_for_dma Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Qu Wenruo (1): btrfs: qgroup: always free reserved space for extent records Quentin Schulz (2): iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 iio: adc: rockchip_saradc: use mask for write_enable bitfield Quinn Tran (6): scsi: qla2xxx: Prevent command send on chip reset scsi: qla2xxx: Fix N2N stuck connection scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: NVME|FCP prefer flag not being honored scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error RD Babiera (1): usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Relja Vojvodic (1): drm/amd/display: Add ODM check during pipe split/merge validation Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Rickard x Andersson (1): tty: serial: imx: Fix broken RS485 Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Roger Quadros (2): usb: dwc3-am62: fix module unload/reload behavior usb: dwc3-am62: Disable wakeup at remove Romain Naour (1): mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Roman Li (1): drm/amd/display: Fix bounds check for dcn35 DcfClocks Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Sam Ravnborg (1): sparc32: Fix parport build with sparc32 Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Saurav Kashyap (3): scsi: qla2xxx: Fix double free of the ha->vp_map pointer scsi: qla2xxx: Fix double free of fcport scsi: qla2xxx: Change debug message during driver unload Sean Anderson (2): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (3): KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: x86: Mark target gfn of emulated atomic instruction as dirty KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Shivnandan Kumar (1): cpufreq: Limit resolving a frequency to policy min/max Shyam Prasad N (2): cifs: make sure server interfaces are requested only for SMB3+ cifs: reduce warning log level for server not advertising interfaces Sohaib Nadeem (1): drm/amd/display: Override min required DCFCLK in dml1_validate Srinivas Pandruvada (1): platform/x86/intel/tpmi: Change vsec offset to u64 Srinivasan Shanmugam (1): drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Steve French (1): cifs: allow changing password during remount Steven Rostedt (Google) (9): ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() NFSD: Fix nfsd_clid_class use of __string_len() macro drm/i915: Add missing ; to __assign_str() macros in tracepoint code net: hns3: tracing: fix hclgevf trace event strings tracing: Use .flush() call to wake up readers Sumit Garg (1): tee: optee: Fix kernel panic caused by incorrect error handling Sunmin Jeong (2): f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag f2fs: truncate page cache before clearing flags when aborting atomic write Swapnil Patel (1): drm/amd/display: Change default size for dummy plane in DML2 Tavian Barnes (1): btrfs: fix race in read_extent_buffer_pages() Thinh Nguyen (1): usb: dwc3: Properly set system wakeup Thomas Gleixner (1): x86/mpparse: Register APIC address only once Tony Battersby (1): block: Fix page refcounts for unaligned buffers in __bio_release_pages() Tor Vic (1): cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Ville Syrjälä (11): drm/i915: Don't explode when the dig port we don't have an AUX CH drm/i915: Stop printing pipe name as hex drm/i915: Use named initializers for DPLL info drm/i915: Replace a memset() with zero initialization drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports drm/i915: Include the PLL name in the debug messages drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() drm/i915/vrr: Generate VRR "safe window" for DSB drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly drm/i915/dsb: Fix DSB vblank waits when using VRR Vitaly Chikunov (1): selftests/mm: Fix build with _FORTIFY_SOURCE Vitaly Prosyak (2): drm/amdgpu: fix use-after-free bug drm/sched: fix null-ptr-deref in init entity Vlastimil Babka (2): mm, mmap: fix vma_merge() case 7 with vma_ops->close mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Waiman Long (1): cgroup/cpuset: Fix a memory leak in update_exclusive_cpumask() Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Weitao Wang (1): USB: UAS: return ENODEV when submit urbs fail with device not attached Wenjing Liu (2): drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane drm/amd/display: set odm_combine_policy based on context in dcn32 resource Will Deacon (3): swiotlb: Fix double-allocation of slots due to broken alignment handling swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() swiotlb: Fix alignment checks when both allocation and DMA masks are present Wolfram Sang (1): mmc: tmio: avoid concurrent runs of mmc_request_done() Xi Liu (1): drm/amd/display: Set DCN351 BB and IP the same as DCN35 Xingui Yang (2): scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() scsi: libsas: Fix disk not being scanned in after being removed Ye Zhang (1): thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Yicong Yang (1): serial: port: Don't suspend if the port is still busy Yongqiang Liu (1): ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Yongzhi Liu (1): usb: misc: ljca: Fix double free in error handling path Yu Kuai (9): md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume md: export helpers to stop sync_thread md: export helper md_is_rdwr() md: add a new helper reshape_interrupted() dm-raid: really frozen sync_thread during suspend md/dm-raid: don't call md_reap_sync_thread() directly dm-raid: add a new helper prepare_suspend() in md_personality dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape dm-raid: fix lockdep waring in "pers->hot_add_disk" Yuli Wang (1): LoongArch/crypto: Clean up useless assignment operations Zack Rusin (4): drm/vmwgfx: Unmap the surface before resetting it on a plane state drm/vmwgfx: Fix possible null pointer derefence with invalid contexts drm/vmwgfx: Fix the lifetime of the bo cursor memory drm/ttm: Make sure the mapped tt pages are decrypted when needed Zev Weiss (2): prctl: generalize PR_SET_MDWE support check to be per-arch ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Zhang Rui (5): thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature powercap: intel_rapl: Fix a NULL pointer dereference powercap: intel_rapl: Fix locking in TPMI RAPL powercap: intel_rapl_tpmi: Fix a register bug powercap: intel_rapl_tpmi: Fix System Domain probing Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zoltan HERPAI (1): pwm: img: fix pwm clock lookup yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 5 months

1
1
0 0

[PATCH 2/2] gpio: cdev: check for NULL labels when sanitizing them for irqs

by Kent Gibson

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> We need to take into account that a line's consumer label may be NULL and not try to kstrdup() it in that case but rather pass the NULL pointer up the stack to the interrupt request function. To that end: let make_irq_label() return NULL as a valid return value and use ERR_PTR() instead to signal an allocation failure to callers. Cc: stable(a)vger.kernel.org Fixes: b34490879baa ("gpio: cdev: sanitize the label before requesting the interrupt") Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Closes: https://lore.kernel.org/lkml/20240402093534.212283-1-naresh.kamboju@linaro.… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Kent Gibson <warthog618(a)gmail.com> (rebased) --- drivers/gpio/gpiolib-cdev.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index f4c2da2041e5..8112ec36e55f 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -730,7 +730,16 @@ static u32 line_event_id(int level) static inline char *make_irq_label(const char *orig) { - return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); + char *new; + + if (!orig) + return NULL; + + new = kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); + if (!new) + return ERR_PTR(-ENOMEM); + + return new; } static inline void free_irq_label(const char *label) @@ -1049,8 +1058,8 @@ static int debounce_setup(struct line *line, unsigned int debounce_period_us) return -ENXIO; label = make_irq_label(line->req->label); - if (!label) - return -ENOMEM; + if (IS_ERR(label)) + return PTR_ERR(label); irqflags = IRQF_TRIGGER_FALLING | IRQF_TRIGGER_RISING; ret = request_irq(irq, debounce_irq_handler, irqflags, @@ -1165,8 +1174,8 @@ static int edge_detector_setup(struct line *line, irqflags |= IRQF_ONESHOT; label = make_irq_label(line->req->label); - if (!label) - return -ENOMEM; + if (IS_ERR(label)) + return PTR_ERR(label); /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, @@ -2224,8 +2233,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) goto out_free_le; label = make_irq_label(le->label); - if (!label) { - ret = -ENOMEM; + if (IS_ERR(label)) { + ret = PTR_ERR(label); goto out_free_le; } -- 2.39.2

1 year, 5 months

1
0
0 0

[PATCH net v3] virtio_net: Do not send RSS key if it is not supported

by Breno Leitao

There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_commit_rss_command() 3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather 4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size; 5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function): if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed"); 6) virtio_error() (also QEMU function) set the device as broken vdev->broken = true; 7) Qemu bails out, and do not repond this crazy kernel. 8) The kernel is waiting for the response to come back (function virtnet_send_command()) 9) The kernel is waiting doing the following : while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) cpu_relax(); 10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu `vdev->broken`, so, it never realizes that the vitio is broken at QEMU side. Fix it by not sending RSS commands if the feature is not available in the device. Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") Cc: stable(a)vger.kernel.org Cc: qemu-devel(a)nongnu.org Signed-off-by: Breno Leitao <leitao(a)debian.org> --- Changelog: V2: * Moved from creating a valid packet, by rejecting the request completely V3: * Got some good feedback from and Xuan Zhuo and Heng Qi, and reworked the rejection path. --- drivers/net/virtio_net.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index c22d1118a133..c4a21ec51adf 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3807,6 +3807,7 @@ static int virtnet_set_rxfh(struct net_device *dev, struct netlink_ext_ack *extack) { struct virtnet_info *vi = netdev_priv(dev); + bool update = false; int i; if (rxfh->hfunc != ETH_RSS_HASH_NO_CHANGE && @@ -3814,13 +3815,24 @@ static int virtnet_set_rxfh(struct net_device *dev, return -EOPNOTSUPP; if (rxfh->indir) { + if (!vi->has_rss) + return -EOPNOTSUPP; + for (i = 0; i < vi->rss_indir_table_size; ++i) vi->ctrl->rss.indirection_table[i] = rxfh->indir[i]; + update = true; } - if (rxfh->key) + + if (rxfh->key) { + if (!vi->has_rss && !vi->has_rss_hash_report) + return -EOPNOTSUPP; + memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); + update = true; + } - virtnet_commit_rss_command(vi); + if (update) + virtnet_commit_rss_command(vi); return 0; } @@ -4729,13 +4741,15 @@ static int virtnet_probe(struct virtio_device *vdev) if (virtio_has_feature(vdev, VIRTIO_NET_F_HASH_REPORT)) vi->has_rss_hash_report = true; - if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) + if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) { vi->has_rss = true; - if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_indir_table_size = virtio_cread16(vdev, offsetof(struct virtio_net_config, rss_max_indirection_table_length)); + } + + if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_key_size = virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size)); -- 2.43.0

1 year, 5 months

4
5
0 0

[PATCH v3] HID: i2c-hid: Revert to await reset ACK before reading report descriptor

by Hans de Goede

From: Kenny Levinsen <kl(a)kl.wtf> In af93a167eda9, i2c_hid_parse was changed to continue with reading the report descriptor before waiting for reset to be acknowledged. This has lead to two regressions: 1. We fail to handle reset acknowledgment if it happens while reading the report descriptor. The transfer sets I2C_HID_READ_PENDING, which causes the IRQ handler to return without doing anything. This affects both a Wacom touchscreen and a Sensel touchpad. 2. On a Sensel touchpad, reading the report descriptor this quickly after reset results in all zeroes or partial zeroes. The issues were observed on the Lenovo Thinkpad Z16 Gen 2. The change in question was made based on a Microsoft article[0] stating that Windows 8 *may* read the report descriptor in parallel with awaiting reset acknowledgment, intended as a slight reset performance optimization. Perhaps they only do this if reset is not completing quickly enough for their tastes? As the code is not currently ready to read registers in parallel with a pending reset acknowledgment, and as reading quickly breaks the report descriptor on the Sensel touchpad, revert to waiting for reset acknowledgment before proceeding to read the report descriptor. [0]: https://learn.microsoft.com/en-us/windows-hardware/drivers/hid/plug-and-pla… Fixes: af93a167eda9 ("HID: i2c-hid: Move i2c_hid_finish_hwreset() to after reading the report-descriptor") Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2271136 Cc: stable(a)vger.kernel.org Signed-off-by: Kenny Levinsen <kl(a)kl.wtf> Link: https://lore.kernel.org/r/20240331182440.14477-1-kl@kl.wtf [hdegoede(a)redhat.com Drop no longer necessary abort_reset error exit path] Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/hid/i2c-hid/i2c-hid-core.c | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c index 2df1ab3c31cc..13d67d7c67b4 100644 --- a/drivers/hid/i2c-hid/i2c-hid-core.c +++ b/drivers/hid/i2c-hid/i2c-hid-core.c @@ -735,12 +735,15 @@ static int i2c_hid_parse(struct hid_device *hid) mutex_lock(&ihid->reset_lock); do { ret = i2c_hid_start_hwreset(ihid); - if (ret) + if (ret == 0) + ret = i2c_hid_finish_hwreset(ihid); + else msleep(1000); } while (tries-- > 0 && ret); + mutex_unlock(&ihid->reset_lock); if (ret) - goto abort_reset; + return ret; use_override = i2c_hid_get_dmi_hid_report_desc_override(client->name, &rsize); @@ -750,11 +753,8 @@ static int i2c_hid_parse(struct hid_device *hid) i2c_hid_dbg(ihid, "Using a HID report descriptor override\n"); } else { rdesc = kzalloc(rsize, GFP_KERNEL); - - if (!rdesc) { - ret = -ENOMEM; - goto abort_reset; - } + if (!rdesc) + return -ENOMEM; i2c_hid_dbg(ihid, "asking HID report descriptor\n"); @@ -763,23 +763,10 @@ static int i2c_hid_parse(struct hid_device *hid) rdesc, rsize); if (ret) { hid_err(hid, "reading report descriptor failed\n"); - goto abort_reset; + goto out; } } - /* - * Windows directly reads the report-descriptor after sending reset - * and then waits for resets completion afterwards. Some touchpads - * actually wait for the report-descriptor to be read before signalling - * reset completion. - */ - ret = i2c_hid_finish_hwreset(ihid); -abort_reset: - clear_bit(I2C_HID_RESET_PENDING, &ihid->flags); - mutex_unlock(&ihid->reset_lock); - if (ret) - goto out; - i2c_hid_dbg(ihid, "Report Descriptor: %*ph\n", rsize, rdesc); ret = hid_parse_report(hid, rdesc, rsize); -- 2.44.0

1 year, 5 months

3
2
0 0

[PATCH v2 1/2] Revert "mei: vsc: Call wake_up() in the threaded IRQ handler"

by Wentong Wu

From: Sakari Ailus <sakari.ailus(a)linux.intel.com> This reverts commit 058a38acba15fd8e7b262ec6e17c4204cb15f984. It's not necessary to avoid a spinlock, a sleeping lock on PREEMPT_RT, in an interrupt handler as the interrupt handler itself would be called in a process context if PREEMPT_RT is enabled. So revert the patch. Cc: stable(a)vger.kernel.org # for 6.8 Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> --- drivers/misc/mei/vsc-tp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/misc/mei/vsc-tp.c b/drivers/misc/mei/vsc-tp.c index ecfb70cd057c..968a92a7425d 100644 --- a/drivers/misc/mei/vsc-tp.c +++ b/drivers/misc/mei/vsc-tp.c @@ -419,6 +419,8 @@ static irqreturn_t vsc_tp_isr(int irq, void *data) atomic_inc(&tp->assert_cnt); + wake_up(&tp->xfer_wait); + return IRQ_WAKE_THREAD; } @@ -426,8 +428,6 @@ static irqreturn_t vsc_tp_thread_isr(int irq, void *data) { struct vsc_tp *tp = data; - wake_up(&tp->xfer_wait); - if (tp->event_notify) tp->event_notify(tp->event_notify_context); -- 2.34.1

1 year, 5 months

2
3
0 0

[PATCH] gpio: cdev: check for NULL labels when sanitizing them for irqs

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> We need to take into account that a line's consumer label may be NULL and not try to kstrdup() it in that case but rather pass the NULL pointer up the stack to the interrupt request function. To that end: let make_irq_label() return NULL as a valid return value and use ERR_PTR() instead to signal an allocation failure to callers. Cc: stable(a)vger.kernel.org Fixes: b34490879baa ("gpio: cdev: sanitize the label before requesting the interrupt") Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Closes: https://lore.kernel.org/lkml/20240402093534.212283-1-naresh.kamboju@linaro.… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- drivers/gpio/gpiolib-cdev.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index fa9635610251..1426cc1c4a28 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1085,7 +1085,16 @@ static u32 gpio_v2_line_config_debounce_period(struct gpio_v2_line_config *lc, static inline char *make_irq_label(const char *orig) { - return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); + char *new; + + if (!orig) + return NULL; + + new = kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); + if (!new) + return ERR_PTR(-ENOMEM); + + return new; } static inline void free_irq_label(const char *label) @@ -1158,8 +1167,8 @@ static int edge_detector_setup(struct line *line, irqflags |= IRQF_ONESHOT; label = make_irq_label(line->req->label); - if (!label) - return -ENOMEM; + if (IS_ERR(label)) + return PTR_ERR(label); /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, @@ -2217,8 +2226,8 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) goto out_free_le; label = make_irq_label(le->label); - if (!label) { - ret = -ENOMEM; + if (IS_ERR(label)) { + ret = PTR_ERR(label); goto out_free_le; } -- 2.40.1

1 year, 5 months

3
4
0 0

[PATCH] drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()

by Guo Mengqi

commit 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") introduced drm_dev_get/put() to drm_atomic_helper_shutdown(). And this cause problem in vkms driver exit process. vkms_exit() drm_dev_put() vkms_release() drm_atomic_helper_shutdown() drm_dev_get() drm_dev_put() vkms_release() ------ null pointer access Using 4.19 stable x86 image on qemu, below stacktrace can be triggered by load and unload vkms.ko. root:~ # insmod vkms.ko [ 142.135449] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 142.138713] [drm] Driver supports precise vblank timestamp query. [ 142.142390] [drm] Initialized vkms 1.0.0 20180514 for virtual device on minor 0 root:~ # rmmod vkms.ko [ 144.093710] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0 [ 144.097491] PGD 800000023624e067 P4D 800000023624e067 PUD 22ab59067 PMD 0 [ 144.100802] Oops: 0000 [#1] SMP PTI [ 144.102502] CPU: 0 PID: 3615 Comm: rmmod Not tainted 4.19.310 #1 [ 144.104452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 144.107238] RIP: 0010:device_del+0x34/0x3a0 ... [ 144.131323] Call Trace: [ 144.131962] ? __die+0x7d/0xc0 [ 144.132711] ? no_context+0x152/0x3b0 [ 144.133605] ? wake_up_q+0x70/0x70 [ 144.134436] ? __do_page_fault+0x342/0x4b0 [ 144.135445] ? __switch_to_asm+0x41/0x70 [ 144.136416] ? __switch_to_asm+0x35/0x70 [ 144.137366] ? page_fault+0x1e/0x30 [ 144.138214] ? __drm_atomic_state_free+0x51/0x60 [ 144.139331] ? device_del+0x34/0x3a0 [ 144.140197] platform_device_del.part.14+0x19/0x70 [ 144.141348] platform_device_unregister+0xe/0x20 [ 144.142458] vkms_release+0x10/0x30 [vkms] [ 144.143449] __drm_atomic_helper_disable_all.constprop.31+0x13b/0x150 [ 144.144980] drm_atomic_helper_shutdown+0x4b/0x90 [ 144.146102] vkms_release+0x18/0x30 [vkms] [ 144.147107] vkms_exit+0x29/0x8ec [vkms] [ 144.148053] __x64_sys_delete_module+0x155/0x220 [ 144.149168] do_syscall_64+0x43/0x100 [ 144.150056] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 It seems that the proper unload sequence is: drm_atomic_helper_shutdown(); drm_dev_put(); Just put drm_atomic_helper_shutdown() before drm_dev_put() should solve the problem. Fixes: 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") Signed-off-by: Guo Mengqi <guomengqi3(a)huawei.com> --- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c index b1201c18d3eb..d32e08f17427 100644 --- a/drivers/gpu/drm/vkms/vkms_drv.c +++ b/drivers/gpu/drm/vkms/vkms_drv.c @@ -39,7 +39,6 @@ static void vkms_release(struct drm_device *dev) struct vkms_device *vkms = container_of(dev, struct vkms_device, drm); platform_device_unregister(vkms->platform); - drm_atomic_helper_shutdown(&vkms->drm); drm_mode_config_cleanup(&vkms->drm); drm_dev_fini(&vkms->drm); } @@ -137,6 +136,7 @@ static void __exit vkms_exit(void) } drm_dev_unregister(&vkms_device->drm); + drm_atomic_helper_shutdown(&vkms_device->drm); drm_dev_put(&vkms_device->drm); kfree(vkms_device); -- 2.17.1

1 year, 5 months

4
5
0 0

[PATCH 02/11] drm/mgag200: Bind I2C lifetime to DRM device

by Thomas Zimmermann

Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector still refers to it, so this cleanup leaves behind a stale pointer in struct drm_connector.ddc. Bind the lifetime of the I2C adapter to the connector's lifetime by using DRM's managed release. When the DRM device goes away (after the Linux device) DRM will first clean up the connector and then clean up the I2C adapter. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: b279df242972 ("drm/mgag200: Switch I2C code to managed cleanup") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.0+ --- drivers/gpu/drm/mgag200/mgag200_i2c.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mgag200/mgag200_i2c.c b/drivers/gpu/drm/mgag200/mgag200_i2c.c index 1029fef590f9b..4caeb68f3010c 100644 --- a/drivers/gpu/drm/mgag200/mgag200_i2c.c +++ b/drivers/gpu/drm/mgag200/mgag200_i2c.c @@ -31,6 +31,8 @@ #include <linux/i2c.h> #include <linux/pci.h> +#include <drm/drm_managed.h> + #include "mgag200_drv.h" static int mga_i2c_read_gpio(struct mga_device *mdev) @@ -86,7 +88,7 @@ static int mga_gpio_getscl(void *data) return (mga_i2c_read_gpio(mdev) & i2c->clock) ? 1 : 0; } -static void mgag200_i2c_release(void *res) +static void mgag200_i2c_release(struct drm_device *dev, void *res) { struct mga_i2c_chan *i2c = res; @@ -125,5 +127,5 @@ int mgag200_i2c_init(struct mga_device *mdev, struct mga_i2c_chan *i2c) if (ret) return ret; - return devm_add_action_or_reset(dev->dev, mgag200_i2c_release, i2c); + return drmm_add_action_or_reset(dev, mgag200_i2c_release, i2c); } -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH 01/11] drm/mgag200: Set DDC timeout in milliseconds

by Thomas Zimmermann

Compute the i2c timeout in jiffies from a value in milliseconds. The original values of 2 jiffies equals 2 milliseconds if HZ has been configured to a value of 1000. This corresponds to 2.2 milliseconds used by most other DRM drivers. Update mgag200 accordingly. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 414c45310625 ("mgag200: initial g200se driver (v2)") Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v3.5+ --- drivers/gpu/drm/mgag200/mgag200_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/mgag200/mgag200_i2c.c b/drivers/gpu/drm/mgag200/mgag200_i2c.c index 423eb302be7eb..1029fef590f9b 100644 --- a/drivers/gpu/drm/mgag200/mgag200_i2c.c +++ b/drivers/gpu/drm/mgag200/mgag200_i2c.c @@ -114,7 +114,7 @@ int mgag200_i2c_init(struct mga_device *mdev, struct mga_i2c_chan *i2c) i2c->adapter.algo_data = &i2c->bit; i2c->bit.udelay = 10; - i2c->bit.timeout = 2; + i2c->bit.timeout = usecs_to_jiffies(2200); i2c->bit.data = i2c; i2c->bit.setsda = mga_gpio_setsda; i2c->bit.setscl = mga_gpio_setscl; -- 2.44.0

1 year, 5 months

1
0
0 0

[PATCH] perf/x86/intel/ds: Don't clear the pebs_data_cfg for the last PEBS event

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The MSR_PEBS_DATA_CFG is to configure which data groups should be generated into a PEBS record. It's shared among counters. If there are different configurations among counters, perf combines all the configurations. The first perf command as below requires a complete PEBS record (including memory info, GPRs, XMMs, and LBRs). The second perf command only requires a basic group. However, after the second perf command is running, the MSR_PEBS_DATA_CFG is cleared. Only a basic group is generated in a PEBS record, which is wrong. The required information for the first perf command is missed. $perf record --intr-regs=AX,SP,XMM0 -a -C 8 -b -W -d -c 100000003 -o /dev/null -e cpu/event=0xd0,umask=0x81/upp & $sleep 5 $perf record --per-thread -c 1 -e cycles:pp --no-timestamp --no-tid taskset -c 8 ./noploop 1000 The first PEBS event is a system-wide PEBS event. The second PEBS event is a per-thread event. When the thread is scheduled out, the intel_pmu_pebs_del() is invoked to update the PEBS state. Since the system-wide event is still available, the cpuc->n_pebs is 1. The cpuc->pebs_data_cfg is cleared. The data configuration for the system-wide PEBS event is lost. The (cpuc->n_pebs == 1) was introduced in the commit b6a32f023fcc ("perf/x86: Fix PEBS threshold initialization"). At that time, it indeed didn't hurt whether the state was updated during the removal. Because only the threshold is updated. The calculation of the threshold takes the last PEBS event into account. However, the commit b752ea0c28e3 ("perf/x86/intel/ds: Flush PEBS DS when changing PEBS_DATA_CFG") delay the threshold update, and clears the PEBS data config, which brings the issue. The PEBS data config update should not be shrink in the removal. Fixes: b752ea0c28e3 ("perf/x86/intel/ds: Flush PEBS DS when changing PEBS_DATA_CFG") Reported-by: Stephane Eranian <eranian(a)google.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/ds.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index 2641ba620f12..20ddfed3e721 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -1237,11 +1237,11 @@ pebs_update_state(bool needed_cb, struct cpu_hw_events *cpuc, struct pmu *pmu = event->pmu; /* - * Make sure we get updated with the first PEBS - * event. It will trigger also during removal, but - * that does not hurt: + * Make sure we get updated with the first PEBS event. + * During removal, the pebs_data_cfg is still valid for + * the last PEBS event. Don't clear it. */ - if (cpuc->n_pebs == 1) + if ((cpuc->n_pebs == 1) && add) cpuc->pebs_data_cfg = PEBS_UPDATE_DS_SW; if (needed_cb != pebs_needs_sched_cb(cpuc)) { -- 2.35.1

1 year, 5 months

2
1
0 0

[PATCH v3] mtd: rawnand: qcom: Fix broken misc_cmd_type in exec_op

by Christian Marangi

misc_cmd_type in exec_op have multiple problems. With commit a82990c8a409 ("mtd: rawnand: qcom: Add read/read_start ops in exec_op path") it was reworked and generalized but actually dropped the handling of the OP_RESET_DEVICE command. The rework itself was correct with supporting case where a single misc command is handled, but became problematic by the addition of exiting early if we didn't had an OP_BLOCK_ERASE or an OP_PROGRAM_PAGE operation. Also additional logic was added without clear explaination causing the OP_RESET_DEVICE command to be broken on testing it on a ipq806x nandc. Add some additional logic to restore OP_RESET_DEVICE command handling restoring original functionality. Fixes: a82990c8a409 ("mtd: rawnand: qcom: Add read/read_start ops in exec_op path") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- Changes v3: - Merge patches - Rework commit description Changes v2: - Split patches drivers/mtd/nand/raw/qcom_nandc.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index b079605c84d3..b8cff9240b28 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -2815,7 +2815,7 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub host->cfg0_raw & ~(7 << CW_PER_PAGE)); nandc_set_reg(chip, NAND_DEV0_CFG1, host->cfg1_raw); instrs = 3; - } else { + } else if (q_op.cmd_reg != OP_RESET_DEVICE) { return 0; } @@ -2830,9 +2830,8 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub nandc_set_reg(chip, NAND_EXEC_CMD, 1); write_reg_dma(nandc, NAND_FLASH_CMD, instrs, NAND_BAM_NEXT_SGL); - (q_op.cmd_reg == OP_BLOCK_ERASE) ? write_reg_dma(nandc, NAND_DEV0_CFG0, - 2, NAND_BAM_NEXT_SGL) : read_reg_dma(nandc, - NAND_FLASH_STATUS, 1, NAND_BAM_NEXT_SGL); + if (q_op.cmd_reg == OP_BLOCK_ERASE) + write_reg_dma(nandc, NAND_DEV0_CFG0, 2, NAND_BAM_NEXT_SGL); write_reg_dma(nandc, NAND_EXEC_CMD, 1, NAND_BAM_NEXT_SGL); read_reg_dma(nandc, NAND_FLASH_STATUS, 1, NAND_BAM_NEXT_SGL); -- 2.43.0

1 year, 5 months

3
2
0 0

Requesting backport for 71f15c90e78 (smb: client: retry compound request without reusing lease)

by Meetakshi Setiya

commit 71f15c90e785d1de4bcd65a279e7256684c25c0d upstream smb: client: retry compound request without reusing lease requesting backport to 6.8.x, 6.6.x, 6.5.x and 6.1.x This patch fixes a potential regression (eg. failure of xfstests generic 002 and 013) that is introduced by patch 1 of this patch series: https://lore.kernel.org/stable/CAFTVevWEnEDAQbw59N-R03ppFgqa3qwTySfn61-+T4V… commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 (smb: client: reuse file lease key in compound operations) As per MS-SMB2, lease keys are associated with the filename. The smb client maintains lease keys with the inode. Consequently, if a file has hardlinks, it is possible that the lease for a file be wrongly reused for an operation on its hardlink or vice versa. In cases such as this, the rename, delete and set_path_size compound operations that reuse the lease key (courtesy of patch 1) fail with STATUS_INVALID_PARAMETER. This behaviour (and the fact that lease keys are being associated with the inode and not the filename) was being concealed by the lease breaks issued after each of the mentioned compound operations (even on the same client) since the lease was never being reused. Hence, the fix becomes important. Thanks Meetakshi

1 year, 5 months

1
0
0 0

Requesting backport for ffceb7640cb (smb: client: do not defer close open handles to deleted files)

by Meetakshi Setiya

commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 upstream smb: client: do not defer close open handles to deleted files requesting backport to 6.8.x, 6.6.x, 6.5.x and 6.1.x This patch fixes an issue with deferred closes on the smb client exposed by patch 1 of this patch series: https://lore.kernel.org/stable/CAFTVevWEnEDAQbw59N-R03ppFgqa3qwTySfn61-+T4V… commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 (smb: client: reuse file lease key in compound operations) Without this patch applied, when an application deletes a file before closing all open handles to the said file, the smb client can defer close its handles. Consequentially, creating another file with the same name fails until all deferred handles close (specified by closetimeo value). When the rename, delete and set_path_size compound operations did not reuse leases, the lease breaks took care of degrading the file handle leases everytime one of these operations happened (even when on the same client). Without these (redundant) lease breaks on the same client, the handles still remain valid and this fix becomes necessary. Eg: Patch 1 without this patch would regress xfstest generic 591. Thanks Meetakshi

1 year, 5 months

1
0
0 0

Requesting backport for 2c7d399e551 (smb: client: reuse file lease key in compound operations)

by Meetakshi Setiya

commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 upstream smb: client: reuse file lease key in compound operations requesting backport to 6.8.x, 6.6.x, 6.5.x and 6.1.x This patch aims to fix a customer reported bug on the smb client received by the Azure team. Without this patch, when a file has a lot of dirty pages to be written to the server, any rename, delete or set_path_size operation on the said file, on the same client itself would result in a lease break since there is no lease key sent with the request (even when it is valid). Now, depending on the server's credit grant implementation, the server can stop granting credits to this connection; which causes a deadlock. This patch and the 3 patches that follow are meant to fix this issue and need to be backported to the stable kernel releases to resolve the reported bug. Thanks, Meetakshi

1 year, 5 months

1
0
0 0

6.7.11: Fails to hibernate - work queues still busy

by Martin Steigerwald

Hi Thorsten, hi Greg, 6.7.9 + some bcachefs upgrade/downgrade fixes included in 6.7.11 works okay. 6.7.11 fails. Two repeated attempts failed with a dmesg like this: [ 192.465064] r8169 0000:05:00.0 en1: Link is Down [ 193.246691] PM: hibernation: hibernation entry [ 193.622844] Filesystems sync: 0.097 seconds [ 193.623337] Freezing user space processes [ 193.627326] Freezing user space processes completed (elapsed 0.003 seconds) [ 193.627390] OOM killer disabled. [ 193.627889] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff] [ 193.627933] PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff] [ 193.627973] PM: hibernation: Marking nosave pages: [mem 0x09c00000-0x09d00fff] [ 193.628022] PM: hibernation: Marking nosave pages: [mem 0x09f00000-0x09f0ffff] [ 193.628063] PM: hibernation: Marking nosave pages: [mem 0xa22d1000-0xa22d1fff] [ 193.628099] PM: hibernation: Marking nosave pages: [mem 0xa22de000-0xa22dffff] [ 193.628135] PM: hibernation: Marking nosave pages: [mem 0xa22ed000-0xa22eefff] [ 193.628172] PM: hibernation: Marking nosave pages: [mem 0xa22ff000-0xa22fffff] [ 193.628210] PM: hibernation: Marking nosave pages: [mem 0xb9533000-0xb95c3fff] [ 193.628263] PM: hibernation: Marking nosave pages: [mem 0xbd9de000-0xcc3fdfff] [ 193.630011] PM: hibernation: Marking nosave pages: [mem 0xce000000-0xffffffff] [ 193.632545] PM: hibernation: Basic memory bitmaps created [ 193.639135] PM: hibernation: Preallocating image memory [ 195.755034] PM: hibernation: Allocated 2438707 pages for snapshot [ 195.755817] PM: hibernation: Allocated 9754828 kbytes in 2.11 seconds (4623.14 MB/s) [ 195.755842] Freezing remaining freezable tasks [ 215.764748] Freezing remaining freezable tasks failed after 20.009 seconds (0 tasks refusing to freeze, wq_busy=1): [ 215.764813] Showing freezable workqueues that are still busy: [ 215.764841] workqueue events_freezable: flags=0x4 [ 215.764869] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=0 refcnt=2 [ 215.764881] inactive: pci_pme_list_scan [ 215.764895] workqueue usb_hub_wq: flags=0x4 [ 215.764965] pwq 4: cpus=2 node=0 flags=0x0 nice=0 active=2 refcnt=3 [ 215.764974] in-flight: 350:hub_event [usbcore] hub_event [usbcore] [ 215.765212] Restarting kernel threads ... done. [ 216.244833] PM: hibernation: Basic memory bitmaps freed [ 216.245961] OOM killer enabled. [ 216.246377] Restarting tasks ... done. [ 216.250708] thermal thermal_zone0: failed to read out thermal zone (-61) [ 216.252313] PM: hibernation: hibernation exit [ 216.276601] Generic FE-GE Realtek PHY r8169-0-200:00: attached PHY driver (mii_bus:phy_addr=r8169-0-200:00, irq=MAC) [ 216.871301] r8169 0000:02:00.0 en0: rtl_ep_ocp_read_cond == 0 (loop: 30, delay: 10000). [ 216.976901] r8169 0000:02:00.0 en0: Link is Down [ 217.003589] Generic FE-GE Realtek PHY r8169-0-500:00: attached PHY driver (mii_bus:phy_addr=r8169-0-500:00, irq=MAC) [ 217.169087] r8169 0000:05:00.0 en1: Link is Down [ 220.611547] r8169 0000:05:00.0 en1: Link is Up - 1Gbps/Full - flow control rx/tx ThinkPad T14 Gen 1 with AMD Ryzen 4750U and 32 GiB of RAM. Could that be related to the following issue? * Hibernate stuck after recent kernel/workqueue.c changes in Stable 6.6.23 @ 2024-04-02 8:08 Linux regression tracking (Thorsten Leemhuis) https://lore.kernel.org/regressions/ce4c2f67-c298-48a0-87a3-f933d646c73b@le… However I did not find above work queue related error messages in the dmesg in the bug tracker bug report mentioned there: https://bugzilla.kernel.org/show_bug.cgi?id=218658 If really needed I could do a bisect, but it would take a while until I can take time to do it. Best, -- Martin

1 year, 5 months

2
2
0 0

[PATCH 0/7] arm64: dts: imx8: fixed lpcg indices

by Frank Li

Arg0 for qxp lpcg should be indices. Many nodes use index as lpcg's arg0. These patch fix this problem. Signed-off-by: Frank Li <Frank.Li(a)nxp.com> --- Frank Li (7): arm64: dts: imx8-ss-lsio: fix pwm lpcg indices arm64: dts: imx8-ss-conn: fix usb lpcg indices arm64: dts: imx8-ss-dma: fix spi lpcg indices arm64: dts: imx8-ss-dma: fix pwm lpcg indices arm64: dts: imx8-ss-dma: fix adc lpcg indices arm64: dts: imx8-ss-dma: fix can lpcg indices arm64: dts: imx8qm-ss-dma: fix can lpcg indices arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 4 +-- arch/arm64/boot/dts/freescale/imx8-ss-dma.dtsi | 40 ++++++++++++------------ arch/arm64/boot/dts/freescale/imx8-ss-lsio.dtsi | 16 +++++----- arch/arm64/boot/dts/freescale/imx8qm-ss-dma.dtsi | 8 ++--- 4 files changed, 34 insertions(+), 34 deletions(-) --- base-commit: 8d04a7e2ee3fd6aabb8096b00c64db0d735bc874 change-id: 20240401-dts_fix-5b574f831918 Best regards, --- Frank Li <Frank.Li(a)nxp.com>

1 year, 5 months

4
12
0 0

[PATCH] ARM: dts: imx7s-warp: Pass OV2680 link-frequencies

by Fabio Estevam

From: Fabio Estevam <festevam(a)denx.de> Since commit 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") the ov2680 no longer probes on a imx7s-warp7: ov2680 1-0036: error -EINVAL: supported link freq 330000000 not found ov2680 1-0036: probe with driver ov2680 failed with error -22 Fix it by passing the required 'link-frequencies' property as recommended by: https://www.kernel.org/doc/html/v6.9-rc1/driver-api/media/camera-sensor.htm… Cc: stable(a)vger.kernel.org Fixes: 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") Signed-off-by: Fabio Estevam <festevam(a)denx.de> --- arch/arm/boot/dts/nxp/imx/imx7s-warp.dts | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/boot/dts/nxp/imx/imx7s-warp.dts b/arch/arm/boot/dts/nxp/imx/imx7s-warp.dts index ba7231b364bb..7bab113ca6da 100644 --- a/arch/arm/boot/dts/nxp/imx/imx7s-warp.dts +++ b/arch/arm/boot/dts/nxp/imx/imx7s-warp.dts @@ -210,6 +210,7 @@ ov2680_to_mipi: endpoint { remote-endpoint = <&mipi_from_sensor>; clock-lanes = <0>; data-lanes = <1>; + link-frequencies = /bits/ 64 <330000000>; }; }; }; -- 2.34.1

1 year, 5 months

3
4
0 0

[PATCH 5.15 000/317] 5.15.153-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 5.15.153 release. There are 317 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Mar 26 11:34:43 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Ajay Singh (1): wifi: wilc1000: fix multi-vif management when deleting a vif Alban Boyé (1): ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet Alex Bee (1): drm/rockchip: inno_hdmi: Fix video timing Alexander Gordeev (1): net/iucv: fix the allocation size of iucv_path_table array Alexander Stein (1): media: tc358743: register v4l2 async device only after successful setup Alexey I. Froloff (1): ACPI: resource: Do IRQ override on Lunnen Ground laptops Alexey Kodanev (1): RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() Alexis Lothoré (3): wifi: wilc1000: fix declarations ordering wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces Anastasia Belova (1): cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value Andrew Ballance (1): gen_compile_commands: fix invalid escape sequence warning Andrey Grafin (2): libbpf: Apply map_set_def_max_entries() for inner_maps on creation selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values Andy Shevchenko (1): serial: 8250_exar: Don't remove GPIO device on suspend AngeloGioacchino Del Regno (1): drm/mediatek: dsi: Fix DSI RGB666 formats and definitions Armin Wolf (1): ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() Arnaud Pouliquen (2): remoteproc: stm32: Fix incorrect type in assignment for va remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef Arnd Bergmann (11): fs/select: rework stack allocation hack for clang wifi: brcmsmac: avoid function pointer casts media: pvrusb2: fix pvr2_stream_callback casts crypto: arm/sha - fix function cast warnings mtd: rawnand: lpc32xx_mlc: fix irq handler prototype media: dvb-frontends: avoid stack overflow warnings with clang media: mediatek: vcodec: avoid -Wcast-function-type-strict warning scsi: csiostor: Avoid function pointer casts scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn remoteproc: stm32: use correct format strings on 64-bit soc: fsl: dpio: fix kcalloc() argument order Arınç ÜNAL (5): net: dsa: mt7530: prevent possible incorrect XTAL frequency selection net: dsa: mt7530: fix handling of LLDP frames net: dsa: mt7530: fix handling of 802.1X PAE frames net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports net: dsa: mt7530: fix handling of all link-local frames Athaariq Ardhiansyah (1): ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops Baokun Li (1): quota: simplify drop_dquot_ref() Bartosz Golaszewski (1): Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional() Baruch Siach (1): mtd: maps: physmap-core: fix flash size larger than 32-bit Basavaraj Natikar (1): HID: amd_sfh: Update HPD sensor structure elements Ben Wolsieffer (1): watchdog: stm32_iwdg: initialize default timeout Bitterblue Smith (1): wifi: rtw88: 8821c: Fix false alarm count Breno Leitao (1): net: blackhole_dev: fix build warning for ethh set but not used Bryan O'Donoghue (1): clk: Fix clk_core_get NULL dereference Cai Huoqing (1): drm/tegra: dsi: Make use of the helper function dev_err_probe() Changbin Du (1): modules: wait do_free_init correctly Chao Yu (5): f2fs: multidevice: support direct IO f2fs: fix to invalidate META_MAPPING before DIO write f2fs: invalidate meta pages only for post_read required inode f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info f2fs: compress: fix to cover normal cluster write with cp_rwsem Chen Ni (2): sr9800: Add check for usbnet_get_endpoints drm/tegra: dsi: Add missing check for of_find_device_by_node Chen-Yu Tsai (1): pinctrl: mediatek: Drop bogus slew rate register range for MT8192 Christian König (1): drm/ttm: add ttm_resource_fini v2 Christophe JAILLET (13): wireless: Remove redundant 'flush_workqueue()' calls mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() PCI/P2PDMA: Fix a sleeping issue in a RCU read section PCI: switchtec: Fix an error handling path in switchtec_pci_probe() clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() NFS: Fix an off by one in root_nfs_cat() Christophe Leroy (1): powerpc: Force inlining of arch_vmap_p{u/m}d_supported() Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts Colin Ian King (1): usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin Conor Dooley (1): riscv: dts: sifive: add missing #interrupt-cells to pmic Dan Carpenter (1): staging: greybus: fix get_channel_from_mode() failure path Daniel Golle (2): net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up net: ethernet: mtk_eth_soc: fix PPE hanging issue Daniel Thompson (3): backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: lp8788: Fully initialize backlight_properties during probe Daniil Dulov (2): media: go7007: add check of return value of go7007_read_addr() media: pvrusb2: remove redundant NULL check Dave Airlie (1): nouveau: reset the bo resource bus info after an eviction David Gow (3): lib/cmdline: Fix an invalid format specifier in an assertion msg time: test: Fix incorrect format specifier rtc: test: Fix invalid format specifier. David Howells (1): afs: Revert "afs: Hide silly-rename files from userspace" David McFarland (1): ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override Dmitry Baryshkov (2): arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings arm64: dts: qcom: msm8998: declare VLS CLAMP register for USB3 PHY Dmitry Osipenko (1): drm/tegra: dc: rgb: Allow changing PLLD rate on Tegra30+ Duoming Zhou (2): nfp: flower: handle acti_netdevs allocation failure clk: zynq: Prevent null pointer dereference caused by kmalloc failure Edward Adam Davis (1): media: pvrusb2: fix uaf in pvr2_context_set_notify Eric Biggers (1): f2fs: implement iomap operations Eric Dumazet (5): sock_diag: annotate data-races around sock_diag_handlers[family] inet_diag: annotate data-races around inet_diag_table[] ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() packet: annotate data-races around ignore_outgoing Ethan Zhao (2): PCI: Make pci_dev_is_disconnected() helper public for other drivers iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected Fedor Pchelkin (1): drm/tegra: put drm_gem_object ref on error in tegra_fb_create Fei Shao (1): spi: spi-mt65xx: Fix NULL pointer access in interrupt handler Felix Maurer (1): hsr: Handle failures in module init Filipe Manana (1): btrfs: add and use helper to check if block group is used Frank Li (1): PCI: endpoint: Support NTB transfer between RC and EP Frieder Schrempf (5): arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on SD card arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board Gavrilov Ilia (6): tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function net/x25: fix incorrect parameter validation in the x25_getsockopt() function Geert Uytterhoeven (4): ARM: dts: renesas: r8a73a4: Fix external clocks and clock rate ARM: dts: arm: realview: Fix development chip ROM compatible value arm64: dts: renesas: r8a779a0: Update to R-Car Gen4 compatible values arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes George Stark (1): leds: aw2013: Unlock mutex before destroying it Greg Joyce (1): block: sed-opal: handle empty atoms when parsing response Hans de Goede (1): ASoC: rt5645: Make LattePanda board DMI match more precise Harry Wentland (1): drm: Don't treat 0 as -1 in drm_fixp2int_ceil Hou Tao (3): bpf: Defer the free of inner map when necessary x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() Hsin-Yi Wang (2): arm64: dts: mt8183: kukui: Split out keyboard node and describe detachables drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip Hugo Villeneuve (1): serial: max310x: fix syntax error in IRQ error message Hyeong-Jun Kim (1): f2fs: invalidate META_MAPPING before IPU/DIO write Ian Abbott (1): comedi: comedi_test: Prevent timers rescheduling during deletion Ian Rogers (1): perf stat: Avoid metric-only segv Ignat Korchagin (1): net: veth: do not manipulate GRO when using XDP Igor Prusov (1): clk: meson: Add missing clocks to axg_clk_regmaps Ilpo Järvinen (1): PCI/DPC: Print all TLP Prefixes, not just the first Jakub Kicinski (1): selftests: tls: use exact comparison in recv_partial Jan Höppner (1): s390/dasd: Use dev_*() for device log messages Jan Kara (1): quota: Fix rcu annotations of inode dquot pointers Jens Axboe (3): io_uring/unix: drop usage of io_uring socket io_uring: drop any code related to SCM_RIGHTS io_uring: don't save/restore iowait state Jernej Skrabec (3): media: sun8i-di: Fix coefficient writes media: sun8i-di: Fix power on/off sequences media: sun8i-di: Fix chroma difference threshold Jerome Brunet (4): ASoC: meson: aiu: fix function pointer type mismatch ASoC: meson: t9015: fix function pointer type mismatch ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs ASoC: meson: axg-tdm-interface: add frame rate constraint Jiaxun Yang (1): MIPS: Clear Cause.BD in instruction_pointer_set Jie Wang (1): net: hns3: fix port duplex configure error in IMP reset Jinjie Ruan (1): wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() Jiri Slaby (SUSE) (1): tty: vt: fix 20 vs 0x20 typo in EScsiignore Johan Carlsson (1): ALSA: usb-audio: Stop parsing channels bits when all channels are found. Johan Hovold (2): arm64: dts: qcom: msm8998: drop USB PHY clock index PCI/AER: Fix rootport attribute paths in ABI docs Johannes Berg (3): wifi: iwlwifi: mvm: report beacon protection failures wifi: iwlwifi: dbg-tlv: ensure NUL termination wifi: iwlwifi: mvm: don't set replay counters to 0xff Jonah Palmer (1): vdpa/mlx5: Allow CVQ size changes Jonas Dreßler (1): Bluetooth: Remove superfluous call to hci_conn_check_pending() Jorge Mora (2): NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 NFSv4.2: fix listxattr maximum XDR buffer size Jörg Wedekind (1): PCI: Mark 3ware-9650SE Root Port Extended Tags as broken Kailang Yang (1): ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port Kajol Jain (1): powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks Kamal Heib (1): net: ena: Remove ena_select_queue Kees Cook (1): x86, relocs: Ignore relocations in .notes section Keisuke Nishimura (1): sched/fair: Take the scheduling domain into account in select_idle_core() Konrad Dybcio (3): clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times Kuninori Morimoto (1): ASoC: meson: Use dev_err_probe() helper Kuniyuki Iwashima (1): af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). Kunwu Chan (1): x86/xen: Add some null pointer checking to smp.c Kévin L'hôpital (1): net: phy: fix phy_get_internal_delay accessing an empty array Leon Romanovsky (1): RDMA/mlx5: Fix fortify source warning while accessing Eth segment Li Nan (1): md: Don't clear MD_CLOSING when the raid is about to stop Linu Cherian (1): octeontx2-af: Use matching wake_up API variant in CGX command interface Luca Weiss (2): backlight: lm3630a: Initialize backlight_properties on init backlight: lm3630a: Don't set bl->props.brightness in get_brightness Lucas Stach (1): media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix possible buffer overflow Manuel Fombuena (1): HID: multitouch: Add required quirk for Synaptics 0xcddc device Marek Vasut (1): regmap: Add missing map->bus check Mario Limonciello (1): iommu/amd: Mark interrupt as managed Martin KaFai Lau (3): net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr bpf: net: Change sk_getsockopt() to take the sockptr_t argument bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument Martin Kaistra (1): wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work Masahiro Yamada (1): kconfig: fix infinite loop when expanding a macro at the end of file Max Kellermann (1): parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check Maxim Kudinov (1): ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override Mete Durlu (1): s390/vtime: fix average steal time calculation Michael Ellerman (1): powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. Michal Vokáč (3): ARM: dts: imx6dl-yapp4: Move phy reset into switch node ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node Mikhail Khvainitski (1): HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd Mikulas Patocka (2): dm-verity, dm-crypt: align "struct bvec_iter" correctly dm: call the resume method on internal suspend Ming Lei (1): dm raid: fix false positive for requeue needed during reshape Miri Korenblit (1): wifi: iwlwifi: fix EWRD table validity check Miroslav Franc (1): s390/dasd: fix double module refcount decrement Nathan Chancellor (1): s390/vdso: drop '-fPIC' from LDFLAGS Navid Emamdoost (1): nbd: null check for nla_nest_start NeilBrown (1): f2fs: replace congestion_wait() calls with io_schedule_timeout() Nikita Kiryushin (1): net: phy: fix phy_read_poll_timeout argument type in genphy_loopback Nikita Zhandarovich (4): do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak media: em28xx: annotate unchecked call to media_device_register() drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() wireguard: receive: annotate data-race around receiving_counter.counter Nícolas F. R. A. Prado (3): cpufreq: mediatek-hw: Wait for CPU supplies before probing cpufreq: mediatek-hw: Don't error out if supply is not found arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs Ondrej Jirman (1): leds: sgm3140: Add missing timer cleanup and flash gpio control Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: release elements in clone only from destroy path netfilter: nf_tables: do not compare internal table flags on updates Paloma Arellano (1): drm/msm/dpu: add division of drm_display_mode's hskew parameter Paul E. McKenney (1): rcu-tasks: Provide rcu_trace_implies_rcu_gp() Peter Griffin (2): mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref Peter Hilber (3): timekeeping: Fix cross-timestamp interpolation on counter wrap timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation for non-x86 Peter Robinson (2): bus: tegra-aconnect: Update dependency to ARCH_TEGRA dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA Petr Mladek (1): printk: Disable passing console lock owner completely during panic() Prashant Malani (1): arm64: dts: mt8183: kukui: Add Type C node Prike Liang (1): drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series Quanyang Wang (1): crypto: xilinx - call finalize with bh disabled Quentin Schulz (2): drm/rockchip: lvds: do not overwrite error code drm/rockchip: lvds: do not print scary message when probing defer Rafael J. Wysocki (1): ACPI: scan: Fix device check notification handling Rafał Miłecki (3): arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes arm64: dts: marvell: reorder crypto interrupts on Armada SoCs arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells Rahul Rameshbabu (4): wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Disable QoS for bcm4331 Randy Dunlap (1): rtc: mt6397: select IRQ_DOMAIN instead of depending on it Ranjan Kumar (1): scsi: mpt3sas: Prevent sending diag_reset when the controller is ready Rob Herring (1): cpufreq: Explicitly include correct DT includes Russell King (Oracle) (1): net: mtk_eth_soc: move MAC_MCR setting to mac_finish() Ruud Bos (1): igb: move PEROUT and EXTTS isr logic to separate functions Sam Ravnborg (1): sparc32: Fix section mismatch in leon_pci_grpci Saravana Kannan (1): module: Add support for default value for module async_probe Sasha Levin (1): Linux 5.15.153-rc1 Shawn Guo (1): arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node Sheng Yong (1): f2fs: compress: fix to check unreleased compressed cluster Shifeng Li (1): RDMA/device: Fix a race between mad_client and cm_client init Shigeru Yoshida (1): hsr: Fix uninit-value access in hsr_get_node() Shiming Cheng (1): ipv6: fib6_rules: flush route cache when rule is changed Srinivasan Shanmugam (3): drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() Steev Klimaszewski (1): Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855 Stefan Haberland (4): s390/dasd: put block allocation in separate function s390/dasd: add query PPRC function s390/dasd: add copy pair setup s390/dasd: add autoquiesce feature Stephen Brennan (1): printk: Add panic_in_progress helper Stuart Henderson (3): ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll Subbaraya Sundeep (1): octeontx2-af: Use separate handlers for interrupts Takashi Iwai (1): ALSA: seq: fix function cast warnings Takashi Sakamoto (1): firewire: core: use long bus reset on gap count error Thierry Reding (1): drm/tegra: dpaux: Populate AUX bus Thinh Tran (1): net/bnx2x: Prevent access to a freed page in page_pool Thomas Zimmermann (1): arch/powerpc: Remove <linux/fb.h> from backlight code Tiezhu Yang (1): bpftool: Silence build warning about calloc() Tim Harvey (1): arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS Tim Pambor (1): net: phy: dp83822: Fix RGMII TX delay configuration Toke Høiland-Jørgensen (4): wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix stackmap overflow check on 32-bit arches Tomi Valkeinen (1): drm/tidss: Fix initial plane zpos values Tommaso Merciai (1): net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii Tudor Ambarus (1): tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT Uwe Kleine-König (6): Input: gpio_keys_polled - suppress deferred probe error for gpio pwm: atmel-hlcdc: Convert to platform remove callback returning void pwm: atmel-hlcdc: Use consistent variable naming pwm: atmel-hlcdc: Fix clock imbalance related to suspend support pwm: sti: Implement .apply() callback pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan Vinicius Costa Gomes (1): igb: Fix missing time sync events Viresh Kumar (1): OPP: debugfs: Fix warning around icc_get_name() Wang Jianjian (1): quota: Fix potential NULL pointer dereference William Kucharski (1): RDMA/srpt: Do not register event handler until srpt device is fully setup Xingyuan Mo (1): wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() Xiuhong Wang (1): f2fs: compress: fix reserve_cblocks counting error when out of space Yan Zhai (3): rcu: add a helper to report consolidated flavor QS net: report RCU QS on threaded NAPI repolling bpf: report RCU QS in cpumap kthread Yang Jihong (3): perf record: Fix possible incorrect free in record__switch_output() perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() Yang Yingliang (1): NTB: fix possible name leak in ntb_register_device() Yewon Choi (1): rds: introduce acquire/release ordering in acquire/release_in_xmit() Yishai Hadas (1): RDMA/mlx5: Relax DEVX access upon modify commands Yonghong Song (1): bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly Yonglong Liu (1): net: hns3: fix kernel crash when 1588 is received on HIP08 devices Yuxuan Hu (1): Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security Zhang Shurong (1): drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe Zhipeng Lu (9): wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() SUNRPC: fix some memleaks in gssx_dec_option_array drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node drm/lima: fix a memleak in lima_heap_alloc media: v4l2-tpg: fix some memleaks in tpg_alloc media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: edia: dvbdev: fix a use-after-free media: go7007: fix a memleak in go7007_load_encoder media: ttpci: fix two memleaks in budget_av_attach ruanjinjie (1): NTB: EPF: fix possible memory leak in pci_vntb_probe() .../testing/sysfs-bus-pci-devices-aer_stats | 6 +- .../admin-guide/kernel-parameters.txt | 17 +- Makefile | 4 +- arch/arm/boot/dts/arm-realview-pb1176.dts | 2 +- arch/arm/boot/dts/imx6dl-yapp4-common.dtsi | 28 +- arch/arm/boot/dts/r8a73a4-ape6evm.dts | 12 + arch/arm/boot/dts/r8a73a4.dtsi | 9 +- arch/arm/crypto/sha256_glue.c | 13 +- arch/arm/crypto/sha512-glue.c | 12 +- .../boot/dts/broadcom/bcmbca/bcm4908.dtsi | 3 - .../dts/freescale/imx8mm-kontron-n801x-s.dts | 55 +- .../freescale/imx8mm-kontron-n801x-som.dtsi | 4 +- .../dts/freescale/imx8mm-venice-gw71xx.dtsi | 29 +- arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 10 +- arch/arm64/boot/dts/marvell/armada-cp11x.dtsi | 10 +- .../dts/mediatek/mt7622-bananapi-bpi-r64.dts | 1 + arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 1 + .../dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 + .../dts/mediatek/mt8183-kukui-kakadu.dtsi | 10 + .../dts/mediatek/mt8183-kukui-kodama.dtsi | 10 + .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 10 + .../arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 15 +- arch/arm64/boot/dts/qcom/ipq8074.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 42 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 3 - arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 28 +- arch/mips/include/asm/ptrace.h | 1 + arch/parisc/kernel/ftrace.c | 2 +- arch/powerpc/include/asm/backlight.h | 5 +- arch/powerpc/include/asm/vmalloc.h | 4 +- arch/powerpc/perf/hv-gpci.c | 29 +- .../platforms/embedded6xx/linkstation.c | 3 - arch/powerpc/platforms/embedded6xx/mpc10x.h | 3 + arch/powerpc/platforms/powermac/backlight.c | 26 - .../boot/dts/sifive/hifive-unmatched-a00.dts | 1 + arch/s390/include/uapi/asm/dasd.h | 2 + arch/s390/kernel/vdso32/Makefile | 2 +- arch/s390/kernel/vdso64/Makefile | 2 +- arch/s390/kernel/vtime.c | 4 +- arch/sparc/kernel/leon_pci_grpci1.c | 2 +- arch/sparc/kernel/leon_pci_grpci2.c | 2 +- arch/x86/include/asm/vsyscall.h | 10 + arch/x86/mm/fault.c | 9 - arch/x86/mm/maccess.c | 10 + arch/x86/tools/relocs.c | 8 + arch/x86/xen/smp.c | 12 + block/opal_proto.h | 1 + block/sed-opal.c | 6 +- drivers/acpi/processor_idle.c | 2 + drivers/acpi/resource.c | 33 + drivers/acpi/scan.c | 8 +- drivers/base/regmap/regmap.c | 2 +- drivers/block/aoe/aoecmd.c | 12 +- drivers/block/aoe/aoenet.c | 1 + drivers/block/nbd.c | 6 + drivers/bluetooth/btqca.c | 14 +- drivers/bluetooth/btqca.h | 10 + drivers/bluetooth/hci_qca.c | 59 +- drivers/bus/Kconfig | 5 +- drivers/clk/clk.c | 3 + drivers/clk/hisilicon/clk-hi3519.c | 2 +- drivers/clk/hisilicon/clk-hi3559a.c | 1 - drivers/clk/meson/axg.c | 2 + drivers/clk/qcom/dispcc-sdm845.c | 2 + drivers/clk/qcom/reset.c | 27 +- drivers/clk/zynq/clkc.c | 8 +- drivers/comedi/drivers/comedi_test.c | 30 +- drivers/cpufreq/armada-37xx-cpufreq.c | 4 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 2 + drivers/cpufreq/mediatek-cpufreq-hw.c | 22 +- drivers/cpufreq/ppc_cbe_cpufreq.c | 2 +- drivers/cpufreq/ppc_cbe_cpufreq_pmi.c | 1 - drivers/cpufreq/qcom-cpufreq-nvmem.c | 1 - drivers/cpufreq/scpi-cpufreq.c | 2 +- drivers/cpufreq/sti-cpufreq.c | 2 +- drivers/cpufreq/ti-cpufreq.c | 2 +- drivers/cpufreq/vexpress-spc-cpufreq.c | 1 - drivers/crypto/xilinx/zynqmp-aes-gcm.c | 3 + drivers/dma/Kconfig | 14 +- drivers/firewire/core-card.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gtt_mgr.c | 2 + .../gpu/drm/amd/amdgpu/amdgpu_preempt_mgr.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 + drivers/gpu/drm/amd/amdgpu/atom.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 45 +- .../amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- .../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 7 +- drivers/gpu/drm/i915/i915_ttm_buddy_manager.c | 2 + drivers/gpu/drm/lima/lima_gem.c | 23 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 12 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 10 +- .../drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 6 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 + drivers/gpu/drm/nouveau/nouveau_mem.c | 3 +- drivers/gpu/drm/nouveau/nouveau_mem.h | 3 +- drivers/gpu/drm/nouveau/nouveau_ttm.c | 9 +- drivers/gpu/drm/radeon/ni.c | 2 +- drivers/gpu/drm/rockchip/inno_hdmi.c | 4 +- drivers/gpu/drm/rockchip/rockchip_lvds.c | 3 +- drivers/gpu/drm/tegra/Kconfig | 1 + drivers/gpu/drm/tegra/dc.c | 27 +- drivers/gpu/drm/tegra/dc.h | 1 + drivers/gpu/drm/tegra/dpaux.c | 19 +- drivers/gpu/drm/tegra/dsi.c | 47 +- drivers/gpu/drm/tegra/fb.c | 1 + drivers/gpu/drm/tegra/output.c | 16 +- drivers/gpu/drm/tegra/rgb.c | 63 +- drivers/gpu/drm/tidss/tidss_plane.c | 2 +- drivers/gpu/drm/ttm/ttm_range_manager.c | 2 + drivers/gpu/drm/ttm/ttm_resource.c | 23 + drivers/gpu/drm/ttm/ttm_sys_manager.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 7 +- .../gpu/drm/vmwgfx/vmwgfx_system_manager.c | 1 + drivers/hid/amd-sfh-hid/amd_sfh_pcie.h | 6 +- drivers/hid/hid-lenovo.c | 57 +- drivers/hid/hid-multitouch.c | 4 + drivers/infiniband/core/device.c | 37 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/wr.c | 2 +- drivers/infiniband/ulp/rtrs/rtrs-clt-sysfs.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +- drivers/input/keyboard/gpio_keys_polled.c | 10 +- drivers/iommu/amd/init.c | 3 + drivers/iommu/intel/pasid.c | 3 + drivers/leds/flash/leds-sgm3140.c | 3 + drivers/leds/leds-aw2013.c | 1 + drivers/md/dm-crypt.c | 4 +- drivers/md/dm-raid.c | 4 +- drivers/md/dm-verity.h | 4 +- drivers/md/dm.c | 26 +- drivers/md/md.c | 14 +- drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 52 +- drivers/media/dvb-core/dvbdev.c | 5 + drivers/media/dvb-frontends/stv0367.c | 34 +- drivers/media/i2c/tc358743.c | 7 +- drivers/media/pci/ttpci/budget-av.c | 8 +- drivers/media/platform/mtk-mdp/mtk_mdp_vpu.c | 2 +- .../platform/mtk-vcodec/mtk_vcodec_fw_vpu.c | 10 +- drivers/media/platform/mtk-vpu/mtk_vpu.c | 2 +- drivers/media/platform/mtk-vpu/mtk_vpu.h | 2 +- .../media/platform/sunxi/sun8i-di/sun8i-di.c | 69 +- drivers/media/usb/em28xx/em28xx-cards.c | 4 + drivers/media/usb/go7007/go7007-driver.c | 8 +- drivers/media/usb/go7007/go7007-usb.c | 4 +- drivers/media/usb/pvrusb2/pvrusb2-context.c | 10 +- drivers/media/usb/pvrusb2/pvrusb2-dvb.c | 6 +- drivers/media/usb/pvrusb2/pvrusb2-v4l2.c | 11 +- drivers/media/v4l2-core/v4l2-mem2mem.c | 10 +- drivers/mfd/altera-sysmgr.c | 4 +- drivers/mfd/syscon.c | 4 +- drivers/mmc/host/wmt-sdmmc.c | 4 - drivers/mtd/maps/physmap-core.c | 2 +- drivers/mtd/nand/raw/lpc32xx_mlc.c | 5 +- drivers/net/dsa/mt7530.c | 56 +- drivers/net/dsa/mt7530.h | 27 + drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 - .../net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 6 +- .../hisilicon/hns3/hns3pf/hclge_main.c | 5 +- .../hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 112 +- .../net/ethernet/marvell/octeontx2/af/cgx.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu.c | 17 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 38 +- drivers/net/ethernet/mediatek/mtk_ppe.c | 18 +- .../ethernet/netronome/nfp/flower/lag_conf.c | 5 + drivers/net/phy/dp83822.c | 38 +- drivers/net/phy/phy_device.c | 6 +- drivers/net/usb/sr9800.c | 4 +- drivers/net/veth.c | 18 - drivers/net/wireguard/receive.c | 6 +- drivers/net/wireless/ath/ath10k/core.c | 3 - drivers/net/wireless/ath/ath10k/sdio.c | 1 - drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 + drivers/net/wireless/ath/ath9k/htc.h | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_init.c | 4 + drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 4 - drivers/net/wireless/ath/ath9k/wmi.c | 10 +- drivers/net/wireless/broadcom/b43/b43.h | 16 + drivers/net/wireless/broadcom/b43/dma.c | 4 +- drivers/net/wireless/broadcom/b43/main.c | 16 +- drivers/net/wireless/broadcom/b43/pio.c | 6 +- .../broadcom/brcm80211/brcmsmac/phy/phy_cmn.c | 3 +- .../broadcom/brcm80211/brcmsmac/phy_shim.c | 5 +- .../broadcom/brcm80211/brcmsmac/phy_shim.h | 2 +- .../net/wireless/intel/iwlegacy/3945-mac.c | 1 - .../net/wireless/intel/iwlegacy/4965-mac.c | 1 - drivers/net/wireless/intel/iwlwifi/dvm/main.c | 1 - drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 2 +- .../net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 6 + drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 26 +- drivers/net/wireless/marvell/libertas/cmd.c | 13 +- .../net/wireless/marvell/mwifiex/cfg80211.c | 2 - .../net/wireless/marvell/mwifiex/debugfs.c | 3 - drivers/net/wireless/marvell/mwifiex/main.c | 2 - .../wireless/microchip/wilc1000/cfg80211.c | 1 - drivers/net/wireless/microchip/wilc1000/hif.c | 40 +- .../net/wireless/microchip/wilc1000/netdev.c | 29 +- drivers/net/wireless/quantenna/qtnfmac/core.c | 2 - .../wireless/quantenna/qtnfmac/pcie/pcie.c | 2 - .../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 1 + drivers/net/wireless/realtek/rtlwifi/pci.c | 1 - drivers/net/wireless/realtek/rtw88/rtw8821c.c | 2 +- drivers/net/wireless/rndis_wlan.c | 2 - drivers/net/wireless/st/cw1200/bh.c | 2 - drivers/ntb/core.c | 8 +- drivers/opp/debugfs.c | 6 +- drivers/pci/endpoint/functions/Kconfig | 11 + drivers/pci/endpoint/functions/Makefile | 1 + drivers/pci/endpoint/functions/pci-epf-vntb.c | 1421 +++++++++++++++++ drivers/pci/p2pdma.c | 2 +- drivers/pci/pci.h | 5 - drivers/pci/pcie/dpc.c | 2 +- drivers/pci/quirks.c | 1 + drivers/pci/switch/switchtec.c | 4 +- drivers/pinctrl/mediatek/pinctrl-mt8192.c | 1 - drivers/pwm/pwm-atmel-hlcdc.c | 71 +- drivers/pwm/pwm-sti.c | 40 +- drivers/remoteproc/Kconfig | 2 +- drivers/remoteproc/stm32_rproc.c | 12 +- drivers/rtc/Kconfig | 3 +- drivers/rtc/lib_test.c | 2 +- drivers/s390/block/dasd.c | 111 +- drivers/s390/block/dasd_devmap.c | 566 ++++++- drivers/s390/block/dasd_eckd.c | 154 +- drivers/s390/block/dasd_eckd.h | 8 +- drivers/s390/block/dasd_eer.c | 1 + drivers/s390/block/dasd_int.h | 54 + drivers/scsi/bfa/bfa.h | 9 +- drivers/scsi/bfa/bfa_core.c | 4 +- drivers/scsi/bfa/bfa_ioc.h | 8 +- drivers/scsi/bfa/bfad_bsg.c | 11 +- drivers/scsi/csiostor/csio_defs.h | 18 +- drivers/scsi/csiostor/csio_lnode.c | 8 +- drivers/scsi/csiostor/csio_lnode.h | 13 - drivers/scsi/mpt3sas/mpt3sas_base.c | 4 +- drivers/soc/fsl/dpio/dpio-service.c | 2 +- drivers/spi/spi-mt65xx.c | 22 +- drivers/staging/greybus/light.c | 8 +- .../staging/media/imx/imx-media-csc-scaler.c | 1 + drivers/tty/serial/8250/8250_exar.c | 5 +- drivers/tty/serial/max310x.c | 2 +- drivers/tty/serial/samsung_tty.c | 5 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/gadget/udc/net2272.c | 2 +- drivers/vdpa/mlx5/net/mlx5_vnet.c | 13 +- drivers/video/backlight/da9052_bl.c | 1 + drivers/video/backlight/lm3630a_bl.c | 15 +- drivers/video/backlight/lm3639_bl.c | 1 + drivers/video/backlight/lp8788_bl.c | 1 + drivers/watchdog/stm32_iwdg.c | 3 + fs/afs/dir.c | 10 - fs/btrfs/block-group.c | 3 +- fs/btrfs/block-group.h | 7 + fs/f2fs/Kconfig | 1 + fs/f2fs/checkpoint.c | 6 +- fs/f2fs/compress.c | 36 +- fs/f2fs/data.c | 128 +- fs/f2fs/f2fs.h | 49 +- fs/f2fs/file.c | 28 +- fs/f2fs/gc.c | 8 +- fs/f2fs/node.c | 2 +- fs/f2fs/segment.c | 59 +- fs/f2fs/super.c | 13 +- fs/fhandle.c | 2 +- fs/nfs/nfs42.h | 7 +- fs/nfs/nfs4proc.c | 16 +- fs/nfs/nfsroot.c | 4 +- fs/quota/dquot.c | 226 ++- fs/select.c | 2 +- include/drm/drm_fixed.h | 2 +- include/drm/ttm/ttm_resource.h | 3 + include/linux/bpf.h | 7 +- include/linux/filter.h | 24 +- include/linux/igmp.h | 4 +- include/linux/io_uring.h | 10 +- include/linux/mlx5/qp.h | 5 +- include/linux/moduleloader.h | 8 + include/linux/mroute.h | 6 +- include/linux/pci.h | 5 + include/linux/poll.h | 4 - include/linux/rcupdate.h | 43 + include/linux/sockptr.h | 5 + include/trace/events/f2fs.h | 21 +- init/main.c | 5 +- io_uring/io_uring.c | 234 +-- kernel/bpf/cpumap.c | 3 + kernel/bpf/devmap.c | 11 +- kernel/bpf/hashtab.c | 14 +- kernel/bpf/helpers.c | 4 +- kernel/bpf/map_in_map.c | 11 +- kernel/bpf/stackmap.c | 9 +- kernel/bpf/syscall.c | 26 +- kernel/module.c | 20 +- kernel/printk/printk.c | 34 + kernel/rcu/tasks.h | 2 + kernel/sched/fair.c | 4 +- kernel/time/time_test.c | 2 +- kernel/time/timekeeping.c | 24 +- lib/cmdline_kunit.c | 2 +- lib/test_blackhole_dev.c | 3 +- net/bluetooth/hci_core.c | 2 +- net/bluetooth/hci_event.c | 2 - net/bluetooth/rfcomm/core.c | 2 +- net/core/dev.c | 5 +- net/core/filter.c | 5 +- net/core/scm.c | 2 +- net/core/sock.c | 51 +- net/core/sock_diag.c | 10 +- net/hsr/hsr_framereg.c | 4 + net/hsr/hsr_main.c | 15 +- net/ipv4/igmp.c | 22 +- net/ipv4/inet_diag.c | 6 +- net/ipv4/ip_sockglue.c | 80 +- net/ipv4/ip_tunnel.c | 15 +- net/ipv4/ipmr.c | 13 +- net/ipv4/tcp.c | 4 +- net/ipv4/udp.c | 4 +- net/ipv6/fib6_rules.c | 6 + net/ipv6/mcast.c | 1 - net/iucv/iucv.c | 4 +- net/kcm/kcmsock.c | 3 +- net/l2tp/l2tp_ppp.c | 4 +- net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nft_set_pipapo.c | 5 +- net/packet/af_packet.c | 4 +- net/rds/send.c | 5 +- net/sunrpc/addr.c | 4 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 27 +- net/unix/garbage.c | 2 +- net/unix/scm.c | 4 +- net/x25/af_x25.c | 4 +- scripts/clang-tools/gen_compile_commands.py | 2 +- scripts/kconfig/lexer.l | 7 +- sound/core/seq/seq_midi.c | 8 +- sound/core/seq/seq_virmidi.c | 9 +- sound/pci/hda/patch_realtek.c | 64 + sound/soc/codecs/rt5645.c | 10 + sound/soc/codecs/wm8962.c | 29 +- sound/soc/intel/boards/bytcr_rt5640.c | 12 + sound/soc/meson/aiu.c | 49 +- sound/soc/meson/aiu.h | 1 - sound/soc/meson/axg-fifo.c | 16 +- sound/soc/meson/axg-pdm.c | 25 +- sound/soc/meson/axg-spdifin.c | 17 +- sound/soc/meson/axg-spdifout.c | 17 +- sound/soc/meson/axg-tdm-formatter.c | 50 +- sound/soc/meson/axg-tdm-interface.c | 54 +- sound/soc/meson/meson-card-utils.c | 8 +- sound/soc/meson/t9015.c | 30 +- sound/usb/stream.c | 5 +- tools/bpf/bpftool/prog.c | 2 +- tools/lib/bpf/libbpf.c | 4 + tools/perf/builtin-record.c | 2 +- tools/perf/util/evsel.c | 1 - tools/perf/util/stat-display.c | 2 +- tools/perf/util/thread_map.c | 2 +- .../selftests/bpf/progs/test_map_in_map.c | 26 + tools/testing/selftests/bpf/test_maps.c | 6 +- tools/testing/selftests/net/tls.c | 8 +- 361 files changed, 4909 insertions(+), 1864 deletions(-) create mode 100644 drivers/pci/endpoint/functions/pci-epf-vntb.c -- 2.43.0

1 year, 5 months

8
332
0 0

FAILED: patch "[PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c567f2948f57bdc03ed03403ae0234085f376b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040120-destiny-extenuate-257a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: c567f2948f57 ("Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."") 0a845e0f6348 ("mm/treewide: replace pud_large() with pud_leaf()") d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage") 104c49d5b6dc ("powerpc/mm/trace: convert trace event to trace event class") 040ec6202bb8 ("powerpc/mm/book3s64: Use pmdp_ptep helper instead of typecasting.") bb1520d581a3 ("s390/mm: start kernel with DAT enabled") 9c3205b2b062 ("s390/boot: cleanup decompressor header files") 47477c84b891 ("Merge tag 's390-6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c567f2948f57bdc03ed03403ae0234085f376b7d Mon Sep 17 00:00:00 2001 From: Ingo Molnar <mingo(a)kernel.org> Date: Mon, 25 Mar 2024 11:47:51 +0100 Subject: [PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..968d7005f4a7 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 5 months

2
1
0 0

Regression : Latitude 5500 do not always go to true sleep mode

by Léo COLISSON

Dear Linux maintainers, Since I upgraded my system (from NixOs release 2caf4ef5005ecc68141ecb4aac271079f7371c44, running linux 5.15.90, to b8697e57f10292a6165a20f03d2f42920dfaf973, running linux 6.6.19), my system started to experience a weird behavior : when closing the lid, the system does not always go to a true sleep mode : when I restart it, the battery is drained. Not sure what I can try here. You can find more information on my tries here, with some journalctl logs : - https://github.com/NixOS/nixpkgs/issues/299464 - https://discourse.nixos.org/t/since-upgrade-my-laptop-does-not-go-to-sleep-… Cheers, Léo

1 year, 5 months

2
2
0 0

Request to cherry-pick a patch for v5.15 (locking/rwsem: Disable preemption while trying for rwsem lock)

by Aaro Koskinen

Dear stable team, Would you please cherry-pick the following patch into v5.15 stable: locking/rwsem: Disable preemption while trying for rwsem lock commit 48dfb5d2560d36fb16c7d430c229d1604ea7d185 Earlier discussion: https://marc.info/?l=linux-kernel&m=170965048500766&w=2 Thank you, A.

1 year, 5 months

2
2
0 0

FAILED: patch "[PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c567f2948f57bdc03ed03403ae0234085f376b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040121-luminous-outlast-f9b6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: c567f2948f57 ("Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."") 0a845e0f6348 ("mm/treewide: replace pud_large() with pud_leaf()") d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage") 104c49d5b6dc ("powerpc/mm/trace: convert trace event to trace event class") 040ec6202bb8 ("powerpc/mm/book3s64: Use pmdp_ptep helper instead of typecasting.") bb1520d581a3 ("s390/mm: start kernel with DAT enabled") 9c3205b2b062 ("s390/boot: cleanup decompressor header files") 47477c84b891 ("Merge tag 's390-6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c567f2948f57bdc03ed03403ae0234085f376b7d Mon Sep 17 00:00:00 2001 From: Ingo Molnar <mingo(a)kernel.org> Date: Mon, 25 Mar 2024 11:47:51 +0100 Subject: [PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..968d7005f4a7 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x c567f2948f57bdc03ed03403ae0234085f376b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040117-chump-laxative-8210@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: c567f2948f57 ("Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."") 0a845e0f6348 ("mm/treewide: replace pud_large() with pud_leaf()") d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c567f2948f57bdc03ed03403ae0234085f376b7d Mon Sep 17 00:00:00 2001 From: Ingo Molnar <mingo(a)kernel.org> Date: Mon, 25 Mar 2024 11:47:51 +0100 Subject: [PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..968d7005f4a7 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 5 months

2
1
0 0

[PATCH] drm/i915/display: fix display param dup for NULL char * params

by Jani Nikula

The display param duplication deviates from the original param duplication in that it converts NULL params to to allocated empty strings. This works for the vbt_firmware parameter, but not for dmc_firmware_path, the user of which interprets NULL and the empty string as distinct values. Specifically, the empty dmc_firmware_path leads to DMC and PM being disabled. Just remove the NULL check and pass it to kstrdup(), which safely returns NULL for NULL input. Fixes: 8015bee0bfec ("drm/i915/display: Add framework to add parameters specific to display") Fixes: 0d82a0d6f556 ("drm/i915/display: move dmc_firmware_path to display params") Cc: Jouni Högander <jouni.hogander(a)intel.com> Cc: Luca Coelho <luciano.coelho(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/display/intel_display_params.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_display_params.c b/drivers/gpu/drm/i915/display/intel_display_params.c index c8e3d6892e23..49c6b42077dc 100644 --- a/drivers/gpu/drm/i915/display/intel_display_params.c +++ b/drivers/gpu/drm/i915/display/intel_display_params.c @@ -176,9 +176,9 @@ void intel_display_params_dump(struct drm_i915_private *i915, struct drm_printer #undef PRINT } -__maybe_unused static void _param_dup_charp(char **valp) +static void _param_dup_charp(char **valp) { - *valp = kstrdup(*valp ? *valp : "", GFP_ATOMIC); + *valp = kstrdup(*valp, GFP_ATOMIC); } __maybe_unused static void _param_nop(void *valp) -- 2.39.2

1 year, 5 months

2
2
0 0

FAILED: patch "[PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c567f2948f57bdc03ed03403ae0234085f376b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040119-scanning-immunity-c63d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c567f2948f57 ("Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."") 0a845e0f6348 ("mm/treewide: replace pud_large() with pud_leaf()") d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage") 104c49d5b6dc ("powerpc/mm/trace: convert trace event to trace event class") 040ec6202bb8 ("powerpc/mm/book3s64: Use pmdp_ptep helper instead of typecasting.") bb1520d581a3 ("s390/mm: start kernel with DAT enabled") 9c3205b2b062 ("s390/boot: cleanup decompressor header files") 47477c84b891 ("Merge tag 's390-6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c567f2948f57bdc03ed03403ae0234085f376b7d Mon Sep 17 00:00:00 2001 From: Ingo Molnar <mingo(a)kernel.org> Date: Mon, 25 Mar 2024 11:47:51 +0100 Subject: [PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..968d7005f4a7 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x c567f2948f57bdc03ed03403ae0234085f376b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040116-epidermis-early-a05d@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: c567f2948f57 ("Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."") 0a845e0f6348 ("mm/treewide: replace pud_large() with pud_leaf()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c567f2948f57bdc03ed03403ae0234085f376b7d Mon Sep 17 00:00:00 2001 From: Ingo Molnar <mingo(a)kernel.org> Date: Mon, 25 Mar 2024 11:47:51 +0100 Subject: [PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..968d7005f4a7 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c567f2948f57bdc03ed03403ae0234085f376b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040123-denial-syndrome-2d01@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c567f2948f57 ("Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."") 0a845e0f6348 ("mm/treewide: replace pud_large() with pud_leaf()") d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage") 104c49d5b6dc ("powerpc/mm/trace: convert trace event to trace event class") 040ec6202bb8 ("powerpc/mm/book3s64: Use pmdp_ptep helper instead of typecasting.") bb1520d581a3 ("s390/mm: start kernel with DAT enabled") 9c3205b2b062 ("s390/boot: cleanup decompressor header files") 47477c84b891 ("Merge tag 's390-6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c567f2948f57bdc03ed03403ae0234085f376b7d Mon Sep 17 00:00:00 2001 From: Ingo Molnar <mingo(a)kernel.org> Date: Mon, 25 Mar 2024 11:47:51 +0100 Subject: [PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..968d7005f4a7 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 5 months

2
1
0 0

[PATCH] Bluetooth: fix memory leak in hci_req_sync_complete()

by Dmitry Antipov

In 'hci_req_sync_complete()', always free the previous sync request state before assigning reference to a new one. Reported-by: syzbot+39ec16ff6cc18b1d066d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=39ec16ff6cc18b1d066d Cc: stable(a)vger.kernel.org Fixes: f60cb30579d3 ("Bluetooth: Convert hci_req_sync family of function to new request API") Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> --- net/bluetooth/hci_request.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c index 00e02138003e..efea25eb56ce 100644 --- a/net/bluetooth/hci_request.c +++ b/net/bluetooth/hci_request.c @@ -105,8 +105,10 @@ void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode, if (hdev->req_status == HCI_REQ_PEND) { hdev->req_result = result; hdev->req_status = HCI_REQ_DONE; - if (skb) + if (skb) { + kfree_skb(hdev->req_skb); hdev->req_skb = skb_get(skb); + } wake_up_interruptible(&hdev->req_wait_q); } } -- 2.44.0

1 year, 5 months

2
1
0 0

[PATCH net] net: mana: Fix Rx DMA datasize and skb_over_panic

by Haiyang Zhang

mana_get_rxbuf_cfg() aligns the RX buffer's DMA datasize to be multiple of 64. So a packet slightly bigger than mtu+14, say 1536, can be received and cause skb_over_panic. Sample dmesg: [ 5325.237162] skbuff: skb_over_panic: text:ffffffffc043277a len:1536 put:1536 head:ff1100018b517000 data:ff1100018b517100 tail:0x700 end:0x6ea dev:<NULL> [ 5325.243689] ------------[ cut here ]------------ [ 5325.245748] kernel BUG at net/core/skbuff.c:192! [ 5325.247838] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 5325.258374] RIP: 0010:skb_panic+0x4f/0x60 [ 5325.302941] Call Trace: [ 5325.304389] <IRQ> [ 5325.315794] ? skb_panic+0x4f/0x60 [ 5325.317457] ? asm_exc_invalid_op+0x1f/0x30 [ 5325.319490] ? skb_panic+0x4f/0x60 [ 5325.321161] skb_put+0x4e/0x50 [ 5325.322670] mana_poll+0x6fa/0xb50 [mana] [ 5325.324578] __napi_poll+0x33/0x1e0 [ 5325.326328] net_rx_action+0x12e/0x280 As discussed internally, this alignment is not necessary. To fix this bug, remove it from the code. So oversized packets will be marked as CQE_RX_TRUNCATED by NIC, and dropped. Cc: stable(a)vger.kernel.org Fixes: ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- include/net/mana/mana.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 59287c6e6cee..d8af5e7e15b4 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -601,7 +601,7 @@ static void mana_get_rxbuf_cfg(int mtu, u32 *datasize, u32 *alloc_size, *alloc_size = mtu + MANA_RXBUF_PAD + *headroom; - *datasize = ALIGN(mtu + ETH_HLEN, MANA_RX_DATA_ALIGN); + *datasize = mtu + ETH_HLEN; } static int mana_pre_alloc_rxbufs(struct mana_port_context *mpc, int new_mtu) diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 76147feb0d10..4eeedf14711b 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -39,7 +39,6 @@ enum TRI_STATE { #define COMP_ENTRY_SIZE 64 #define RX_BUFFERS_PER_QUEUE 512 -#define MANA_RX_DATA_ALIGN 64 #define MAX_SEND_BUFFERS_PER_QUEUE 256 -- 2.34.1

1 year, 5 months

3
5
0 0

FAILED: patch "[PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c567f2948f57bdc03ed03403ae0234085f376b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040122-implosive-although-530c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: c567f2948f57 ("Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."") 0a845e0f6348 ("mm/treewide: replace pud_large() with pud_leaf()") d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage") 104c49d5b6dc ("powerpc/mm/trace: convert trace event to trace event class") 040ec6202bb8 ("powerpc/mm/book3s64: Use pmdp_ptep helper instead of typecasting.") bb1520d581a3 ("s390/mm: start kernel with DAT enabled") 9c3205b2b062 ("s390/boot: cleanup decompressor header files") 47477c84b891 ("Merge tag 's390-6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c567f2948f57bdc03ed03403ae0234085f376b7d Mon Sep 17 00:00:00 2001 From: Ingo Molnar <mingo(a)kernel.org> Date: Mon, 25 Mar 2024 11:47:51 +0100 Subject: [PATCH] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a332c71f..968d7005f4a7 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 5 months

2
1
0 0

[PATCH] swiotlb: Do not set total_used to 0 in swiotlb_create_debugfs_files()

by Dexuan Cui

Sometimes the readout of /sys/kernel/debug/swiotlb/io_tlb_used and io_tlb_used_hiwater can be a huge number (e.g. 18446744073709551615), which is actually a negative number if we use "%ld" to print the number. When swiotlb_create_default_debugfs() is running from late_initcall, mem->total_used may already be non-zero, because the storage driver may have already started to perform I/O operations: if the storage driver is built-in, its probe() callback is called before late_initcall. swiotlb_create_debugfs_files() should not blindly set mem->total_used and mem->used_hiwater to 0; actually it doesn't have to initialize the fields at all, because the fields, as part of the global struct io_tlb_default_mem, have been implicitly initialized to zero. Also don't explicitly set mem->transient_nslabs to 0. Fixes: 8b0977ecc8b3 ("swiotlb: track and report io_tlb_used high water marks in debugfs") Fixes: 02e765697038 ("swiotlb: add debugfs to track swiotlb transient pool usage") Cc: stable(a)vger.kernel.org Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- kernel/dma/swiotlb.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c index 86fe172b5958..4a9f02c13da6 100644 --- a/kernel/dma/swiotlb.c +++ b/kernel/dma/swiotlb.c @@ -1647,9 +1647,6 @@ DEFINE_DEBUGFS_ATTRIBUTE(fops_io_tlb_hiwater, io_tlb_hiwater_get, static void swiotlb_create_debugfs_files(struct io_tlb_mem *mem, const char *dirname) { - atomic_long_set(&mem->total_used, 0); - atomic_long_set(&mem->used_hiwater, 0); - mem->debugfs = debugfs_create_dir(dirname, io_tlb_default_mem.debugfs); if (!mem->nslabs) return; @@ -1660,7 +1657,6 @@ static void swiotlb_create_debugfs_files(struct io_tlb_mem *mem, debugfs_create_file("io_tlb_used_hiwater", 0600, mem->debugfs, mem, &fops_io_tlb_hiwater); #ifdef CONFIG_SWIOTLB_DYNAMIC - atomic_long_set(&mem->transient_nslabs, 0); debugfs_create_file("io_tlb_transient_nslabs", 0400, mem->debugfs, mem, &fops_io_tlb_transient_used); #endif -- 2.34.1

1 year, 5 months

6
8
0 0

FAILED: patch "[PATCH] thermal: devfreq_cooling: Fix perf state when calculate dfc" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a26de34b3c77ae3a969654d94be49e433c947e3b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033050-imitation-unmixed-ef53@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a26de34b3c77ae3a969654d94be49e433c947e3b Mon Sep 17 00:00:00 2001 From: Ye Zhang <ye.zhang(a)rock-chips.com> Date: Thu, 21 Mar 2024 18:21:00 +0800 Subject: [PATCH] thermal: devfreq_cooling: Fix perf state when calculate dfc res_util MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The issue occurs when the devfreq cooling device uses the EM power model and the get_real_power() callback is provided by the driver. The EM power table is sorted ascending，can't index the table by cooling device state，so convert cooling state to performance state by dfc->max_state - dfc->capped_state. Fixes: 615510fe13bd ("thermal: devfreq_cooling: remove old power model and use EM") Cc: 5.11+ <stable(a)vger.kernel.org> # 5.11+ Signed-off-by: Ye Zhang <ye.zhang(a)rock-chips.com> Reviewed-by: Dhruva Gole <d-gole(a)ti.com> Reviewed-by: Lukasz Luba <lukasz.luba(a)arm.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/devfreq_cooling.c b/drivers/thermal/devfreq_cooling.c index 50dec24e967a..8fd7cf1932cd 100644 --- a/drivers/thermal/devfreq_cooling.c +++ b/drivers/thermal/devfreq_cooling.c @@ -214,7 +214,7 @@ static int devfreq_cooling_get_requested_power(struct thermal_cooling_device *cd res = dfc->power_ops->get_real_power(df, power, freq, voltage); if (!res) { - state = dfc->capped_state; + state = dfc->max_state - dfc->capped_state; /* Convert EM power into milli-Watts first */ rcu_read_lock();

1 year, 5 months

3
2
0 0

[PATCH v3 1/2] powerpc64/bpf: fix tail calls for PCREL addressing

by Hari Bathini

With PCREL addressing, there is no kernel TOC. So, it is not setup in prologue when PCREL addressing is used. But the number of instructions to skip on a tail call was not adjusted accordingly. That resulted in not so obvious failures while using tailcalls. 'tailcalls' selftest crashed the system with the below call trace: bpf_test_run+0xe8/0x3cc (unreliable) bpf_prog_test_run_skb+0x348/0x778 __sys_bpf+0xb04/0x2b00 sys_bpf+0x28/0x38 system_call_exception+0x168/0x340 system_call_vectored_common+0x15c/0x2ec Fixes: 7e3a68be42e1 ("powerpc/64: vmlinux support building with PCREL addresing") Cc: stable(a)vger.kernel.org Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- * Changes in v3: - New patch to fix tailcall issues with PCREL addressing. arch/powerpc/net/bpf_jit_comp64.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c index 79f23974a320..7f62ac4b4e65 100644 --- a/arch/powerpc/net/bpf_jit_comp64.c +++ b/arch/powerpc/net/bpf_jit_comp64.c @@ -285,8 +285,10 @@ static int bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 o int b2p_index = bpf_to_ppc(BPF_REG_3); int bpf_tailcall_prologue_size = 8; +#ifndef CONFIG_PPC_KERNEL_PCREL if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2)) bpf_tailcall_prologue_size += 4; /* skip past the toc load */ +#endif /* * if (index >= array->map.max_entries) -- 2.44.0

1 year, 5 months

2
1
0 0

Re: [PATCH] drm/ast: Fix soft lockup

by Jocelyn Falempe

Hi, Thanks for your patch. I'm wondering how you can trigger this infinite loop ? Also this looks like a simple fix, that can be easily backported, so I'm adding stable in Cc. If Thomas has no objections, I can push it to drm-misc-fixes. Reviewed-by: Jocelyn Falempe <jfalempe(a)redhat.com> -- Jocelyn On 25/03/2024 04:35, Jammy Huang wrote: > Avoid infinite-loop in ast_dp_set_on_off(). > > Signed-off-by: Jammy Huang <jammy_huang(a)aspeedtech.com> > --- > drivers/gpu/drm/ast/ast_dp.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/ast/ast_dp.c b/drivers/gpu/drm/ast/ast_dp.c > index ebb6d8ebd44e..1e9259416980 100644 > --- a/drivers/gpu/drm/ast/ast_dp.c > +++ b/drivers/gpu/drm/ast/ast_dp.c > @@ -180,6 +180,7 @@ void ast_dp_set_on_off(struct drm_device *dev, bool on) > { > struct ast_device *ast = to_ast_device(dev); > u8 video_on_off = on; > + u32 i = 0; > > // Video On/Off > ast_set_index_reg_mask(ast, AST_IO_VGACRI, 0xE3, (u8) ~AST_DP_VIDEO_ENABLE, on); > @@ -192,6 +193,8 @@ void ast_dp_set_on_off(struct drm_device *dev, bool on) > ASTDP_MIRROR_VIDEO_ENABLE) != video_on_off) { > // wait 1 ms > mdelay(1); > + if (++i > 200) > + break; > } > } > } > > base-commit: b0546776ad3f332e215cebc0b063ba4351971cca

1 year, 5 months

3
3
0 0

[PATCH v3] gpio: cdev: sanitize the label before requesting the interrupt

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> When an interrupt is requested, a procfs directory is created under "/proc/irq/<irqnum>/<label>" where <label> is the string passed to one of the request_irq() variants. What follows is that the string must not contain the "/" character or the procfs mkdir operation will fail. We don't have such constraints for GPIO consumer labels which are used verbatim as interrupt labels for GPIO irqs. We must therefore sanitize the consumer string before requesting the interrupt. Let's replace all "/" with ":". Cc: stable(a)vger.kernel.org Reported-by: Stefan Wahren <wahrenst(a)gmx.net> Closes: https://lore.kernel.org/linux-gpio/39fe95cb-aa83-4b8b-8cab-63947a726754@gmx… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- v2 -> v3: - fix a memory leak in error path v1 -> v2: - use ':' as the delimiter instead of '-' - return -ENOMEM if creating the label fails drivers/gpio/gpiolib-cdev.c | 38 +++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index f384fa278764..fa9635610251 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1083,10 +1083,20 @@ static u32 gpio_v2_line_config_debounce_period(struct gpio_v2_line_config *lc, return 0; } +static inline char *make_irq_label(const char *orig) +{ + return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); +} + +static inline void free_irq_label(const char *label) +{ + kfree(label); +} + static void edge_detector_stop(struct line *line) { if (line->irq) { - free_irq(line->irq, line); + free_irq_label(free_irq(line->irq, line)); line->irq = 0; } @@ -1110,6 +1120,7 @@ static int edge_detector_setup(struct line *line, unsigned long irqflags = 0; u64 eflags; int irq, ret; + char *label; eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS; if (eflags && !kfifo_initialized(&line->req->events)) { @@ -1146,11 +1157,17 @@ static int edge_detector_setup(struct line *line, IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; irqflags |= IRQF_ONESHOT; + label = make_irq_label(line->req->label); + if (!label) + return -ENOMEM; + /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, - irqflags, line->req->label, line); - if (ret) + irqflags, label, line); + if (ret) { + free_irq_label(label); return ret; + } line->irq = irq; return 0; @@ -1973,7 +1990,7 @@ static void lineevent_free(struct lineevent_state *le) blocking_notifier_chain_unregister(&le->gdev->device_notifier, &le->device_unregistered_nb); if (le->irq) - free_irq(le->irq, le); + free_irq_label(free_irq(le->irq, le)); if (le->desc) gpiod_free(le->desc); kfree(le->label); @@ -2114,6 +2131,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) int fd; int ret; int irq, irqflags = 0; + char *label; if (copy_from_user(&eventreq, ip, sizeof(eventreq))) return -EFAULT; @@ -2198,15 +2216,23 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_le; + label = make_irq_label(le->label); + if (!label) { + ret = -ENOMEM; + goto out_free_le; + } + /* Request a thread to read the events */ ret = request_threaded_irq(irq, lineevent_irq_handler, lineevent_irq_thread, irqflags, - le->label, + label, le); - if (ret) + if (ret) { + free_irq_label(label); goto out_free_le; + } le->irq = irq; -- 2.40.1

1 year, 5 months

4
4
0 0

[Regression] 6.8 - i2c_hid_acpi: probe of i2c-XXX0001:00 failed with error -110

by Philip Müller

I'm currently developing on the OrangePi Neo-01, which ships with two similar touchpads using the Synaptics driver. On 6.7.10 those two devices get detected normally. On 6.8.1 it seems to error out. I either get none, or at best only one of those two devices. i2c_hid_acpi: probe of i2c-XXX0001:00 failed with error -110 i2c_hid_acpi: probe of i2c-XXX0002:00 failed with error -110 what would be the best way to debug this? -- Best, Philip

1 year, 5 months

3
11
0 0

[PATCH v2] rust: init: remove impl Zeroable for Infallible

by Laine Taffin Altman

A type is inhabited if at least one valid value of that type exists; a type is uninhabited if no valid values of that type exist. The terms "inhabited" and "uninhabited" in this sense originate in type theory, a branch of mathematics. In Rust, producing an invalid value of any type is immediate undefined behavior (UB); this includes via zeroing memory. Therefore, since an uninhabited type has no valid values, producing any values at all for it is UB. The Rust standard library type `core::convert::Infallible` is uninhabited, by virtue of having been declared as an enum with no cases, which always produces uninhabited types in Rust. The current kernel code allows this UB to be triggered, for example by code like: `pr_info!("{}”, Box::<core::convert::Infallible>::init(kernel::init::zeroed())?);` Thus, remove the implementation of `Zeroable` for `Infallible`, thereby avoiding the UB. Cc: stable(a)vger.kernel.org Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function") Closes: https://github.com/Rust-for-Linux/pinned-init/pull/13 Signed-off-by: Laine Taffin Altman <alexanderaltman(a)me.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Reviewed-by: Boqun Feng <boqun.feng(a)gmail.com> — V1 -> V2: Added more documentation to the comment, with links; also added more details to the commit message. rust/kernel/init.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 424257284d16..9353c9919fd4 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -1292,8 +1292,11 @@ macro_rules! impl_zeroable { i8, i16, i32, i64, i128, isize, f32, f64, - // SAFETY: These are ZSTs, there is nothing to zero. - {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, Infallible, (), + // SAFETY: These are inhabited ZSTs; there is nothing to zero and a valid value exists. + // Note: do not add uninhabited types (such as ! or Infallible) to this list; creating an instance of an uninhabited type is immediate undefined behavior. + // For more on uninhabited/empty types, consult The Rustonomicon: https://doc.rust-lang.org/stable/nomicon/exotic-sizes.html#empty-types + // The Rust Reference also has information on undefined behavior: https://doc.rust-lang.org/stable/reference/behavior-considered-undefined.ht… + {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, (), // SAFETY: Type is allowed to take any value, including all zeros. {<T>} MaybeUninit<T>, -- 2.44.0

1 year, 5 months

2
2
0 0

[PATCH 1/2] USB: serial: option: add Lonsung U8300/U9300 product Update the USB serial option driver to support Longsung U8300/U9300.

by Coia Prant

ID 1c9e:9b05 OMEGA TECHNOLOGY (U8300) ID 1c9e:9b3c OMEGA TECHNOLOGY (U9300) U8300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=option, 480M (Debug) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b05 OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 5, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b05 OMEGA TECHNOLOGY U9300 /: Bus |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=, 480M (ADB) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 1, Class=Vendor Specific Class, Driver=option, 480M (Modem / AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=option, 480M (AT) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 3, Class=Vendor Specific Class, Driver=option, 480M (AT / Pipe / PPP) ID 1c9e:9b3c OMEGA TECHNOLOGY |__ Port 1: Dev 3, If 4, Class=Vendor Specific Class, Driver=qmi_wwan, 480M (NDIS / GobiNet / QMI WWAN) ID 1c9e:9b3c OMEGA TECHNOLOGY Tested successfully using Modem Manager on U9300. Tested successfully AT commands using If=1, If=2 and If=3 on U9300. Signed-off-by: Coia Prant <coiaprant(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/usb/serial/option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 55a65d941ccb..27a116901459 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -412,6 +412,10 @@ static void option_instat_callback(struct urb *urb); */ #define LONGCHEER_VENDOR_ID 0x1c9e +/* Longsung products */ +#define LONGSUNG_U8300_PRODUCT_ID 0x9b05 +#define LONGSUNG_U9300_PRODUCT_ID 0x9b3c + /* 4G Systems products */ /* This one was sold as the VW and Skoda "Carstick LTE" */ #define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 @@ -2054,6 +2058,10 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) }, { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U8300_PRODUCT_ID), + .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, LONGSUNG_U9300_PRODUCT_ID), + .driver_info = RSVD(0) | RSVD(4) }, { USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) }, { USB_DEVICE_AND_INTERFACE_INFO(HAIER_VENDOR_ID, HAIER_PRODUCT_CE81B, 0xff, 0xff, 0xff) }, /* Pirelli */ -- 2.39.2

1 year, 5 months

1
0
0 0

[PATCH] drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13

by Ankit Nautiyal

For DISPLAY < 13, compressed bpp is chosen from a list of supported compressed bpps. Fix the condition to choose the appropriate compressed bpp from the list. Fixes: 1c56e9a39833 ("drm/i915/dp: Get optimal link config to have best compressed bpp") Cc: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> Cc: Stanislav Lisovskiy <stanislav.lisovskiy(a)intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.7+ Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10162 Signed-off-by: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index e13121dc3a03..d579195f84ee 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -1918,8 +1918,9 @@ icl_dsc_compute_link_config(struct intel_dp *intel_dp, dsc_max_bpp = min(dsc_max_bpp, pipe_bpp - 1); for (i = 0; i < ARRAY_SIZE(valid_dsc_bpp); i++) { - if (valid_dsc_bpp[i] < dsc_min_bpp || - valid_dsc_bpp[i] > dsc_max_bpp) + if (valid_dsc_bpp[i] < dsc_min_bpp) + continue; + if (valid_dsc_bpp[i] > dsc_max_bpp) break; ret = dsc_compute_link_config(intel_dp, -- 2.40.1

1 year, 5 months

3
2
0 0

[PATCH 1/2] Add additional HyperX IDs to xpad.c on LTS v4.19 to v6.1

by Max Nguyen

Add additional HyperX Ids to xpad_device and xpad_table Add to LTS versions 4.19, 5.4, 5.10, 5.15, 6.1 Suggested-by: Chris Toledanes <chris.toledanes(a)hp.com> Reviewed-by: Carl Ng <carl.ng(a)hp.com> Signed-off-by: Max Nguyen <maxwell.nguyen(a)hp.com> --- drivers/input/joystick/xpad.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c index dffdd25b6fc9..842733305fa8 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -128,12 +128,17 @@ static const struct xpad_device { { 0x0079, 0x18d4, "GPD Win 2 X-Box Controller", 0, XTYPE_XBOX360 }, { 0x03eb, 0xff01, "Wooting One (Legacy)", 0, XTYPE_XBOX360 }, { 0x03eb, 0xff02, "Wooting Two (Legacy)", 0, XTYPE_XBOX360 }, + { 0x03f0, 0x038D, "HyperX Clutch", 0, XTYPE_XBOX360 }, /* wired */ + { 0x03f0, 0x048D, "HyperX Clutch", 0, XTYPE_XBOX360 }, /* wireless */ + { 0x03f0, 0x0495, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE }, + { 0x03f0, 0x07A0, "HyperX Clutch Gladiate RGB", 0, XTYPE_XBOXONE }, + { 0x03f0, 0x08B6, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE }, /* v2 */ + { 0x03f0, 0x09B4, "HyperX Clutch Tanto", 0, XTYPE_XBOXONE }, { 0x044f, 0x0f00, "Thrustmaster Wheel", 0, XTYPE_XBOX }, { 0x044f, 0x0f03, "Thrustmaster Wheel", 0, XTYPE_XBOX }, { 0x044f, 0x0f07, "Thrustmaster, Inc. Controller", 0, XTYPE_XBOX }, { 0x044f, 0x0f10, "Thrustmaster Modena GT Wheel", 0, XTYPE_XBOX }, { 0x044f, 0xb326, "Thrustmaster Gamepad GP XID", 0, XTYPE_XBOX360 }, - { 0x03f0, 0x0495, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE }, { 0x045e, 0x0202, "Microsoft X-Box pad v1 (US)", 0, XTYPE_XBOX }, { 0x045e, 0x0285, "Microsoft X-Box pad (Japan)", 0, XTYPE_XBOX }, { 0x045e, 0x0287, "Microsoft Xbox Controller S", 0, XTYPE_XBOX }, @@ -446,8 +451,9 @@ static const struct usb_device_id xpad_table[] = { { USB_INTERFACE_INFO('X', 'B', 0) }, /* X-Box USB-IF not approved class */ XPAD_XBOX360_VENDOR(0x0079), /* GPD Win 2 Controller */ XPAD_XBOX360_VENDOR(0x03eb), /* Wooting Keyboards (Legacy) */ + XPAD_XBOX360_VENDOR(0x03f0), /* HP HyperX Xbox 360 controllers */ + XPAD_XBOXONE_VENDOR(0x03f0), /* HP HyperX Xbox One controllers */ XPAD_XBOX360_VENDOR(0x044f), /* Thrustmaster X-Box 360 controllers */ - XPAD_XBOXONE_VENDOR(0x03f0), /* HP HyperX Xbox One Controllers */ XPAD_XBOX360_VENDOR(0x045e), /* Microsoft X-Box 360 controllers */ XPAD_XBOXONE_VENDOR(0x045e), /* Microsoft X-Box One controllers */ XPAD_XBOX360_VENDOR(0x046d), /* Logitech X-Box 360 style controllers */ -- 2.39.3

1 year, 5 months

3
3
0 0

[PATCH v3] rust: init: remove impl Zeroable for Infallible

by Laine Taffin Altman

A type is inhabited if at least one valid value of that type exists; a type is uninhabited if no valid values of that type exist. The terms "inhabited" and "uninhabited" in this sense originate in type theory, a branch of mathematics. In Rust, producing an invalid value of any type is immediate undefined behavior (UB); this includes via zeroing memory. Therefore, since an uninhabited type has no valid values, producing any values at all for it is UB. The Rust standard library type `core::convert::Infallible` is uninhabited, by virtue of having been declared as an enum with no cases, which always produces uninhabited types in Rust. The current kernel code allows this UB to be triggered, for example by code like: `pr_info!("{}”, Box::<core::convert::Infallible>::init(kernel::init::zeroed())?);` Thus, remove the implementation of `Zeroable` for `Infallible`, thereby avoiding the UB. Cc: stable(a)vger.kernel.org Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function") Closes: https://github.com/Rust-for-Linux/pinned-init/pull/13 Signed-off-by: Laine Taffin Altman <alexanderaltman(a)me.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Reviewed-by: Boqun Feng <boqun.feng(a)gmail.com> --- V2 -> V3: Email formatting correction. V1 -> V2: Added more documentation to the comment, with links; also added more details to the commit message. rust/kernel/init.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 424257284d16..9353c9919fd4 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -1292,8 +1292,11 @@ macro_rules! impl_zeroable { i8, i16, i32, i64, i128, isize, f32, f64, - // SAFETY: These are ZSTs, there is nothing to zero. - {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, Infallible, (), + // SAFETY: These are inhabited ZSTs; there is nothing to zero and a valid value exists. + // Note: do not add uninhabited types (such as ! or Infallible) to this list; creating an instance of an uninhabited type is immediate undefined behavior. + // For more on uninhabited/empty types, consult The Rustonomicon: https://doc.rust-lang.org/stable/nomicon/exotic-sizes.html#empty-types + // The Rust Reference also has information on undefined behavior: https://doc.rust-lang.org/stable/reference/behavior-considered-undefined.ht… + {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, (), // SAFETY: Type is allowed to take any value, including all zeros. {<T>} MaybeUninit<T>, -- 2.44.0

1 year, 5 months

2
1
0 0

[PATCH net 0/2] mptcp: fix fallback MIB counter and wrong var in selftests

by Matthieu Baerts (NGI0)

Here are two fixes related to MPTCP. The first patch fixes when the MPTcpExtMPCapableFallbackACK MIB counter is modified: it should only be incremented when a connection was using MPTCP options, but then a fallback to TCP has been done. This patch also checks the counter is not incremented by mistake during the connect selftests. This counter was wrongly incremented since its introduction in v5.7. The second patch fixes a wrong parsing of the 'dev' endpoint options in the selftests: the wrong variable was used. This option was not used before, but it is going to be soon. This issue is visible since v5.18. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang (1): selftests: mptcp: join: fix dev in check_endpoint net/mptcp/protocol.c | 2 -- net/mptcp/subflow.c | 2 ++ tools/testing/selftests/net/mptcp/mptcp_connect.sh | 9 +++++++++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +++- 4 files changed, 14 insertions(+), 3 deletions(-) --- base-commit: 0ba80d96585662299d4ea4624043759ce9015421 change-id: 20240329-upstream-net-20240329-fallback-mib-b0fec9c6189b Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 5 months

2
3
0 0

[PATCH bluetooth] Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()

by Nathan Chancellor

After an innocuous optimization change in LLVM main (19.0.0), x86_64 allmodconfig (which enables CONFIG_KCSAN / -fsanitize=thread) fails to build due to the checks in check_copy_size(): In file included from net/bluetooth/sco.c:27: In file included from include/linux/module.h:13: In file included from include/linux/stat.h:19: In file included from include/linux/time.h:60: In file included from include/linux/time32.h:13: In file included from include/linux/timex.h:67: In file included from arch/x86/include/asm/timex.h:6: In file included from arch/x86/include/asm/tsc.h:10: In file included from arch/x86/include/asm/msr.h:15: In file included from include/linux/percpu.h:7: In file included from include/linux/smp.h:118: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small 244 | __bad_copy_from(); | ^ The same exact error occurs in l2cap_sock.c. The copy_to_user() statements that are failing come from l2cap_sock_getsockopt_old() and sco_sock_getsockopt_old(). This does not occur with GCC with or without KCSAN or Clang without KCSAN enabled. len is defined as an 'int' because it is assigned from '__user int *optlen'. However, it is clamped against the result of sizeof(), which has a type of 'size_t' ('unsigned long' for 64-bit platforms). This is done with min_t() because min() requires compatible types, which results in both len and the result of sizeof() being casted to 'unsigned int', meaning len changes signs and the result of sizeof() is truncated. From there, len is passed to copy_to_user(), which has a third parameter type of 'unsigned long', so it is widened and changes signs again. This excessive casting in combination with the KCSAN instrumentation causes LLVM to fail to eliminate the __bad_copy_from() call, failing the build. The official recommendation from LLVM developers is to consistently use long types for all size variables to avoid the unnecessary casting in the first place. Change the type of len to size_t in both l2cap_sock_getsockopt_old() and sco_sock_getsockopt_old(). This clears up the error while allowing min_t() to be replaced with min(), resulting in simpler code with no casts and fewer implicit conversions. While len is a different type than optlen now, it should result in no functional change because the result of sizeof() will clamp all values of optlen in the same manner as before. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/2007 Link: https://github.com/llvm/llvm-project/issues/85647 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- net/bluetooth/l2cap_sock.c | 7 ++++--- net/bluetooth/sco.c | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 4287aa6cc988..81193427bf05 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -439,7 +439,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, struct l2cap_chan *chan = l2cap_pi(sk)->chan; struct l2cap_options opts; struct l2cap_conninfo cinfo; - int len, err = 0; + int err = 0; + size_t len; u32 opt; BT_DBG("sk %p", sk); @@ -486,7 +487,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, BT_DBG("mode 0x%2.2x", chan->mode); - len = min_t(unsigned int, len, sizeof(opts)); + len = min(len, sizeof(opts)); if (copy_to_user(optval, (char *) &opts, len)) err = -EFAULT; @@ -536,7 +537,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, cinfo.hci_handle = chan->conn->hcon->handle; memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); - len = min_t(unsigned int, len, sizeof(cinfo)); + len = min(len, sizeof(cinfo)); if (copy_to_user(optval, (char *) &cinfo, len)) err = -EFAULT; diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index 43daf965a01e..9a72d7f1946c 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -967,7 +967,8 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, struct sock *sk = sock->sk; struct sco_options opts; struct sco_conninfo cinfo; - int len, err = 0; + int err = 0; + size_t len; BT_DBG("sk %p", sk); @@ -989,7 +990,7 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, BT_DBG("mtu %u", opts.mtu); - len = min_t(unsigned int, len, sizeof(opts)); + len = min(len, sizeof(opts)); if (copy_to_user(optval, (char *)&opts, len)) err = -EFAULT; @@ -1007,7 +1008,7 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); - len = min_t(unsigned int, len, sizeof(cinfo)); + len = min(len, sizeof(cinfo)); if (copy_to_user(optval, (char *)&cinfo, len)) err = -EFAULT; --- base-commit: 7835fcfd132eb88b87e8eb901f88436f63ab60f7 change-id: 20240401-bluetooth-fix-len-type-getsockopt_old-73c4a8e60444 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 5 months

3
2
0 0

[PATCH] rust: macros: fix soundness issue in `module!` macro

by Benno Lossin

The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable(a)vger.kernel.org Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> --- This patch is best viewed with `git show --ignore-space-change`, since I also adjusted the indentation. rust/macros/module.rs | 198 ++++++++++++++++++++++++------------------ 1 file changed, 112 insertions(+), 86 deletions(-) diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 27979e582e4b..16c4921a08f2 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -199,103 +199,129 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { /// Used by the printing macros, e.g. [`info!`]. const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; - /// The \"Rust loadable module\" mark. - // - // This may be best done another way later on, e.g. as a new modinfo - // key or a new section. For the moment, keep it simple. - #[cfg(MODULE)] - #[doc(hidden)] - #[used] - static __IS_RUST_MODULE: () = (); - - static mut __MOD: Option<{type_}> = None; - - // SAFETY: `__this_module` is constructed by the kernel at load time and will not be - // freed until the module is unloaded. - #[cfg(MODULE)] - static THIS_MODULE: kernel::ThisModule = unsafe {{ - kernel::ThisModule::from_ptr(&kernel::bindings::__this_module as *const _ as *mut _) - }}; - #[cfg(not(MODULE))] - static THIS_MODULE: kernel::ThisModule = unsafe {{ - kernel::ThisModule::from_ptr(core::ptr::null_mut()) - }}; - - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. - /// # Safety - /// - /// This function must not be called after module initialization, because it may be - /// freed after that completes. - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - #[link_section = \".init.text\"] - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ - __init() - }} + // Double nested modules, since then nobody can access the public items inside. + mod __module_init {{ + mod __module_init {{ + use super::super::{type_}; + + /// The \"Rust loadable module\" mark. + // + // This may be best done another way later on, e.g. as a new modinfo + // key or a new section. For the moment, keep it simple. + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + static __IS_RUST_MODULE: () = (); + + static mut __MOD: Option<{type_}> = None; + + // SAFETY: `__this_module` is constructed by the kernel at load time and will not be + // freed until the module is unloaded. + #[cfg(MODULE)] + static THIS_MODULE: kernel::ThisModule = unsafe {{ + kernel::ThisModule::from_ptr(&kernel::bindings::__this_module as *const _ as *mut _) + }}; + #[cfg(not(MODULE))] + static THIS_MODULE: kernel::ThisModule = unsafe {{ + kernel::ThisModule::from_ptr(core::ptr::null_mut()) + }}; + + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. + /// # Safety + /// + /// This function must not be called after module initialization, because it may be + /// freed after that completes. + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + #[link_section = \".init.text\"] + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ + __init() + }} - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn cleanup_module() {{ - __exit() - }} + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn cleanup_module() {{ + __exit() + }} - // Built-in modules are initialized through an initcall pointer - // and the identifiers need to be unique. - #[cfg(not(MODULE))] - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] - #[doc(hidden)] - #[link_section = \"{initcall_section}\"] - #[used] - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; - - #[cfg(not(MODULE))] - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] - core::arch::global_asm!( - r#\".section \"{initcall_section}\", \"a\" - __{name}_initcall: - .long __{name}_init - . - .previous - \"# - ); + // Built-in modules are initialized through an initcall pointer + // and the identifiers need to be unique. + #[cfg(not(MODULE))] + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] + #[doc(hidden)] + #[link_section = \"{initcall_section}\"] + #[used] + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; + + #[cfg(not(MODULE))] + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] + core::arch::global_asm!( + r#\".section \"{initcall_section}\", \"a\" + __{name}_initcall: + .long __{name}_init - . + .previous + \"# + ); + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ + __init() + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ - __init() - }} + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_exit() {{ + __exit() + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_exit() {{ - __exit() - }} + /// # Safety + /// + /// This function must + /// - only be called once, + /// - not be called concurrently with `__exit`. + unsafe fn __init() -> core::ffi::c_int {{ + match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ + Ok(m) => {{ + // SAFETY: + // no data race, since `__MOD` can only be accessed by this module and + // there only `__init` and `__exit` access it. These functions are only + // called once and `__exit` cannot be called before or during `__init`. + unsafe {{ + __MOD = Some(m); + }} + return 0; + }} + Err(e) => {{ + return e.to_errno(); + }} + }} + }} - fn __init() -> core::ffi::c_int {{ - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ - Ok(m) => {{ + /// # Safety + /// + /// This function must + /// - only be called once, + /// - be called after `__init`, + /// - not be called concurrently with `__init`. + unsafe fn __exit() {{ + // SAFETY: + // no data race, since `__MOD` can only be accessed by this module and there + // only `__init` and `__exit` access it. These functions are only called once + // and `__init` was already called. unsafe {{ - __MOD = Some(m); + // Invokes `drop()` on `__MOD`, which should be used for cleanup. + __MOD = None; }} - return 0; }} - Err(e) => {{ - return e.to_errno(); - }} - }} - }} - fn __exit() {{ - unsafe {{ - // Invokes `drop()` on `__MOD`, which should be used for cleanup. - __MOD = None; + {modinfo} }} }} - - {modinfo} ", type_ = info.type_, name = info.name, base-commit: 4cece764965020c22cff7665b18a012006359095 -- 2.44.0

1 year, 5 months

2
4
0 0

[PATCH v2] scsi: sg: Avoid race in error handling & drop bogus warn

by Alexander Wetzel

commit 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") introduced an incorrect WARN_ON_ONCE() and missed a sequence where sg_device_destroy() was used after scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. Drop the incorrect WARN_ON_ONCE() - allowing more than one concurrent access to the sg device - and make sure sg_device_destroy() is not used after scsi_device_put() in the error handling. Link: https://lore.kernel.org/all/5375B275-D137-4D5F-BE25-6AF8ACAE41EF@linux.ibm.… Fixes: 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Wetzel <Alexander(a)wetzel-home.de> --- Changes compared to V1: fixed commit message The WARN_ON_ONCE() was kind of stupid to add: We get add reference for each sg_open(). So opening a second session and then closing either one will trigger the warning... Nothing to warn about here. Alexander --- drivers/scsi/sg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 386981c6976a..833c9277419b 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -372,8 +372,9 @@ sg_open(struct inode *inode, struct file *filp) error_out: scsi_autopm_put_device(sdp->device); sdp_put: + kref_put(&sdp->d_ref, sg_device_destroy); scsi_device_put(sdp->device); - goto sg_put; + return retval; } /* Release resources associated with a successful sg_open() @@ -2233,7 +2234,6 @@ sg_remove_sfp_usercontext(struct work_struct *work) "sg_remove_sfp: sfp=0x%p\n", sfp)); kfree(sfp); - WARN_ON_ONCE(kref_read(&sdp->d_ref) != 1); kref_put(&sdp->d_ref, sg_device_destroy); scsi_device_put(device); module_put(THIS_MODULE); -- 2.44.0

1 year, 5 months

3
2
0 0

[PATCH] sched/fair: Fix forked task check in vruntime_normalized

by mingyang.cui

When rt_mutex_setprio changes a task's scheduling class to RT, sometimes the task's vruntime is not updated correctly upon return to the fair class. Specifically, the following is being observed: - task has just been created and running for a short time - task sleep while still in the fair class - task is boosted to RT via rt_mutex_setprio, which changes the task to RT and calls check_class_changed. - check_class_changed leads to detach_task_cfs_rq, at which point the vruntime_normalized check sees that the task's sum_exec_runtime is zero, which results in skipping the subtraction of the rq's min_vruntime from the task's vruntime - later, when the prio is deboosted and the task is moved back to the fair class, the fair rq's min_vruntime is added to the task's vruntime, even though it wasn't subtracted earlier. Since the task's vruntime is about double that of other tasks in cfs_rq, the task to be unable to run for a long time when there are continuous runnable tasks in cfs_rq. The immediate result is inflation of the task's vruntime, giving it lower priority (starving it if there's enough available work). The longer-term effect is inflation of all vruntimes because the task's vruntime becomes the rq's min_vruntime when the higher priority tasks go idle. That leads to a vicious cycle, where the vruntime inflation repeatedly doubled. The root cause of the problem is that the vruntime_normalized made a misjudgment. Since the sum_exec_runtime of some tasks that were just created and run for a short time is zero, the vruntime_normalized mistakenly thinks that they are tasks that have just been forked. Therefore, sum_exec_runtime is not subtracted from the vruntime of the task. So, we fix this bug by adding a check condition for newly forked task. Signed-off-by: mingyang.cui <mingyang.cui(a)horizon.ai> --- kernel/sched/fair.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 73a89fbd81be..3d0c14f3731f 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -11112,7 +11112,7 @@ static inline bool vruntime_normalized(struct task_struct *p) * - A task which has been woken up by try_to_wake_up() and * waiting for actually being woken up by sched_ttwu_pending(). */ - if (!se->sum_exec_runtime || + if (!se->sum_exec_runtime && p->state == TASK_NEW || (p->state == TASK_WAKING && p->sched_remote_wakeup)) return true; -- 2.34.1

1 year, 5 months

4
4
0 0

[PATCH 2/2] io_uring: disable io-wq execution of multishot NOWAIT requests

by Jens Axboe

Do the same check for direct io-wq execution for multishot requests that commit 2a975d426c82 did for the inline execution, and disable multishot mode (and revert to single shot) if the file type doesn't support NOWAIT, and isn't opened in O_NONBLOCK mode. For multishot to work properly, it's a requirement that nonblocking read attempts can be done. Cc: stable(a)vger.kernel.org Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/io_uring.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 5d4b448fdc50..8baf8afb79c2 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1982,10 +1982,15 @@ void io_wq_submit_work(struct io_wq_work *work) err = -EBADFD; if (!io_file_can_poll(req)) goto fail; - err = -ECANCELED; - if (io_arm_poll_handler(req, issue_flags) != IO_APOLL_OK) - goto fail; - return; + if (req->file->f_flags & O_NONBLOCK || + req->file->f_mode & FMODE_NOWAIT) { + err = -ECANCELED; + if (io_arm_poll_handler(req, issue_flags) != IO_APOLL_OK) + goto fail; + return; + } else { + req->flags &= ~REQ_F_APOLL_MULTISHOT; + } } if (req->flags & REQ_F_FORCE_ASYNC) { -- 2.43.0

1 year, 5 months

1
0
0 0

[PATCH 1/2] io_uring/rw: don't allow multishot reads without NOWAIT support

by Jens Axboe

Supporting multishot reads requires support for NOWAIT, as the alternative would be always having io-wq execute the work item whenever the poll readiness triggered. Any fast file type will have NOWAIT support (eg it understands both O_NONBLOCK and IOCB_NOWAIT). If the given file type does not, then simply resort to single shot execution. Cc: stable(a)vger.kernel.org Fixes: fc68fcda04910 ("io_uring/rw: add support for IORING_OP_READ_MULTISHOT") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/rw.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/io_uring/rw.c b/io_uring/rw.c index 0585ebcc9773..c8d48287439e 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -936,6 +936,13 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) ret = __io_read(req, issue_flags); + /* + * If the file doesn't support proper NOWAIT, then disable multishot + * and stay in single shot mode. + */ + if (!io_file_supports_nowait(req)) + req->flags &= ~REQ_F_APOLL_MULTISHOT; + /* * If we get -EAGAIN, recycle our buffer and just let normal poll * handling arm it. @@ -955,7 +962,7 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) /* * Any successful return value will keep the multishot read armed. */ - if (ret > 0) { + if (ret > 0 && req->flags & REQ_F_APOLL_MULTISHOT) { /* * Put our buffer and post a CQE. If we fail to post a CQE, then * jump to the termination path. This request is then done. -- 2.43.0

1 year, 5 months

1
0
0 0

Re: [PATCH 6.8 000/399] 6.8.3-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 5 months

1
0
0 0

Fwd: stable kernels 6.6.23 and 6.1.83 fails to build: error: unknown type name 'u32'

by Bagas Sanjaya

Hi, On Bugzilla, ncopa(a)alpinelinux.org reported resolve_btfids FTBFS regression on musl system [1]: > The latest releases fails to build with musl libc (Alpine Linux edge and v3.19): > > ``` > rm -f -f /home/ncopa/aports/main/linux-lts/src/build-lts.x86_64/tools/bpf/resolve_btfids/libbpf/libbpf.a; ar rcs /home/ncopa/aports/main/linux-lts/src/build-lts.x86_64/tool > s/bpf/resolve_btfids/libbpf/libbpf.a /home/ncopa/aports/main/linux-lts/src/build-lts.x86_64/tools/bpf/resolve_btfids/libbpf/staticobjs/libbpf-in.o > In file included from main.c:73: > /home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/include/linux/btf_ids.h:7:9: error: unknown type name 'u32' > 7 | u32 cnt; > | ^~~ > /home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/include/linux/btf_ids.h:8:9: error: unknown type name 'u32' > 8 | u32 ids[]; > | ^~~ > /home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/include/linux/btf_ids.h:12:9: error: unknown type name 'u32' > 12 | u32 cnt; > | ^~~ > /home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/include/linux/btf_ids.h:13:9: error: unknown type name 'u32' > 13 | u32 flags; > | ^~~ > /home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/include/linux/btf_ids.h:15:17: error: unknown type name 'u32' > 15 | u32 id; > | ^~~ > /home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/include/linux/btf_ids.h:16:17: error: unknown type name 'u32' > 16 | u32 flags; > | ^~~ > /home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/include/linux/btf_ids.h:215:8: error: unknown type name 'u32' > 215 | extern u32 btf_tracing_ids[]; > | ^~~ > make[4]: *** [/home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/build/Makefile.build:98: /home/ncopa/aports/main/linux-lts/src/build-lts.x86_64/tools/bpf/resolve_btfids > /main.o] Error 1 > make[4]: *** Waiting for unfinished jobs.... > make[3]: *** [Makefile:83: /home/ncopa/aports/main/linux-lts/src/build-lts.x86_64/tools/bpf/resolve_btfids//resolve_btfids-in.o] Error 2 > make[2]: *** [Makefile:76: bpf/resolve_btfids] Error 2 > make[1]: *** [/home/ncopa/aports/main/linux-lts/src/linux-6.6/Makefile:1354: tools/bpf/resolve_btfids] Error 2 > make: *** [/home/ncopa/aports/main/linux-lts/src/linux-6.6/Makefile:234: __sub-make] Error 2 > ``` Bisection led to upstream commit 9707ac4fe2f5ba ("tools/resolve_btfids: Refactor set sorting with types from btf_ids.h") as the culprit. See the report on Bugzilla for the full thread and proposed fix. Thanks. [1]: https://bugzilla.kernel.org/show_bug.cgi?id=218647 -- An old man doll... just what I always wanted! - Clara

1 year, 5 months

5
6
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in usb_deauthorize_interface()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 80ba43e9f799cbdd83842fc27db667289b3150f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040157-entrench-clicker-d3df@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 80ba43e9f799 ("USB: core: Fix deadlock in usb_deauthorize_interface()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 80ba43e9f799cbdd83842fc27db667289b3150f5 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Tue, 12 Mar 2024 11:48:23 -0400 Subject: [PATCH] USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported-and-tested by: Yue Sun <samsun1006219(a)gmail.com> Reported by: xingwei lee <xrivendell7(a)gmail.com> Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/linux-usb/CAEkJfYO6jRVC8Tfrd_R=cjO0hguhrV31fDPrLrNO… Fixes: 310d2b4124c0 ("usb: interface authorization: SysFS part of USB interface authorization") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/1c37eea1-9f56-4534-b9d8-b443438dc869@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c index f98263e21c2a..d83231d6736a 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -1217,14 +1217,24 @@ static ssize_t interface_authorized_store(struct device *dev, { struct usb_interface *intf = to_usb_interface(dev); bool val; + struct kernfs_node *kn; if (kstrtobool(buf, &val) != 0) return -EINVAL; - if (val) + if (val) { usb_authorize_interface(intf); - else - usb_deauthorize_interface(intf); + } else { + /* + * Prevent deadlock if another process is concurrently + * trying to unregister intf. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (kn) { + usb_deauthorize_interface(intf); + sysfs_unbreak_active_protection(kn); + } + } return count; }

1 year, 5 months

3
2
0 0

FAILED: patch "[PATCH] x86/sev: Skip ROM range scans and validation for SEV-SNP" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 0f4a1e80989aca185d955fcd791d7750082044a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040102-umbrella-nag-c677@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 0f4a1e80989a ("x86/sev: Skip ROM range scans and validation for SEV-SNP guests") 428080c9b19b ("x86/sev: Move early startup code into .head.text section") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0f4a1e80989aca185d955fcd791d7750082044a2 Mon Sep 17 00:00:00 2001 From: Kevin Loughlin <kevinloughlin(a)google.com> Date: Wed, 13 Mar 2024 12:15:46 +0000 Subject: [PATCH] x86/sev: Skip ROM range scans and validation for SEV-SNP guests SEV-SNP requires encrypted memory to be validated before access. Because the ROM memory range is not part of the e820 table, it is not pre-validated by the BIOS. Therefore, if a SEV-SNP guest kernel wishes to access this range, the guest must first validate the range. The current SEV-SNP code does indeed scan the ROM range during early boot and thus attempts to validate the ROM range in probe_roms(). However, this behavior is neither sufficient nor necessary for the following reasons: * With regards to sufficiency, if EFI_CONFIG_TABLES are not enabled and CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK is set, the kernel will attempt to access the memory at SMBIOS_ENTRY_POINT_SCAN_START (which falls in the ROM range) prior to validation. For example, Project Oak Stage 0 provides a minimal guest firmware that currently meets these configuration conditions, meaning guests booting atop Oak Stage 0 firmware encounter a problematic call chain during dmi_setup() -> dmi_scan_machine() that results in a crash during boot if SEV-SNP is enabled. * With regards to necessity, SEV-SNP guests generally read garbage (which changes across boots) from the ROM range, meaning these scans are unnecessary. The guest reads garbage because the legacy ROM range is unencrypted data but is accessed via an encrypted PMD during early boot (where the PMD is marked as encrypted due to potentially mapping actually-encrypted data in other PMD-contained ranges). In one exceptional case, EISA probing treats the ROM range as unencrypted data, which is inconsistent with other probing. Continuing to allow SEV-SNP guests to use garbage and to inconsistently classify ROM range encryption status can trigger undesirable behavior. For instance, if garbage bytes appear to be a valid signature, memory may be unnecessarily reserved for the ROM range. Future code or other use cases may result in more problematic (arbitrary) behavior that should be avoided. While one solution would be to overhaul the early PMD mapping to always treat the ROM region of the PMD as unencrypted, SEV-SNP guests do not currently rely on data from the ROM region during early boot (and even if they did, they would be mostly relying on garbage data anyways). As a simpler solution, skip the ROM range scans (and the otherwise- necessary range validation) during SEV-SNP guest early boot. The potential SEV-SNP guest crash due to lack of ROM range validation is thus avoided by simply not accessing the ROM range. In most cases, skip the scans by overriding problematic x86_init functions during sme_early_init() to SNP-safe variants, which can be likened to x86_init overrides done for other platforms (ex: Xen); such overrides also avoid the spread of cc_platform_has() checks throughout the tree. In the exceptional EISA case, still use cc_platform_has() for the simplest change, given (1) checks for guest type (ex: Xen domain status) are already performed here, and (2) these checks occur in a subsys initcall instead of an x86_init function. [ bp: Massage commit message, remove "we"s. ] Fixes: 9704c07bf9f7 ("x86/kernel: Validate ROM memory before accessing when SEV-SNP is active") Signed-off-by: Kevin Loughlin <kevinloughlin(a)google.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/r/20240313121546.2964854-1-kevinloughlin@google.com diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 9477b4053bce..07e125f32528 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -218,12 +218,12 @@ void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages); -void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op); void snp_set_memory_shared(unsigned long vaddr, unsigned long npages); void snp_set_memory_private(unsigned long vaddr, unsigned long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); +void snp_dmi_setup(void); int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); @@ -244,12 +244,12 @@ static inline void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } static inline void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } -static inline void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) { } static inline void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_memory_private(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } +static inline void snp_dmi_setup(void) { } static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { return -ENOTTY; diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h index b89b40f250e6..6149eabe200f 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -30,12 +30,13 @@ struct x86_init_mpparse { * @reserve_resources: reserve the standard resources for the * platform * @memory_setup: platform specific memory setup - * + * @dmi_setup: platform specific DMI setup */ struct x86_init_resources { void (*probe_roms)(void); void (*reserve_resources)(void); char *(*memory_setup)(void); + void (*dmi_setup)(void); }; /** diff --git a/arch/x86/kernel/eisa.c b/arch/x86/kernel/eisa.c index e963344b0449..53935b4d62e3 100644 --- a/arch/x86/kernel/eisa.c +++ b/arch/x86/kernel/eisa.c @@ -2,6 +2,7 @@ /* * EISA specific code */ +#include <linux/cc_platform.h> #include <linux/ioport.h> #include <linux/eisa.h> #include <linux/io.h> @@ -12,7 +13,7 @@ static __init int eisa_bus_probe(void) { void __iomem *p; - if (xen_pv_domain() && !xen_initial_domain()) + if ((xen_pv_domain() && !xen_initial_domain()) || cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return 0; p = ioremap(0x0FFFD9, 4); diff --git a/arch/x86/kernel/probe_roms.c b/arch/x86/kernel/probe_roms.c index 319fef37d9dc..cc2c34ba7228 100644 --- a/arch/x86/kernel/probe_roms.c +++ b/arch/x86/kernel/probe_roms.c @@ -203,16 +203,6 @@ void __init probe_roms(void) unsigned char c; int i; - /* - * The ROM memory range is not part of the e820 table and is therefore not - * pre-validated by BIOS. The kernel page table maps the ROM region as encrypted - * memory, and SNP requires encrypted memory to be validated before access. - * Do that here. - */ - snp_prep_memory(video_rom_resource.start, - ((system_rom_resource.end + 1) - video_rom_resource.start), - SNP_PAGE_STATE_PRIVATE); - /* video rom */ upper = adapter_rom_resources[0].start; for (start = video_rom_resource.start; start < upper; start += 2048) { diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index ef206500ed6f..0109e6c510e0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -9,7 +9,6 @@ #include <linux/console.h> #include <linux/crash_dump.h> #include <linux/dma-map-ops.h> -#include <linux/dmi.h> #include <linux/efi.h> #include <linux/ima.h> #include <linux/init_ohci1394_dma.h> @@ -902,7 +901,7 @@ void __init setup_arch(char **cmdline_p) efi_init(); reserve_ibft_region(); - dmi_setup(); + x86_init.resources.dmi_setup(); /* * VMware detection requires dmi to be available, so this diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index b59b09c2f284..7e1e63cc48e6 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -23,6 +23,7 @@ #include <linux/platform_device.h> #include <linux/io.h> #include <linux/psp-sev.h> +#include <linux/dmi.h> #include <uapi/linux/sev-guest.h> #include <asm/init.h> @@ -795,21 +796,6 @@ void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); } -void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) -{ - unsigned long vaddr, npages; - - vaddr = (unsigned long)__va(paddr); - npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - - if (op == SNP_PAGE_STATE_PRIVATE) - early_snp_set_memory_private(vaddr, paddr, npages); - else if (op == SNP_PAGE_STATE_SHARED) - early_snp_set_memory_shared(vaddr, paddr, npages); - else - WARN(1, "invalid memory op %d\n", op); -} - static unsigned long __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, unsigned long vaddr_end, int op) { @@ -2136,6 +2122,17 @@ void __head __noreturn snp_abort(void) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } +/* + * SEV-SNP guests should only execute dmi_setup() if EFI_CONFIG_TABLES are + * enabled, as the alternative (fallback) logic for DMI probing in the legacy + * ROM region can cause a crash since this region is not pre-validated. + */ +void __init snp_dmi_setup(void) +{ + if (efi_enabled(EFI_CONFIG_TABLES)) + dmi_setup(); +} + static void dump_cpuid_table(void) { const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table(); diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c index a42830dc151b..d5dc5a92635a 100644 --- a/arch/x86/kernel/x86_init.c +++ b/arch/x86/kernel/x86_init.c @@ -3,6 +3,7 @@ * * For licencing details see kernel-base/COPYING */ +#include <linux/dmi.h> #include <linux/init.h> #include <linux/ioport.h> #include <linux/export.h> @@ -66,6 +67,7 @@ struct x86_init_ops x86_init __initdata = { .probe_roms = probe_roms, .reserve_resources = reserve_standard_io_resources, .memory_setup = e820__memory_setup_default, + .dmi_setup = dmi_setup, }, .mpparse = { diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index 70b91de2e053..422602f6039b 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -492,6 +492,24 @@ void __init sme_early_init(void) */ if (sev_status & MSR_AMD64_SEV_ENABLED) ia32_disable(); + + /* + * Override init functions that scan the ROM region in SEV-SNP guests, + * as this memory is not pre-validated and would thus cause a crash. + */ + if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { + x86_init.mpparse.find_mptable = x86_init_noop; + x86_init.pci.init_irq = x86_init_noop; + x86_init.resources.probe_roms = x86_init_noop; + + /* + * DMI setup behavior for SEV-SNP guests depends on + * efi_enabled(EFI_CONFIG_TABLES), which hasn't been + * parsed yet. snp_dmi_setup() will run after that + * parsing has happened. + */ + x86_init.resources.dmi_setup = snp_dmi_setup; + } } void __init mem_encrypt_free_decrypted_mem(void)

1 year, 5 months

3
2
0 0

FAILED: patch "[PATCH] perf/x86/amd/lbr: Use freeze based on availability" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 598c2fafc06fe5c56a1a415fb7b544b31453d637 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040153-joyfully-negate-6062@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 598c2fafc06f ("perf/x86/amd/lbr: Use freeze based on availability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 598c2fafc06fe5c56a1a415fb7b544b31453d637 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:01:45 +0530 Subject: [PATCH] perf/x86/amd/lbr: Use freeze based on availability Currently, the LBR code assumes that LBR Freeze is supported on all processors when X86_FEATURE_AMD_LBR_V2 is available i.e. CPUID leaf 0x80000022[EAX] bit 1 is set. This is incorrect as the availability of the feature is additionally dependent on CPUID leaf 0x80000022[EAX] bit 2 being set, which may not be set for all Zen 4 processors. Define a new feature bit for LBR and PMC freeze and set the freeze enable bit (FLBRI) in DebugCtl (MSR 0x1d9) conditionally. It should still be possible to use LBR without freeze for profile-guided optimization of user programs by using an user-only branch filter during profiling. When the user-only filter is enabled, branches are no longer recorded after the transition to CPL 0 upon PMI arrival. When branch entries are read in the PMI handler, the branch stack does not change. E.g. $ perf record -j any,u -e ex_ret_brn_tkn ./workload Since the feature bit is visible under flags in /proc/cpuinfo, it can be used to determine the feasibility of use-cases which require LBR Freeze to be supported by the hardware such as profile-guided optimization of kernels. Fixes: ca5b7c0d9621 ("perf/x86/amd/lbr: Add LbrExtV2 branch record support") Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/69a453c97cfd11c6f2584b19f937fe6df741510f.17110915… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index aec16e581f5b..5692e827afef 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -904,8 +904,8 @@ static int amd_pmu_v2_handle_irq(struct pt_regs *regs) if (!status) goto done; - /* Read branch records before unfreezing */ - if (status & GLOBAL_STATUS_LBRS_FROZEN) { + /* Read branch records */ + if (x86_pmu.lbr_nr) { amd_pmu_lbr_read(); status &= ~GLOBAL_STATUS_LBRS_FROZEN; } diff --git a/arch/x86/events/amd/lbr.c b/arch/x86/events/amd/lbr.c index 4a1e600314d5..5149830c7c4f 100644 --- a/arch/x86/events/amd/lbr.c +++ b/arch/x86/events/amd/lbr.c @@ -402,10 +402,12 @@ void amd_pmu_lbr_enable_all(void) wrmsrl(MSR_AMD64_LBR_SELECT, lbr_select); } - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg | DBG_EXTN_CFG_LBRV2EN); } @@ -418,10 +420,12 @@ void amd_pmu_lbr_disable_all(void) return; rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg & ~DBG_EXTN_CFG_LBRV2EN); - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } } __init int amd_pmu_lbr_init(void) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 4d850a780f7e..a38f8f9ba657 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -459,6 +459,14 @@ #define X86_FEATURE_IBPB_BRTYPE (20*32+28) /* "" MSR_PRED_CMD[IBPB] flushes all branch type predictions */ #define X86_FEATURE_SRSO_NO (20*32+29) /* "" CPU is not affected by SRSO */ +/* + * Extended auxiliary flags: Linux defined - for features scattered in various + * CPUID levels like 0x80000022, etc. + * + * Reuse free bits when adding new feature flags! + */ +#define X86_FEATURE_AMD_LBR_PMC_FREEZE (21*32+ 0) /* AMD LBR and PMC Freeze */ + /* * BUG word(s) */ diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 0dad49a09b7a..a515328d9d7d 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -49,6 +49,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_BMEC, CPUID_EBX, 3, 0x80000020, 0 }, { X86_FEATURE_PERFMON_V2, CPUID_EAX, 0, 0x80000022, 0 }, { X86_FEATURE_AMD_LBR_V2, CPUID_EAX, 1, 0x80000022, 0 }, + { X86_FEATURE_AMD_LBR_PMC_FREEZE, CPUID_EAX, 2, 0x80000022, 0 }, { 0, 0, 0, 0, 0 } };

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x c7b2edd8377be983442c1344cb940cd2ac21b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040125-viability-refined-29d0@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: c7b2edd8377b ("perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7b2edd8377be983442c1344cb940cd2ac21b601 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:17:53 +0530 Subject: [PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later AMD processors based on Zen 2 and later microarchitectures do not support PMCx087 (instruction pipe stalls) which is used as the backing event for "stalled-cycles-frontend" and "stalled-cycles-backend". Use PMCx0A9 (cycles where micro-op queue is empty) instead to count frontend stalls and remove the entry for backend stalls since there is no direct replacement. Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Ian Rogers <irogers(a)google.com> Fixes: 3fe3331bb285 ("perf/x86/amd: Add event map for AMD Family 17h") Link: https://lore.kernel.org/r/03d7fc8fa2a28f9be732116009025bdec1b3ec97.17113521… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index 5692e827afef..af8add6c11ea 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -250,7 +250,7 @@ static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] = /* * AMD Performance Monitor Family 17h and later: */ -static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = +static const u64 amd_zen1_perfmon_event_map[PERF_COUNT_HW_MAX] = { [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, @@ -262,10 +262,24 @@ static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x0187, }; +static const u64 amd_zen2_perfmon_event_map[PERF_COUNT_HW_MAX] = +{ + [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, + [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, + [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60, + [PERF_COUNT_HW_CACHE_MISSES] = 0x0964, + [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2, + [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3, + [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00a9, +}; + static u64 amd_pmu_event_map(int hw_event) { - if (boot_cpu_data.x86 >= 0x17) - return amd_f17h_perfmon_event_map[hw_event]; + if (cpu_feature_enabled(X86_FEATURE_ZEN2) || boot_cpu_data.x86 >= 0x19) + return amd_zen2_perfmon_event_map[hw_event]; + + if (cpu_feature_enabled(X86_FEATURE_ZEN1)) + return amd_zen1_perfmon_event_map[hw_event]; return amd_perfmon_event_map[hw_event]; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/lbr: Use freeze based on availability" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 598c2fafc06fe5c56a1a415fb7b544b31453d637 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040137-tragedy-chapter-f8c0@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 598c2fafc06f ("perf/x86/amd/lbr: Use freeze based on availability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 598c2fafc06fe5c56a1a415fb7b544b31453d637 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:01:45 +0530 Subject: [PATCH] perf/x86/amd/lbr: Use freeze based on availability Currently, the LBR code assumes that LBR Freeze is supported on all processors when X86_FEATURE_AMD_LBR_V2 is available i.e. CPUID leaf 0x80000022[EAX] bit 1 is set. This is incorrect as the availability of the feature is additionally dependent on CPUID leaf 0x80000022[EAX] bit 2 being set, which may not be set for all Zen 4 processors. Define a new feature bit for LBR and PMC freeze and set the freeze enable bit (FLBRI) in DebugCtl (MSR 0x1d9) conditionally. It should still be possible to use LBR without freeze for profile-guided optimization of user programs by using an user-only branch filter during profiling. When the user-only filter is enabled, branches are no longer recorded after the transition to CPL 0 upon PMI arrival. When branch entries are read in the PMI handler, the branch stack does not change. E.g. $ perf record -j any,u -e ex_ret_brn_tkn ./workload Since the feature bit is visible under flags in /proc/cpuinfo, it can be used to determine the feasibility of use-cases which require LBR Freeze to be supported by the hardware such as profile-guided optimization of kernels. Fixes: ca5b7c0d9621 ("perf/x86/amd/lbr: Add LbrExtV2 branch record support") Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/69a453c97cfd11c6f2584b19f937fe6df741510f.17110915… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index aec16e581f5b..5692e827afef 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -904,8 +904,8 @@ static int amd_pmu_v2_handle_irq(struct pt_regs *regs) if (!status) goto done; - /* Read branch records before unfreezing */ - if (status & GLOBAL_STATUS_LBRS_FROZEN) { + /* Read branch records */ + if (x86_pmu.lbr_nr) { amd_pmu_lbr_read(); status &= ~GLOBAL_STATUS_LBRS_FROZEN; } diff --git a/arch/x86/events/amd/lbr.c b/arch/x86/events/amd/lbr.c index 4a1e600314d5..5149830c7c4f 100644 --- a/arch/x86/events/amd/lbr.c +++ b/arch/x86/events/amd/lbr.c @@ -402,10 +402,12 @@ void amd_pmu_lbr_enable_all(void) wrmsrl(MSR_AMD64_LBR_SELECT, lbr_select); } - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg | DBG_EXTN_CFG_LBRV2EN); } @@ -418,10 +420,12 @@ void amd_pmu_lbr_disable_all(void) return; rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg & ~DBG_EXTN_CFG_LBRV2EN); - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } } __init int amd_pmu_lbr_init(void) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 4d850a780f7e..a38f8f9ba657 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -459,6 +459,14 @@ #define X86_FEATURE_IBPB_BRTYPE (20*32+28) /* "" MSR_PRED_CMD[IBPB] flushes all branch type predictions */ #define X86_FEATURE_SRSO_NO (20*32+29) /* "" CPU is not affected by SRSO */ +/* + * Extended auxiliary flags: Linux defined - for features scattered in various + * CPUID levels like 0x80000022, etc. + * + * Reuse free bits when adding new feature flags! + */ +#define X86_FEATURE_AMD_LBR_PMC_FREEZE (21*32+ 0) /* AMD LBR and PMC Freeze */ + /* * BUG word(s) */ diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 0dad49a09b7a..a515328d9d7d 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -49,6 +49,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_BMEC, CPUID_EBX, 3, 0x80000020, 0 }, { X86_FEATURE_PERFMON_V2, CPUID_EAX, 0, 0x80000022, 0 }, { X86_FEATURE_AMD_LBR_V2, CPUID_EAX, 1, 0x80000022, 0 }, + { X86_FEATURE_AMD_LBR_PMC_FREEZE, CPUID_EAX, 2, 0x80000022, 0 }, { 0, 0, 0, 0, 0 } };

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/lbr: Use freeze based on availability" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 598c2fafc06fe5c56a1a415fb7b544b31453d637 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040136-sinuous-creasing-8217@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 598c2fafc06f ("perf/x86/amd/lbr: Use freeze based on availability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 598c2fafc06fe5c56a1a415fb7b544b31453d637 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:01:45 +0530 Subject: [PATCH] perf/x86/amd/lbr: Use freeze based on availability Currently, the LBR code assumes that LBR Freeze is supported on all processors when X86_FEATURE_AMD_LBR_V2 is available i.e. CPUID leaf 0x80000022[EAX] bit 1 is set. This is incorrect as the availability of the feature is additionally dependent on CPUID leaf 0x80000022[EAX] bit 2 being set, which may not be set for all Zen 4 processors. Define a new feature bit for LBR and PMC freeze and set the freeze enable bit (FLBRI) in DebugCtl (MSR 0x1d9) conditionally. It should still be possible to use LBR without freeze for profile-guided optimization of user programs by using an user-only branch filter during profiling. When the user-only filter is enabled, branches are no longer recorded after the transition to CPL 0 upon PMI arrival. When branch entries are read in the PMI handler, the branch stack does not change. E.g. $ perf record -j any,u -e ex_ret_brn_tkn ./workload Since the feature bit is visible under flags in /proc/cpuinfo, it can be used to determine the feasibility of use-cases which require LBR Freeze to be supported by the hardware such as profile-guided optimization of kernels. Fixes: ca5b7c0d9621 ("perf/x86/amd/lbr: Add LbrExtV2 branch record support") Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/69a453c97cfd11c6f2584b19f937fe6df741510f.17110915… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index aec16e581f5b..5692e827afef 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -904,8 +904,8 @@ static int amd_pmu_v2_handle_irq(struct pt_regs *regs) if (!status) goto done; - /* Read branch records before unfreezing */ - if (status & GLOBAL_STATUS_LBRS_FROZEN) { + /* Read branch records */ + if (x86_pmu.lbr_nr) { amd_pmu_lbr_read(); status &= ~GLOBAL_STATUS_LBRS_FROZEN; } diff --git a/arch/x86/events/amd/lbr.c b/arch/x86/events/amd/lbr.c index 4a1e600314d5..5149830c7c4f 100644 --- a/arch/x86/events/amd/lbr.c +++ b/arch/x86/events/amd/lbr.c @@ -402,10 +402,12 @@ void amd_pmu_lbr_enable_all(void) wrmsrl(MSR_AMD64_LBR_SELECT, lbr_select); } - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg | DBG_EXTN_CFG_LBRV2EN); } @@ -418,10 +420,12 @@ void amd_pmu_lbr_disable_all(void) return; rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg & ~DBG_EXTN_CFG_LBRV2EN); - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } } __init int amd_pmu_lbr_init(void) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 4d850a780f7e..a38f8f9ba657 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -459,6 +459,14 @@ #define X86_FEATURE_IBPB_BRTYPE (20*32+28) /* "" MSR_PRED_CMD[IBPB] flushes all branch type predictions */ #define X86_FEATURE_SRSO_NO (20*32+29) /* "" CPU is not affected by SRSO */ +/* + * Extended auxiliary flags: Linux defined - for features scattered in various + * CPUID levels like 0x80000022, etc. + * + * Reuse free bits when adding new feature flags! + */ +#define X86_FEATURE_AMD_LBR_PMC_FREEZE (21*32+ 0) /* AMD LBR and PMC Freeze */ + /* * BUG word(s) */ diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 0dad49a09b7a..a515328d9d7d 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -49,6 +49,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_BMEC, CPUID_EBX, 3, 0x80000020, 0 }, { X86_FEATURE_PERFMON_V2, CPUID_EAX, 0, 0x80000022, 0 }, { X86_FEATURE_AMD_LBR_V2, CPUID_EAX, 1, 0x80000022, 0 }, + { X86_FEATURE_AMD_LBR_PMC_FREEZE, CPUID_EAX, 2, 0x80000022, 0 }, { 0, 0, 0, 0, 0 } };

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/lbr: Use freeze based on availability" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 598c2fafc06fe5c56a1a415fb7b544b31453d637 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040111-friend-dispersal-bc2a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 598c2fafc06f ("perf/x86/amd/lbr: Use freeze based on availability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 598c2fafc06fe5c56a1a415fb7b544b31453d637 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:01:45 +0530 Subject: [PATCH] perf/x86/amd/lbr: Use freeze based on availability Currently, the LBR code assumes that LBR Freeze is supported on all processors when X86_FEATURE_AMD_LBR_V2 is available i.e. CPUID leaf 0x80000022[EAX] bit 1 is set. This is incorrect as the availability of the feature is additionally dependent on CPUID leaf 0x80000022[EAX] bit 2 being set, which may not be set for all Zen 4 processors. Define a new feature bit for LBR and PMC freeze and set the freeze enable bit (FLBRI) in DebugCtl (MSR 0x1d9) conditionally. It should still be possible to use LBR without freeze for profile-guided optimization of user programs by using an user-only branch filter during profiling. When the user-only filter is enabled, branches are no longer recorded after the transition to CPL 0 upon PMI arrival. When branch entries are read in the PMI handler, the branch stack does not change. E.g. $ perf record -j any,u -e ex_ret_brn_tkn ./workload Since the feature bit is visible under flags in /proc/cpuinfo, it can be used to determine the feasibility of use-cases which require LBR Freeze to be supported by the hardware such as profile-guided optimization of kernels. Fixes: ca5b7c0d9621 ("perf/x86/amd/lbr: Add LbrExtV2 branch record support") Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/69a453c97cfd11c6f2584b19f937fe6df741510f.17110915… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index aec16e581f5b..5692e827afef 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -904,8 +904,8 @@ static int amd_pmu_v2_handle_irq(struct pt_regs *regs) if (!status) goto done; - /* Read branch records before unfreezing */ - if (status & GLOBAL_STATUS_LBRS_FROZEN) { + /* Read branch records */ + if (x86_pmu.lbr_nr) { amd_pmu_lbr_read(); status &= ~GLOBAL_STATUS_LBRS_FROZEN; } diff --git a/arch/x86/events/amd/lbr.c b/arch/x86/events/amd/lbr.c index 4a1e600314d5..5149830c7c4f 100644 --- a/arch/x86/events/amd/lbr.c +++ b/arch/x86/events/amd/lbr.c @@ -402,10 +402,12 @@ void amd_pmu_lbr_enable_all(void) wrmsrl(MSR_AMD64_LBR_SELECT, lbr_select); } - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg | DBG_EXTN_CFG_LBRV2EN); } @@ -418,10 +420,12 @@ void amd_pmu_lbr_disable_all(void) return; rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg & ~DBG_EXTN_CFG_LBRV2EN); - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } } __init int amd_pmu_lbr_init(void) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 4d850a780f7e..a38f8f9ba657 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -459,6 +459,14 @@ #define X86_FEATURE_IBPB_BRTYPE (20*32+28) /* "" MSR_PRED_CMD[IBPB] flushes all branch type predictions */ #define X86_FEATURE_SRSO_NO (20*32+29) /* "" CPU is not affected by SRSO */ +/* + * Extended auxiliary flags: Linux defined - for features scattered in various + * CPUID levels like 0x80000022, etc. + * + * Reuse free bits when adding new feature flags! + */ +#define X86_FEATURE_AMD_LBR_PMC_FREEZE (21*32+ 0) /* AMD LBR and PMC Freeze */ + /* * BUG word(s) */ diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 0dad49a09b7a..a515328d9d7d 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -49,6 +49,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_BMEC, CPUID_EBX, 3, 0x80000020, 0 }, { X86_FEATURE_PERFMON_V2, CPUID_EAX, 0, 0x80000022, 0 }, { X86_FEATURE_AMD_LBR_V2, CPUID_EAX, 1, 0x80000022, 0 }, + { X86_FEATURE_AMD_LBR_PMC_FREEZE, CPUID_EAX, 2, 0x80000022, 0 }, { 0, 0, 0, 0, 0 } };

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/lbr: Use freeze based on availability" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 598c2fafc06fe5c56a1a415fb7b544b31453d637 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040110-spongy-stress-e02e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 598c2fafc06f ("perf/x86/amd/lbr: Use freeze based on availability") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 598c2fafc06fe5c56a1a415fb7b544b31453d637 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:01:45 +0530 Subject: [PATCH] perf/x86/amd/lbr: Use freeze based on availability Currently, the LBR code assumes that LBR Freeze is supported on all processors when X86_FEATURE_AMD_LBR_V2 is available i.e. CPUID leaf 0x80000022[EAX] bit 1 is set. This is incorrect as the availability of the feature is additionally dependent on CPUID leaf 0x80000022[EAX] bit 2 being set, which may not be set for all Zen 4 processors. Define a new feature bit for LBR and PMC freeze and set the freeze enable bit (FLBRI) in DebugCtl (MSR 0x1d9) conditionally. It should still be possible to use LBR without freeze for profile-guided optimization of user programs by using an user-only branch filter during profiling. When the user-only filter is enabled, branches are no longer recorded after the transition to CPL 0 upon PMI arrival. When branch entries are read in the PMI handler, the branch stack does not change. E.g. $ perf record -j any,u -e ex_ret_brn_tkn ./workload Since the feature bit is visible under flags in /proc/cpuinfo, it can be used to determine the feasibility of use-cases which require LBR Freeze to be supported by the hardware such as profile-guided optimization of kernels. Fixes: ca5b7c0d9621 ("perf/x86/amd/lbr: Add LbrExtV2 branch record support") Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Link: https://lore.kernel.org/r/69a453c97cfd11c6f2584b19f937fe6df741510f.17110915… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index aec16e581f5b..5692e827afef 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -904,8 +904,8 @@ static int amd_pmu_v2_handle_irq(struct pt_regs *regs) if (!status) goto done; - /* Read branch records before unfreezing */ - if (status & GLOBAL_STATUS_LBRS_FROZEN) { + /* Read branch records */ + if (x86_pmu.lbr_nr) { amd_pmu_lbr_read(); status &= ~GLOBAL_STATUS_LBRS_FROZEN; } diff --git a/arch/x86/events/amd/lbr.c b/arch/x86/events/amd/lbr.c index 4a1e600314d5..5149830c7c4f 100644 --- a/arch/x86/events/amd/lbr.c +++ b/arch/x86/events/amd/lbr.c @@ -402,10 +402,12 @@ void amd_pmu_lbr_enable_all(void) wrmsrl(MSR_AMD64_LBR_SELECT, lbr_select); } - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg | DBG_EXTN_CFG_LBRV2EN); } @@ -418,10 +420,12 @@ void amd_pmu_lbr_disable_all(void) return; rdmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg); - rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); - wrmsrl(MSR_AMD_DBG_EXTN_CFG, dbg_extn_cfg & ~DBG_EXTN_CFG_LBRV2EN); - wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + + if (cpu_feature_enabled(X86_FEATURE_AMD_LBR_PMC_FREEZE)) { + rdmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl); + wrmsrl(MSR_IA32_DEBUGCTLMSR, dbg_ctl & ~DEBUGCTLMSR_FREEZE_LBRS_ON_PMI); + } } __init int amd_pmu_lbr_init(void) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 4d850a780f7e..a38f8f9ba657 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -459,6 +459,14 @@ #define X86_FEATURE_IBPB_BRTYPE (20*32+28) /* "" MSR_PRED_CMD[IBPB] flushes all branch type predictions */ #define X86_FEATURE_SRSO_NO (20*32+29) /* "" CPU is not affected by SRSO */ +/* + * Extended auxiliary flags: Linux defined - for features scattered in various + * CPUID levels like 0x80000022, etc. + * + * Reuse free bits when adding new feature flags! + */ +#define X86_FEATURE_AMD_LBR_PMC_FREEZE (21*32+ 0) /* AMD LBR and PMC Freeze */ + /* * BUG word(s) */ diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 0dad49a09b7a..a515328d9d7d 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -49,6 +49,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_BMEC, CPUID_EBX, 3, 0x80000020, 0 }, { X86_FEATURE_PERFMON_V2, CPUID_EAX, 0, 0x80000022, 0 }, { X86_FEATURE_AMD_LBR_V2, CPUID_EAX, 1, 0x80000022, 0 }, + { X86_FEATURE_AMD_LBR_PMC_FREEZE, CPUID_EAX, 2, 0x80000022, 0 }, { 0, 0, 0, 0, 0 } };

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c7b2edd8377be983442c1344cb940cd2ac21b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040100-clinking-stylized-0888@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: c7b2edd8377b ("perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7b2edd8377be983442c1344cb940cd2ac21b601 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:17:53 +0530 Subject: [PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later AMD processors based on Zen 2 and later microarchitectures do not support PMCx087 (instruction pipe stalls) which is used as the backing event for "stalled-cycles-frontend" and "stalled-cycles-backend". Use PMCx0A9 (cycles where micro-op queue is empty) instead to count frontend stalls and remove the entry for backend stalls since there is no direct replacement. Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Ian Rogers <irogers(a)google.com> Fixes: 3fe3331bb285 ("perf/x86/amd: Add event map for AMD Family 17h") Link: https://lore.kernel.org/r/03d7fc8fa2a28f9be732116009025bdec1b3ec97.17113521… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index 5692e827afef..af8add6c11ea 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -250,7 +250,7 @@ static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] = /* * AMD Performance Monitor Family 17h and later: */ -static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = +static const u64 amd_zen1_perfmon_event_map[PERF_COUNT_HW_MAX] = { [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, @@ -262,10 +262,24 @@ static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x0187, }; +static const u64 amd_zen2_perfmon_event_map[PERF_COUNT_HW_MAX] = +{ + [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, + [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, + [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60, + [PERF_COUNT_HW_CACHE_MISSES] = 0x0964, + [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2, + [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3, + [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00a9, +}; + static u64 amd_pmu_event_map(int hw_event) { - if (boot_cpu_data.x86 >= 0x17) - return amd_f17h_perfmon_event_map[hw_event]; + if (cpu_feature_enabled(X86_FEATURE_ZEN2) || boot_cpu_data.x86 >= 0x19) + return amd_zen2_perfmon_event_map[hw_event]; + + if (cpu_feature_enabled(X86_FEATURE_ZEN1)) + return amd_zen1_perfmon_event_map[hw_event]; return amd_perfmon_event_map[hw_event]; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c7b2edd8377be983442c1344cb940cd2ac21b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040114-diaper-unlovable-0dab@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c7b2edd8377b ("perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7b2edd8377be983442c1344cb940cd2ac21b601 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:17:53 +0530 Subject: [PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later AMD processors based on Zen 2 and later microarchitectures do not support PMCx087 (instruction pipe stalls) which is used as the backing event for "stalled-cycles-frontend" and "stalled-cycles-backend". Use PMCx0A9 (cycles where micro-op queue is empty) instead to count frontend stalls and remove the entry for backend stalls since there is no direct replacement. Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Ian Rogers <irogers(a)google.com> Fixes: 3fe3331bb285 ("perf/x86/amd: Add event map for AMD Family 17h") Link: https://lore.kernel.org/r/03d7fc8fa2a28f9be732116009025bdec1b3ec97.17113521… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index 5692e827afef..af8add6c11ea 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -250,7 +250,7 @@ static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] = /* * AMD Performance Monitor Family 17h and later: */ -static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = +static const u64 amd_zen1_perfmon_event_map[PERF_COUNT_HW_MAX] = { [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, @@ -262,10 +262,24 @@ static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x0187, }; +static const u64 amd_zen2_perfmon_event_map[PERF_COUNT_HW_MAX] = +{ + [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, + [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, + [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60, + [PERF_COUNT_HW_CACHE_MISSES] = 0x0964, + [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2, + [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3, + [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00a9, +}; + static u64 amd_pmu_event_map(int hw_event) { - if (boot_cpu_data.x86 >= 0x17) - return amd_f17h_perfmon_event_map[hw_event]; + if (cpu_feature_enabled(X86_FEATURE_ZEN2) || boot_cpu_data.x86 >= 0x19) + return amd_zen2_perfmon_event_map[hw_event]; + + if (cpu_feature_enabled(X86_FEATURE_ZEN1)) + return amd_zen1_perfmon_event_map[hw_event]; return amd_perfmon_event_map[hw_event]; }

1 year, 5 months

1
0
0 0

[PATCH v4] x86/mm/ident_map: On UV systems, use gbpages only where full GB page should be mapped.

by Steve Wahl

When ident_pud_init() uses only gbpages to create identity maps, large ranges of addresses not actually requested can be included in the resulting table; a 4K request will map a full GB. On UV systems, this ends up including regions that will cause hardware to halt the system if accessed (these are marked "reserved" by BIOS). Even processor speculation into these regions is enough to trigger the system halt. And MTRRs cannot be used to restrict this speculation, there are not enough MTRRs to cover all the reserved regions. The fix for that would be to only use gbpages when map creation requests include the full GB page of space, and falling back to using smaller 2M pages when only portions of a GB page are included in the request. But on some other systems, possibly due to buggy bios, that solution leaves some areas out of the identity map that are needed for kexec to succeed. It is believed that these areas are not marked properly for map_acpi_tables() in arch/x86/kernel/machine_kexec_64.c to catch and map them. The nogbpages kernel command line option also causes these systems to fail even without these changes. So, create kexec identity maps using full GB pages on all platforms but UV; on UV, use narrower 2MB pages in the identity map where a full GB page would include areas outside the region requested. No attempt is made to coalesce mapping requests. If a request requires a map entry at the 2M (pmd) level, subsequent mapping requests within the same 1G region will also be at the pmd level, even if adjacent or overlapping such requests could have been combined to map a full gbpage. Existing usage starts with larger regions and then adds smaller regions, so this should not have any great consequence. Signed-off-by: Steve Wahl <steve.wahl(a)hpe.com> Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") Reported-by: Pavin Joseph <me(a)pavinjoseph.com> Closes: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Link: https://lore.kernel.org/all/20240322162135.3984233-1-steve.wahl@hpe.com/ Tested-by: Pavin Joseph <me(a)pavinjoseph.com> Tested-by: Eric Hagberg <ehagberg(a)gmail.com> Tested-by: Sarah Brofeldt <srhb(a)dbc.dk> --- v4: Incorporate fix for regression on systems relying on gbpages mapping more than the ranges actually requested for successful kexec, by limiting the effects of the change to UV systems. This patch based on tip/x86/urgent. v3: per Dave Hansen review, re-arrange changelog info, refactor code to use bool variable and split out conditions. v2: per Dave Hansen review: Additional changelog info, moved pud_large() check earlier in the code, and improved the comment describing the conditions that restrict gbpage usage. arch/x86/include/asm/init.h | 1 + arch/x86/kernel/machine_kexec_64.c | 10 ++++++++++ arch/x86/mm/ident_map.c | 24 +++++++++++++++++++----- 3 files changed, 30 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/init.h b/arch/x86/include/asm/init.h index cc9ccf61b6bd..371d9faea8bc 100644 --- a/arch/x86/include/asm/init.h +++ b/arch/x86/include/asm/init.h @@ -10,6 +10,7 @@ struct x86_mapping_info { unsigned long page_flag; /* page flag for PMD or PUD entry */ unsigned long offset; /* ident mapping offset */ bool direct_gbpages; /* PUD level 1GB page support */ + bool direct_gbpages_only; /* use 1GB pages exclusively */ unsigned long kernpg_flag; /* kernel pagetable flag override */ }; diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index b180d8e497c3..3a2f5d291a88 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -28,6 +28,7 @@ #include <asm/setup.h> #include <asm/set_memory.h> #include <asm/cpu.h> +#include <asm/uv/uv.h> #ifdef CONFIG_ACPI /* @@ -212,6 +213,15 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable) if (direct_gbpages) info.direct_gbpages = true; + /* + * UV systems need restrained use of gbpages in the identity + * maps to avoid system halts. But some other systems rely on + * using gbpages to expand mappings outside the regions + * actually listed, to include areas required for kexec but + * not explicitly named by the bios. + */ + if (!is_uv_system()) + info.direct_gbpages_only = true; for (i = 0; i < nr_pfn_mapped; i++) { mstart = pfn_mapped[i].start << PAGE_SHIFT; diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index 968d7005f4a7..a538a54aba5d 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,18 +26,32 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; + bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - if (info->direct_gbpages) { - pud_t pudval; + /* if this is already a gbpage, this portion is already mapped */ + if (pud_leaf(*pud)) + continue; + + /* Is using a gbpage allowed? */ + use_gbpage = info->direct_gbpages; - if (pud_present(*pud)) - continue; + if (!info->direct_gbpages_only) { + /* Don't use gbpage if it maps more than the requested region. */ + /* at the beginning: */ + use_gbpage &= ((addr & ~PUD_MASK) == 0); + /* ... or at the end: */ + use_gbpage &= ((next & ~PUD_MASK) == 0); + } + /* Never overwrite existing mappings */ + use_gbpage &= !pud_present(*pud); + + if (use_gbpage) { + pud_t pudval; - addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue; base-commit: b6540de9b5c867b4c8bc31225db181cc017d8cc7 -- 2.26.2

1 year, 5 months

5
9
0 0

FAILED: patch "[PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c7b2edd8377be983442c1344cb940cd2ac21b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040106-slacking-uncanny-50dc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: c7b2edd8377b ("perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7b2edd8377be983442c1344cb940cd2ac21b601 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:17:53 +0530 Subject: [PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later AMD processors based on Zen 2 and later microarchitectures do not support PMCx087 (instruction pipe stalls) which is used as the backing event for "stalled-cycles-frontend" and "stalled-cycles-backend". Use PMCx0A9 (cycles where micro-op queue is empty) instead to count frontend stalls and remove the entry for backend stalls since there is no direct replacement. Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Ian Rogers <irogers(a)google.com> Fixes: 3fe3331bb285 ("perf/x86/amd: Add event map for AMD Family 17h") Link: https://lore.kernel.org/r/03d7fc8fa2a28f9be732116009025bdec1b3ec97.17113521… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index 5692e827afef..af8add6c11ea 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -250,7 +250,7 @@ static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] = /* * AMD Performance Monitor Family 17h and later: */ -static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = +static const u64 amd_zen1_perfmon_event_map[PERF_COUNT_HW_MAX] = { [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, @@ -262,10 +262,24 @@ static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x0187, }; +static const u64 amd_zen2_perfmon_event_map[PERF_COUNT_HW_MAX] = +{ + [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, + [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, + [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60, + [PERF_COUNT_HW_CACHE_MISSES] = 0x0964, + [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2, + [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3, + [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00a9, +}; + static u64 amd_pmu_event_map(int hw_event) { - if (boot_cpu_data.x86 >= 0x17) - return amd_f17h_perfmon_event_map[hw_event]; + if (cpu_feature_enabled(X86_FEATURE_ZEN2) || boot_cpu_data.x86 >= 0x19) + return amd_zen2_perfmon_event_map[hw_event]; + + if (cpu_feature_enabled(X86_FEATURE_ZEN1)) + return amd_zen1_perfmon_event_map[hw_event]; return amd_perfmon_event_map[hw_event]; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c7b2edd8377be983442c1344cb940cd2ac21b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040105-simply-footpath-ff09@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: c7b2edd8377b ("perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7b2edd8377be983442c1344cb940cd2ac21b601 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:17:53 +0530 Subject: [PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later AMD processors based on Zen 2 and later microarchitectures do not support PMCx087 (instruction pipe stalls) which is used as the backing event for "stalled-cycles-frontend" and "stalled-cycles-backend". Use PMCx0A9 (cycles where micro-op queue is empty) instead to count frontend stalls and remove the entry for backend stalls since there is no direct replacement. Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Ian Rogers <irogers(a)google.com> Fixes: 3fe3331bb285 ("perf/x86/amd: Add event map for AMD Family 17h") Link: https://lore.kernel.org/r/03d7fc8fa2a28f9be732116009025bdec1b3ec97.17113521… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index 5692e827afef..af8add6c11ea 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -250,7 +250,7 @@ static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] = /* * AMD Performance Monitor Family 17h and later: */ -static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = +static const u64 amd_zen1_perfmon_event_map[PERF_COUNT_HW_MAX] = { [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, @@ -262,10 +262,24 @@ static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x0187, }; +static const u64 amd_zen2_perfmon_event_map[PERF_COUNT_HW_MAX] = +{ + [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, + [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, + [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60, + [PERF_COUNT_HW_CACHE_MISSES] = 0x0964, + [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2, + [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3, + [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00a9, +}; + static u64 amd_pmu_event_map(int hw_event) { - if (boot_cpu_data.x86 >= 0x17) - return amd_f17h_perfmon_event_map[hw_event]; + if (cpu_feature_enabled(X86_FEATURE_ZEN2) || boot_cpu_data.x86 >= 0x19) + return amd_zen2_perfmon_event_map[hw_event]; + + if (cpu_feature_enabled(X86_FEATURE_ZEN1)) + return amd_zen1_perfmon_event_map[hw_event]; return amd_perfmon_event_map[hw_event]; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c7b2edd8377be983442c1344cb940cd2ac21b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040104-avid-embolism-6b9b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: c7b2edd8377b ("perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7b2edd8377be983442c1344cb940cd2ac21b601 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:17:53 +0530 Subject: [PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later AMD processors based on Zen 2 and later microarchitectures do not support PMCx087 (instruction pipe stalls) which is used as the backing event for "stalled-cycles-frontend" and "stalled-cycles-backend". Use PMCx0A9 (cycles where micro-op queue is empty) instead to count frontend stalls and remove the entry for backend stalls since there is no direct replacement. Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Ian Rogers <irogers(a)google.com> Fixes: 3fe3331bb285 ("perf/x86/amd: Add event map for AMD Family 17h") Link: https://lore.kernel.org/r/03d7fc8fa2a28f9be732116009025bdec1b3ec97.17113521… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index 5692e827afef..af8add6c11ea 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -250,7 +250,7 @@ static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] = /* * AMD Performance Monitor Family 17h and later: */ -static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = +static const u64 amd_zen1_perfmon_event_map[PERF_COUNT_HW_MAX] = { [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, @@ -262,10 +262,24 @@ static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x0187, }; +static const u64 amd_zen2_perfmon_event_map[PERF_COUNT_HW_MAX] = +{ + [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, + [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, + [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60, + [PERF_COUNT_HW_CACHE_MISSES] = 0x0964, + [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2, + [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3, + [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00a9, +}; + static u64 amd_pmu_event_map(int hw_event) { - if (boot_cpu_data.x86 >= 0x17) - return amd_f17h_perfmon_event_map[hw_event]; + if (cpu_feature_enabled(X86_FEATURE_ZEN2) || boot_cpu_data.x86 >= 0x19) + return amd_zen2_perfmon_event_map[hw_event]; + + if (cpu_feature_enabled(X86_FEATURE_ZEN1)) + return amd_zen1_perfmon_event_map[hw_event]; return amd_perfmon_event_map[hw_event]; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c7b2edd8377be983442c1344cb940cd2ac21b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040103-scholar-tall-0cf6@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c7b2edd8377b ("perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later") 3fe3331bb285 ("perf/x86/amd: Add event map for AMD Family 17h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c7b2edd8377be983442c1344cb940cd2ac21b601 Mon Sep 17 00:00:00 2001 From: Sandipan Das <sandipan.das(a)amd.com> Date: Mon, 25 Mar 2024 13:17:53 +0530 Subject: [PATCH] perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later AMD processors based on Zen 2 and later microarchitectures do not support PMCx087 (instruction pipe stalls) which is used as the backing event for "stalled-cycles-frontend" and "stalled-cycles-backend". Use PMCx0A9 (cycles where micro-op queue is empty) instead to count frontend stalls and remove the entry for backend stalls since there is no direct replacement. Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Ian Rogers <irogers(a)google.com> Fixes: 3fe3331bb285 ("perf/x86/amd: Add event map for AMD Family 17h") Link: https://lore.kernel.org/r/03d7fc8fa2a28f9be732116009025bdec1b3ec97.17113521… diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index 5692e827afef..af8add6c11ea 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -250,7 +250,7 @@ static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] = /* * AMD Performance Monitor Family 17h and later: */ -static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = +static const u64 amd_zen1_perfmon_event_map[PERF_COUNT_HW_MAX] = { [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, @@ -262,10 +262,24 @@ static const u64 amd_f17h_perfmon_event_map[PERF_COUNT_HW_MAX] = [PERF_COUNT_HW_STALLED_CYCLES_BACKEND] = 0x0187, }; +static const u64 amd_zen2_perfmon_event_map[PERF_COUNT_HW_MAX] = +{ + [PERF_COUNT_HW_CPU_CYCLES] = 0x0076, + [PERF_COUNT_HW_INSTRUCTIONS] = 0x00c0, + [PERF_COUNT_HW_CACHE_REFERENCES] = 0xff60, + [PERF_COUNT_HW_CACHE_MISSES] = 0x0964, + [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = 0x00c2, + [PERF_COUNT_HW_BRANCH_MISSES] = 0x00c3, + [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND] = 0x00a9, +}; + static u64 amd_pmu_event_map(int hw_event) { - if (boot_cpu_data.x86 >= 0x17) - return amd_f17h_perfmon_event_map[hw_event]; + if (cpu_feature_enabled(X86_FEATURE_ZEN2) || boot_cpu_data.x86 >= 0x19) + return amd_zen2_perfmon_event_map[hw_event]; + + if (cpu_feature_enabled(X86_FEATURE_ZEN1)) + return amd_zen1_perfmon_event_map[hw_event]; return amd_perfmon_event_map[hw_event]; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] scsi: libsas: Fix disk not being scanned in after being" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8e68a458bcf5b5cb9c3624598bae28f08251601f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040152-bobtail-animate-4d38@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8e68a458bcf5 ("scsi: libsas: Fix disk not being scanned in after being removed") d8649fc1c5e4 ("scsi: libsas: Do discovery on empty PHY to update PHY info") 7b27c5fe247b ("scsi: libsas: Stop hardcoding SAS address length") 15ba7806c316 ("scsi: libsas: Drop SAS_DPRINTK() and revise logs levels") 71a4a9923122 ("scsi: libsas: Drop sas_printk()") d188e5db9d27 ("scsi: libsas: Use pr_fmt(fmt)") 32c850bf587f ("scsi: libsas: always unregister the old device if going to discover new") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e68a458bcf5b5cb9c3624598bae28f08251601f Mon Sep 17 00:00:00 2001 From: Xingui Yang <yangxingui(a)huawei.com> Date: Thu, 7 Mar 2024 14:14:13 +0000 Subject: [PATCH] scsi: libsas: Fix disk not being scanned in after being removed As of commit d8649fc1c5e4 ("scsi: libsas: Do discovery on empty PHY to update PHY info"), do discovery will send a new SMP_DISCOVER and update phy->phy_change_count. We found that if the disk is reconnected and phy change_count changes at this time, the disk scanning process will not be triggered. Therefore, call sas_set_ex_phy() to update the PHY info with the results of the last query. And because the previous phy info will be used when calling sas_unregister_devs_sas_addr(), sas_unregister_devs_sas_addr() should be called before sas_set_ex_phy(). Fixes: d8649fc1c5e4 ("scsi: libsas: Do discovery on empty PHY to update PHY info") Signed-off-by: Xingui Yang <yangxingui(a)huawei.com> Link: https://lore.kernel.org/r/20240307141413.48049-3-yangxingui@huawei.com Reviewed-by: John Garry <john.g.garry(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c index de9dee488277..5c261005b74e 100644 --- a/drivers/scsi/libsas/sas_expander.c +++ b/drivers/scsi/libsas/sas_expander.c @@ -1945,6 +1945,7 @@ static int sas_rediscover_dev(struct domain_device *dev, int phy_id, struct expander_device *ex = &dev->ex_dev; struct ex_phy *phy = &ex->ex_phy[phy_id]; enum sas_device_type type = SAS_PHY_UNUSED; + struct smp_disc_resp *disc_resp; u8 sas_addr[SAS_ADDR_SIZE]; char msg[80] = ""; int res; @@ -1956,33 +1957,41 @@ static int sas_rediscover_dev(struct domain_device *dev, int phy_id, SAS_ADDR(dev->sas_addr), phy_id, msg); memset(sas_addr, 0, SAS_ADDR_SIZE); - res = sas_get_phy_attached_dev(dev, phy_id, sas_addr, &type); + disc_resp = alloc_smp_resp(DISCOVER_RESP_SIZE); + if (!disc_resp) + return -ENOMEM; + + res = sas_get_phy_discover(dev, phy_id, disc_resp); switch (res) { case SMP_RESP_NO_PHY: phy->phy_state = PHY_NOT_PRESENT; sas_unregister_devs_sas_addr(dev, phy_id, last); - return res; + goto out_free_resp; case SMP_RESP_PHY_VACANT: phy->phy_state = PHY_VACANT; sas_unregister_devs_sas_addr(dev, phy_id, last); - return res; + goto out_free_resp; case SMP_RESP_FUNC_ACC: break; case -ECOMM: break; default: - return res; + goto out_free_resp; } + if (res == 0) + sas_get_sas_addr_and_dev_type(disc_resp, sas_addr, &type); + if ((SAS_ADDR(sas_addr) == 0) || (res == -ECOMM)) { phy->phy_state = PHY_EMPTY; sas_unregister_devs_sas_addr(dev, phy_id, last); /* - * Even though the PHY is empty, for convenience we discover - * the PHY to update the PHY info, like negotiated linkrate. + * Even though the PHY is empty, for convenience we update + * the PHY info, like negotiated linkrate. */ - sas_ex_phy_discover(dev, phy_id); - return res; + if (res == 0) + sas_set_ex_phy(dev, phy_id, disc_resp); + goto out_free_resp; } else if (SAS_ADDR(sas_addr) == SAS_ADDR(phy->attached_sas_addr) && dev_type_flutter(type, phy->attached_dev_type)) { struct domain_device *ata_dev = sas_ex_to_ata(dev, phy_id); @@ -1994,7 +2003,7 @@ static int sas_rediscover_dev(struct domain_device *dev, int phy_id, action = ", needs recovery"; pr_debug("ex %016llx phy%02d broadcast flutter%s\n", SAS_ADDR(dev->sas_addr), phy_id, action); - return res; + goto out_free_resp; } /* we always have to delete the old device when we went here */ @@ -2003,7 +2012,10 @@ static int sas_rediscover_dev(struct domain_device *dev, int phy_id, SAS_ADDR(phy->attached_sas_addr)); sas_unregister_devs_sas_addr(dev, phy_id, last); - return sas_discover_new(dev, phy_id); + res = sas_discover_new(dev, phy_id); +out_free_resp: + kfree(disc_resp); + return res; } /**

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix race when detecting delalloc ranges during fiemap" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 978b63f7464abcfd364a6c95f734282c50f3decf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040118-pebble-afoot-d19f@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 978b63f7464a ("btrfs: fix race when detecting delalloc ranges during fiemap") 418b09027743 ("btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given") a1a4a9ca77f1 ("btrfs: fix race between ordered extent completion and fiemap") b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 978b63f7464abcfd364a6c95f734282c50f3decf Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 28 Feb 2024 11:37:56 +0000 Subject: [PATCH] btrfs: fix race when detecting delalloc ranges during fiemap For fiemap we recently stopped locking the target extent range for the whole duration of the fiemap call, in order to avoid a deadlock in a scenario where the fiemap buffer happens to be a memory mapped range of the same file. This use case is very unlikely to be useful in practice but it may be triggered by fuzz testing (syzbot, etc). This however introduced a race that makes us miss delalloc ranges for file regions that are currently holes, so the caller of fiemap will not be aware that there's data for some file regions. This can be quite serious for some use cases - for example in coreutils versions before 9.0, the cp program used fiemap to detect holes and data in the source file, copying only regions with data (extents or delalloc) from the source file to the destination file in order to preserve holes (see the documentation for its --sparse command line option). This means that if cp was used with a source file that had delalloc in a hole, the destination file could end up without that data, which is effectively a data loss issue, if it happened to hit the race described below. The race happens like this: 1) Fiemap is called, without the FIEMAP_FLAG_SYNC flag, for a file that has delalloc in the file range [64M, 65M[, which is currently a hole; 2) Fiemap locks the inode in shared mode, then starts iterating the inode's subvolume tree searching for file extent items, without having the whole fiemap target range locked in the inode's io tree - the change introduced recently by commit b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking"). It only locks ranges in the io tree when it finds a hole or prealloc extent since that commit; 3) Note that fiemap clones each leaf before using it, and this is to avoid deadlocks when locking a file range in the inode's io tree and the fiemap buffer is memory mapped to some file, because writing to the page with btrfs_page_mkwrite() will wait on any ordered extent for the page's range and the ordered extent needs to lock the range and may need to modify the same leaf, therefore leading to a deadlock on the leaf; 4) While iterating the file extent items in the cloned leaf before finding the hole in the range [64M, 65M[, the delalloc in that range is flushed and its ordered extent completes - meaning the corresponding file extent item is in the inode's subvolume tree, but not present in the cloned leaf that fiemap is iterating over; 5) When fiemap finds the hole in the [64M, 65M[ range by seeing the gap in the cloned leaf (or a file extent item with disk_bytenr == 0 in case the NO_HOLES feature is not enabled), it will lock that file range in the inode's io tree and then search for delalloc by checking for the EXTENT_DELALLOC bit in the io tree for that range and ordered extents (with btrfs_find_delalloc_in_range()). But it finds nothing since the delalloc in that range was already flushed and the ordered extent completed and is gone - as a result fiemap will not report that there's delalloc or an extent for the range [64M, 65M[, so user space will be mislead into thinking that there's a hole in that range. This could actually be sporadically triggered with test case generic/094 from fstests, which reports a missing extent/delalloc range like this: generic/094 2s ... - output mismatch (see /home/fdmanana/git/hub/xfstests/results//generic/094.out.bad) --- tests/generic/094.out 2020-06-10 19:29:03.830519425 +0100 +++ /home/fdmanana/git/hub/xfstests/results//generic/094.out.bad 2024-02-28 11:00:00.381071525 +0000 @@ -1,3 +1,9 @@ QA output created by 094 fiemap run with sync fiemap run without sync +ERROR: couldn't find extent at 7 +map is 'HHDDHPPDPHPH' +logical: [ 5.. 6] phys: 301517.. 301518 flags: 0x800 tot: 2 +logical: [ 8.. 8] phys: 301520.. 301520 flags: 0x800 tot: 1 ... (Run 'diff -u /home/fdmanana/git/hub/xfstests/tests/generic/094.out /home/fdmanana/git/hub/xfstests/results//generic/094.out.bad' to see the entire diff) So in order to fix this, while still avoiding deadlocks in the case where the fiemap buffer is memory mapped to the same file, change fiemap to work like the following: 1) Always lock the whole range in the inode's io tree before starting to iterate the inode's subvolume tree searching for file extent items, just like we did before commit b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking"); 2) Now instead of writing to the fiemap buffer every time we have an extent to report, write instead to a temporary buffer (1 page), and when that buffer becomes full, stop iterating the file extent items, unlock the range in the io tree, release the search path, submit all the entries kept in that buffer to the fiemap buffer, and then resume the search for file extent items after locking again the remainder of the range in the io tree. The buffer having a size of a page, allows for 146 entries in a system with 4K pages. This is a large enough value to have a good performance by avoiding too many restarts of the search for file extent items. In other words this preserves the huge performance gains made in the last two years to fiemap, while avoiding the deadlocks in case the fiemap buffer is memory mapped to the same file (useless in practice, but possible and exercised by fuzz testing and syzbot). Fixes: b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking") Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index e6a2b6eb89e1..fbb05b0f7ebc 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -2453,12 +2453,65 @@ int try_release_extent_mapping(struct page *page, gfp_t mask) return try_release_extent_state(tree, page, mask); } +struct btrfs_fiemap_entry { + u64 offset; + u64 phys; + u64 len; + u32 flags; +}; + /* - * To cache previous fiemap extent + * Indicate the caller of emit_fiemap_extent() that it needs to unlock the file + * range from the inode's io tree, unlock the subvolume tree search path, flush + * the fiemap cache and relock the file range and research the subvolume tree. + * The value here is something negative that can't be confused with a valid + * errno value and different from 1 because that's also a return value from + * fiemap_fill_next_extent() and also it's often used to mean some btree search + * did not find a key, so make it some distinct negative value. + */ +#define BTRFS_FIEMAP_FLUSH_CACHE (-(MAX_ERRNO + 1)) + +/* + * Used to: * - * Will be used for merging fiemap extent + * - Cache the next entry to be emitted to the fiemap buffer, so that we can + * merge extents that are contiguous and can be grouped as a single one; + * + * - Store extents ready to be written to the fiemap buffer in an intermediary + * buffer. This intermediary buffer is to ensure that in case the fiemap + * buffer is memory mapped to the fiemap target file, we don't deadlock + * during btrfs_page_mkwrite(). This is because during fiemap we are locking + * an extent range in order to prevent races with delalloc flushing and + * ordered extent completion, which is needed in order to reliably detect + * delalloc in holes and prealloc extents. And this can lead to a deadlock + * if the fiemap buffer is memory mapped to the file we are running fiemap + * against (a silly, useless in practice scenario, but possible) because + * btrfs_page_mkwrite() will try to lock the same extent range. */ struct fiemap_cache { + /* An array of ready fiemap entries. */ + struct btrfs_fiemap_entry *entries; + /* Number of entries in the entries array. */ + int entries_size; + /* Index of the next entry in the entries array to write to. */ + int entries_pos; + /* + * Once the entries array is full, this indicates what's the offset for + * the next file extent item we must search for in the inode's subvolume + * tree after unlocking the extent range in the inode's io tree and + * releasing the search path. + */ + u64 next_search_offset; + /* + * This matches struct fiemap_extent_info::fi_mapped_extents, we use it + * to count ourselves emitted extents and stop instead of relying on + * fiemap_fill_next_extent() because we buffer ready fiemap entries at + * the @entries array, and we want to stop as soon as we hit the max + * amount of extents to map, not just to save time but also to make the + * logic at extent_fiemap() simpler. + */ + unsigned int extents_mapped; + /* Fields for the cached extent (unsubmitted, not ready, extent). */ u64 offset; u64 phys; u64 len; @@ -2466,6 +2519,28 @@ struct fiemap_cache { bool cached; }; +static int flush_fiemap_cache(struct fiemap_extent_info *fieinfo, + struct fiemap_cache *cache) +{ + for (int i = 0; i < cache->entries_pos; i++) { + struct btrfs_fiemap_entry *entry = &cache->entries[i]; + int ret; + + ret = fiemap_fill_next_extent(fieinfo, entry->offset, + entry->phys, entry->len, + entry->flags); + /* + * Ignore 1 (reached max entries) because we keep track of that + * ourselves in emit_fiemap_extent(). + */ + if (ret < 0) + return ret; + } + cache->entries_pos = 0; + + return 0; +} + /* * Helper to submit fiemap extent. * @@ -2480,8 +2555,8 @@ static int emit_fiemap_extent(struct fiemap_extent_info *fieinfo, struct fiemap_cache *cache, u64 offset, u64 phys, u64 len, u32 flags) { + struct btrfs_fiemap_entry *entry; u64 cache_end; - int ret = 0; /* Set at the end of extent_fiemap(). */ ASSERT((flags & FIEMAP_EXTENT_LAST) == 0); @@ -2494,7 +2569,9 @@ static int emit_fiemap_extent(struct fiemap_extent_info *fieinfo, * find an extent that starts at an offset behind the end offset of the * previous extent we processed. This happens if fiemap is called * without FIEMAP_FLAG_SYNC and there are ordered extents completing - * while we call btrfs_next_leaf() (through fiemap_next_leaf_item()). + * after we had to unlock the file range, release the search path, emit + * the fiemap extents stored in the buffer (cache->entries array) and + * the lock the remainder of the range and re-search the btree. * * For example we are in leaf X processing its last item, which is the * file extent item for file range [512K, 1M[, and after @@ -2607,11 +2684,35 @@ static int emit_fiemap_extent(struct fiemap_extent_info *fieinfo, emit: /* Not mergeable, need to submit cached one */ - ret = fiemap_fill_next_extent(fieinfo, cache->offset, cache->phys, - cache->len, cache->flags); - cache->cached = false; - if (ret) - return ret; + + if (cache->entries_pos == cache->entries_size) { + /* + * We will need to research for the end offset of the last + * stored extent and not from the current offset, because after + * unlocking the range and releasing the path, if there's a hole + * between that end offset and this current offset, a new extent + * may have been inserted due to a new write, so we don't want + * to miss it. + */ + entry = &cache->entries[cache->entries_size - 1]; + cache->next_search_offset = entry->offset + entry->len; + cache->cached = false; + + return BTRFS_FIEMAP_FLUSH_CACHE; + } + + entry = &cache->entries[cache->entries_pos]; + entry->offset = cache->offset; + entry->phys = cache->phys; + entry->len = cache->len; + entry->flags = cache->flags; + cache->entries_pos++; + cache->extents_mapped++; + + if (cache->extents_mapped == fieinfo->fi_extents_max) { + cache->cached = false; + return 1; + } assign: cache->cached = true; cache->offset = offset; @@ -2737,8 +2838,8 @@ static int fiemap_search_slot(struct btrfs_inode *inode, struct btrfs_path *path * neighbour leaf). * We also need the private clone because holding a read lock on an * extent buffer of the subvolume's b+tree will make lockdep unhappy - * when we call fiemap_fill_next_extent(), because that may cause a page - * fault when filling the user space buffer with fiemap data. + * when we check if extents are shared, as backref walking may need to + * lock the same leaf we are processing. */ clone = btrfs_clone_extent_buffer(path->nodes[0]); if (!clone) @@ -2778,34 +2879,16 @@ static int fiemap_process_hole(struct btrfs_inode *inode, * it beyond i_size. */ while (cur_offset < end && cur_offset < i_size) { - struct extent_state *cached_state = NULL; u64 delalloc_start; u64 delalloc_end; u64 prealloc_start; - u64 lockstart; - u64 lockend; u64 prealloc_len = 0; bool delalloc; - lockstart = round_down(cur_offset, inode->root->fs_info->sectorsize); - lockend = round_up(end, inode->root->fs_info->sectorsize); - - /* - * We are only locking for the delalloc range because that's the - * only thing that can change here. With fiemap we have a lock - * on the inode, so no buffered or direct writes can happen. - * - * However mmaps and normal page writeback will cause this to - * change arbitrarily. We have to lock the extent lock here to - * make sure that nobody messes with the tree while we're doing - * btrfs_find_delalloc_in_range. - */ - lock_extent(&inode->io_tree, lockstart, lockend, &cached_state); delalloc = btrfs_find_delalloc_in_range(inode, cur_offset, end, delalloc_cached_state, &delalloc_start, &delalloc_end); - unlock_extent(&inode->io_tree, lockstart, lockend, &cached_state); if (!delalloc) break; @@ -2973,6 +3056,7 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { const u64 ino = btrfs_ino(inode); + struct extent_state *cached_state = NULL; struct extent_state *delalloc_cached_state = NULL; struct btrfs_path *path; struct fiemap_cache cache = { 0 }; @@ -2985,26 +3069,33 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, bool stopped = false; int ret; + cache.entries_size = PAGE_SIZE / sizeof(struct btrfs_fiemap_entry); + cache.entries = kmalloc_array(cache.entries_size, + sizeof(struct btrfs_fiemap_entry), + GFP_KERNEL); backref_ctx = btrfs_alloc_backref_share_check_ctx(); path = btrfs_alloc_path(); - if (!backref_ctx || !path) { + if (!cache.entries || !backref_ctx || !path) { ret = -ENOMEM; goto out; } +restart: range_start = round_down(start, sectorsize); range_end = round_up(start + len, sectorsize); prev_extent_end = range_start; + lock_extent(&inode->io_tree, range_start, range_end, &cached_state); + ret = fiemap_find_last_extent_offset(inode, path, &last_extent_end); if (ret < 0) - goto out; + goto out_unlock; btrfs_release_path(path); path->reada = READA_FORWARD; ret = fiemap_search_slot(inode, path, range_start); if (ret < 0) { - goto out; + goto out_unlock; } else if (ret > 0) { /* * No file extent item found, but we may have delalloc between @@ -3051,7 +3142,7 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, backref_ctx, 0, 0, 0, prev_extent_end, hole_end); if (ret < 0) { - goto out; + goto out_unlock; } else if (ret > 0) { /* fiemap_fill_next_extent() told us to stop. */ stopped = true; @@ -3107,7 +3198,7 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, extent_gen, backref_ctx); if (ret < 0) - goto out; + goto out_unlock; else if (ret > 0) flags |= FIEMAP_EXTENT_SHARED; } @@ -3118,9 +3209,9 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, } if (ret < 0) { - goto out; + goto out_unlock; } else if (ret > 0) { - /* fiemap_fill_next_extent() told us to stop. */ + /* emit_fiemap_extent() told us to stop. */ stopped = true; break; } @@ -3129,12 +3220,12 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, next_item: if (fatal_signal_pending(current)) { ret = -EINTR; - goto out; + goto out_unlock; } ret = fiemap_next_leaf_item(inode, path); if (ret < 0) { - goto out; + goto out_unlock; } else if (ret > 0) { /* No more file extent items for this inode. */ break; @@ -3143,22 +3234,12 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, } check_eof_delalloc: - /* - * Release (and free) the path before emitting any final entries to - * fiemap_fill_next_extent() to keep lockdep happy. This is because - * once we find no more file extent items exist, we may have a - * non-cloned leaf, and fiemap_fill_next_extent() can trigger page - * faults when copying data to the user space buffer. - */ - btrfs_free_path(path); - path = NULL; - if (!stopped && prev_extent_end < range_end) { ret = fiemap_process_hole(inode, fieinfo, &cache, &delalloc_cached_state, backref_ctx, 0, 0, 0, prev_extent_end, range_end - 1); if (ret < 0) - goto out; + goto out_unlock; prev_extent_end = range_end; } @@ -3166,28 +3247,16 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, const u64 i_size = i_size_read(&inode->vfs_inode); if (prev_extent_end < i_size) { - struct extent_state *cached_state = NULL; u64 delalloc_start; u64 delalloc_end; - u64 lockstart; - u64 lockend; bool delalloc; - lockstart = round_down(prev_extent_end, sectorsize); - lockend = round_up(i_size, sectorsize); - - /* - * See the comment in fiemap_process_hole as to why - * we're doing the locking here. - */ - lock_extent(&inode->io_tree, lockstart, lockend, &cached_state); delalloc = btrfs_find_delalloc_in_range(inode, prev_extent_end, i_size - 1, &delalloc_cached_state, &delalloc_start, &delalloc_end); - unlock_extent(&inode->io_tree, lockstart, lockend, &cached_state); if (!delalloc) cache.flags |= FIEMAP_EXTENT_LAST; } else { @@ -3195,9 +3264,39 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, } } +out_unlock: + unlock_extent(&inode->io_tree, range_start, range_end, &cached_state); + + if (ret == BTRFS_FIEMAP_FLUSH_CACHE) { + btrfs_release_path(path); + ret = flush_fiemap_cache(fieinfo, &cache); + if (ret) + goto out; + len -= cache.next_search_offset - start; + start = cache.next_search_offset; + goto restart; + } else if (ret < 0) { + goto out; + } + + /* + * Must free the path before emitting to the fiemap buffer because we + * may have a non-cloned leaf and if the fiemap buffer is memory mapped + * to a file, a write into it (through btrfs_page_mkwrite()) may trigger + * waiting for an ordered extent that in order to complete needs to + * modify that leaf, therefore leading to a deadlock. + */ + btrfs_free_path(path); + path = NULL; + + ret = flush_fiemap_cache(fieinfo, &cache); + if (ret) + goto out; + ret = emit_last_fiemap_cache(fieinfo, &cache); out: free_extent_state(delalloc_cached_state); + kfree(cache.entries); btrfs_free_backref_share_ctx(backref_ctx); btrfs_free_path(path); return ret;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix race when detecting delalloc ranges during fiemap" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 978b63f7464abcfd364a6c95f734282c50f3decf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040115-paparazzi-shortcut-137f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 978b63f7464a ("btrfs: fix race when detecting delalloc ranges during fiemap") 418b09027743 ("btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given") a1a4a9ca77f1 ("btrfs: fix race between ordered extent completion and fiemap") b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 978b63f7464abcfd364a6c95f734282c50f3decf Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 28 Feb 2024 11:37:56 +0000 Subject: [PATCH] btrfs: fix race when detecting delalloc ranges during fiemap For fiemap we recently stopped locking the target extent range for the whole duration of the fiemap call, in order to avoid a deadlock in a scenario where the fiemap buffer happens to be a memory mapped range of the same file. This use case is very unlikely to be useful in practice but it may be triggered by fuzz testing (syzbot, etc). This however introduced a race that makes us miss delalloc ranges for file regions that are currently holes, so the caller of fiemap will not be aware that there's data for some file regions. This can be quite serious for some use cases - for example in coreutils versions before 9.0, the cp program used fiemap to detect holes and data in the source file, copying only regions with data (extents or delalloc) from the source file to the destination file in order to preserve holes (see the documentation for its --sparse command line option). This means that if cp was used with a source file that had delalloc in a hole, the destination file could end up without that data, which is effectively a data loss issue, if it happened to hit the race described below. The race happens like this: 1) Fiemap is called, without the FIEMAP_FLAG_SYNC flag, for a file that has delalloc in the file range [64M, 65M[, which is currently a hole; 2) Fiemap locks the inode in shared mode, then starts iterating the inode's subvolume tree searching for file extent items, without having the whole fiemap target range locked in the inode's io tree - the change introduced recently by commit b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking"). It only locks ranges in the io tree when it finds a hole or prealloc extent since that commit; 3) Note that fiemap clones each leaf before using it, and this is to avoid deadlocks when locking a file range in the inode's io tree and the fiemap buffer is memory mapped to some file, because writing to the page with btrfs_page_mkwrite() will wait on any ordered extent for the page's range and the ordered extent needs to lock the range and may need to modify the same leaf, therefore leading to a deadlock on the leaf; 4) While iterating the file extent items in the cloned leaf before finding the hole in the range [64M, 65M[, the delalloc in that range is flushed and its ordered extent completes - meaning the corresponding file extent item is in the inode's subvolume tree, but not present in the cloned leaf that fiemap is iterating over; 5) When fiemap finds the hole in the [64M, 65M[ range by seeing the gap in the cloned leaf (or a file extent item with disk_bytenr == 0 in case the NO_HOLES feature is not enabled), it will lock that file range in the inode's io tree and then search for delalloc by checking for the EXTENT_DELALLOC bit in the io tree for that range and ordered extents (with btrfs_find_delalloc_in_range()). But it finds nothing since the delalloc in that range was already flushed and the ordered extent completed and is gone - as a result fiemap will not report that there's delalloc or an extent for the range [64M, 65M[, so user space will be mislead into thinking that there's a hole in that range. This could actually be sporadically triggered with test case generic/094 from fstests, which reports a missing extent/delalloc range like this: generic/094 2s ... - output mismatch (see /home/fdmanana/git/hub/xfstests/results//generic/094.out.bad) --- tests/generic/094.out 2020-06-10 19:29:03.830519425 +0100 +++ /home/fdmanana/git/hub/xfstests/results//generic/094.out.bad 2024-02-28 11:00:00.381071525 +0000 @@ -1,3 +1,9 @@ QA output created by 094 fiemap run with sync fiemap run without sync +ERROR: couldn't find extent at 7 +map is 'HHDDHPPDPHPH' +logical: [ 5.. 6] phys: 301517.. 301518 flags: 0x800 tot: 2 +logical: [ 8.. 8] phys: 301520.. 301520 flags: 0x800 tot: 1 ... (Run 'diff -u /home/fdmanana/git/hub/xfstests/tests/generic/094.out /home/fdmanana/git/hub/xfstests/results//generic/094.out.bad' to see the entire diff) So in order to fix this, while still avoiding deadlocks in the case where the fiemap buffer is memory mapped to the same file, change fiemap to work like the following: 1) Always lock the whole range in the inode's io tree before starting to iterate the inode's subvolume tree searching for file extent items, just like we did before commit b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking"); 2) Now instead of writing to the fiemap buffer every time we have an extent to report, write instead to a temporary buffer (1 page), and when that buffer becomes full, stop iterating the file extent items, unlock the range in the io tree, release the search path, submit all the entries kept in that buffer to the fiemap buffer, and then resume the search for file extent items after locking again the remainder of the range in the io tree. The buffer having a size of a page, allows for 146 entries in a system with 4K pages. This is a large enough value to have a good performance by avoiding too many restarts of the search for file extent items. In other words this preserves the huge performance gains made in the last two years to fiemap, while avoiding the deadlocks in case the fiemap buffer is memory mapped to the same file (useless in practice, but possible and exercised by fuzz testing and syzbot). Fixes: b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking") Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index e6a2b6eb89e1..fbb05b0f7ebc 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -2453,12 +2453,65 @@ int try_release_extent_mapping(struct page *page, gfp_t mask) return try_release_extent_state(tree, page, mask); } +struct btrfs_fiemap_entry { + u64 offset; + u64 phys; + u64 len; + u32 flags; +}; + /* - * To cache previous fiemap extent + * Indicate the caller of emit_fiemap_extent() that it needs to unlock the file + * range from the inode's io tree, unlock the subvolume tree search path, flush + * the fiemap cache and relock the file range and research the subvolume tree. + * The value here is something negative that can't be confused with a valid + * errno value and different from 1 because that's also a return value from + * fiemap_fill_next_extent() and also it's often used to mean some btree search + * did not find a key, so make it some distinct negative value. + */ +#define BTRFS_FIEMAP_FLUSH_CACHE (-(MAX_ERRNO + 1)) + +/* + * Used to: * - * Will be used for merging fiemap extent + * - Cache the next entry to be emitted to the fiemap buffer, so that we can + * merge extents that are contiguous and can be grouped as a single one; + * + * - Store extents ready to be written to the fiemap buffer in an intermediary + * buffer. This intermediary buffer is to ensure that in case the fiemap + * buffer is memory mapped to the fiemap target file, we don't deadlock + * during btrfs_page_mkwrite(). This is because during fiemap we are locking + * an extent range in order to prevent races with delalloc flushing and + * ordered extent completion, which is needed in order to reliably detect + * delalloc in holes and prealloc extents. And this can lead to a deadlock + * if the fiemap buffer is memory mapped to the file we are running fiemap + * against (a silly, useless in practice scenario, but possible) because + * btrfs_page_mkwrite() will try to lock the same extent range. */ struct fiemap_cache { + /* An array of ready fiemap entries. */ + struct btrfs_fiemap_entry *entries; + /* Number of entries in the entries array. */ + int entries_size; + /* Index of the next entry in the entries array to write to. */ + int entries_pos; + /* + * Once the entries array is full, this indicates what's the offset for + * the next file extent item we must search for in the inode's subvolume + * tree after unlocking the extent range in the inode's io tree and + * releasing the search path. + */ + u64 next_search_offset; + /* + * This matches struct fiemap_extent_info::fi_mapped_extents, we use it + * to count ourselves emitted extents and stop instead of relying on + * fiemap_fill_next_extent() because we buffer ready fiemap entries at + * the @entries array, and we want to stop as soon as we hit the max + * amount of extents to map, not just to save time but also to make the + * logic at extent_fiemap() simpler. + */ + unsigned int extents_mapped; + /* Fields for the cached extent (unsubmitted, not ready, extent). */ u64 offset; u64 phys; u64 len; @@ -2466,6 +2519,28 @@ struct fiemap_cache { bool cached; }; +static int flush_fiemap_cache(struct fiemap_extent_info *fieinfo, + struct fiemap_cache *cache) +{ + for (int i = 0; i < cache->entries_pos; i++) { + struct btrfs_fiemap_entry *entry = &cache->entries[i]; + int ret; + + ret = fiemap_fill_next_extent(fieinfo, entry->offset, + entry->phys, entry->len, + entry->flags); + /* + * Ignore 1 (reached max entries) because we keep track of that + * ourselves in emit_fiemap_extent(). + */ + if (ret < 0) + return ret; + } + cache->entries_pos = 0; + + return 0; +} + /* * Helper to submit fiemap extent. * @@ -2480,8 +2555,8 @@ static int emit_fiemap_extent(struct fiemap_extent_info *fieinfo, struct fiemap_cache *cache, u64 offset, u64 phys, u64 len, u32 flags) { + struct btrfs_fiemap_entry *entry; u64 cache_end; - int ret = 0; /* Set at the end of extent_fiemap(). */ ASSERT((flags & FIEMAP_EXTENT_LAST) == 0); @@ -2494,7 +2569,9 @@ static int emit_fiemap_extent(struct fiemap_extent_info *fieinfo, * find an extent that starts at an offset behind the end offset of the * previous extent we processed. This happens if fiemap is called * without FIEMAP_FLAG_SYNC and there are ordered extents completing - * while we call btrfs_next_leaf() (through fiemap_next_leaf_item()). + * after we had to unlock the file range, release the search path, emit + * the fiemap extents stored in the buffer (cache->entries array) and + * the lock the remainder of the range and re-search the btree. * * For example we are in leaf X processing its last item, which is the * file extent item for file range [512K, 1M[, and after @@ -2607,11 +2684,35 @@ static int emit_fiemap_extent(struct fiemap_extent_info *fieinfo, emit: /* Not mergeable, need to submit cached one */ - ret = fiemap_fill_next_extent(fieinfo, cache->offset, cache->phys, - cache->len, cache->flags); - cache->cached = false; - if (ret) - return ret; + + if (cache->entries_pos == cache->entries_size) { + /* + * We will need to research for the end offset of the last + * stored extent and not from the current offset, because after + * unlocking the range and releasing the path, if there's a hole + * between that end offset and this current offset, a new extent + * may have been inserted due to a new write, so we don't want + * to miss it. + */ + entry = &cache->entries[cache->entries_size - 1]; + cache->next_search_offset = entry->offset + entry->len; + cache->cached = false; + + return BTRFS_FIEMAP_FLUSH_CACHE; + } + + entry = &cache->entries[cache->entries_pos]; + entry->offset = cache->offset; + entry->phys = cache->phys; + entry->len = cache->len; + entry->flags = cache->flags; + cache->entries_pos++; + cache->extents_mapped++; + + if (cache->extents_mapped == fieinfo->fi_extents_max) { + cache->cached = false; + return 1; + } assign: cache->cached = true; cache->offset = offset; @@ -2737,8 +2838,8 @@ static int fiemap_search_slot(struct btrfs_inode *inode, struct btrfs_path *path * neighbour leaf). * We also need the private clone because holding a read lock on an * extent buffer of the subvolume's b+tree will make lockdep unhappy - * when we call fiemap_fill_next_extent(), because that may cause a page - * fault when filling the user space buffer with fiemap data. + * when we check if extents are shared, as backref walking may need to + * lock the same leaf we are processing. */ clone = btrfs_clone_extent_buffer(path->nodes[0]); if (!clone) @@ -2778,34 +2879,16 @@ static int fiemap_process_hole(struct btrfs_inode *inode, * it beyond i_size. */ while (cur_offset < end && cur_offset < i_size) { - struct extent_state *cached_state = NULL; u64 delalloc_start; u64 delalloc_end; u64 prealloc_start; - u64 lockstart; - u64 lockend; u64 prealloc_len = 0; bool delalloc; - lockstart = round_down(cur_offset, inode->root->fs_info->sectorsize); - lockend = round_up(end, inode->root->fs_info->sectorsize); - - /* - * We are only locking for the delalloc range because that's the - * only thing that can change here. With fiemap we have a lock - * on the inode, so no buffered or direct writes can happen. - * - * However mmaps and normal page writeback will cause this to - * change arbitrarily. We have to lock the extent lock here to - * make sure that nobody messes with the tree while we're doing - * btrfs_find_delalloc_in_range. - */ - lock_extent(&inode->io_tree, lockstart, lockend, &cached_state); delalloc = btrfs_find_delalloc_in_range(inode, cur_offset, end, delalloc_cached_state, &delalloc_start, &delalloc_end); - unlock_extent(&inode->io_tree, lockstart, lockend, &cached_state); if (!delalloc) break; @@ -2973,6 +3056,7 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { const u64 ino = btrfs_ino(inode); + struct extent_state *cached_state = NULL; struct extent_state *delalloc_cached_state = NULL; struct btrfs_path *path; struct fiemap_cache cache = { 0 }; @@ -2985,26 +3069,33 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, bool stopped = false; int ret; + cache.entries_size = PAGE_SIZE / sizeof(struct btrfs_fiemap_entry); + cache.entries = kmalloc_array(cache.entries_size, + sizeof(struct btrfs_fiemap_entry), + GFP_KERNEL); backref_ctx = btrfs_alloc_backref_share_check_ctx(); path = btrfs_alloc_path(); - if (!backref_ctx || !path) { + if (!cache.entries || !backref_ctx || !path) { ret = -ENOMEM; goto out; } +restart: range_start = round_down(start, sectorsize); range_end = round_up(start + len, sectorsize); prev_extent_end = range_start; + lock_extent(&inode->io_tree, range_start, range_end, &cached_state); + ret = fiemap_find_last_extent_offset(inode, path, &last_extent_end); if (ret < 0) - goto out; + goto out_unlock; btrfs_release_path(path); path->reada = READA_FORWARD; ret = fiemap_search_slot(inode, path, range_start); if (ret < 0) { - goto out; + goto out_unlock; } else if (ret > 0) { /* * No file extent item found, but we may have delalloc between @@ -3051,7 +3142,7 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, backref_ctx, 0, 0, 0, prev_extent_end, hole_end); if (ret < 0) { - goto out; + goto out_unlock; } else if (ret > 0) { /* fiemap_fill_next_extent() told us to stop. */ stopped = true; @@ -3107,7 +3198,7 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, extent_gen, backref_ctx); if (ret < 0) - goto out; + goto out_unlock; else if (ret > 0) flags |= FIEMAP_EXTENT_SHARED; } @@ -3118,9 +3209,9 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, } if (ret < 0) { - goto out; + goto out_unlock; } else if (ret > 0) { - /* fiemap_fill_next_extent() told us to stop. */ + /* emit_fiemap_extent() told us to stop. */ stopped = true; break; } @@ -3129,12 +3220,12 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, next_item: if (fatal_signal_pending(current)) { ret = -EINTR; - goto out; + goto out_unlock; } ret = fiemap_next_leaf_item(inode, path); if (ret < 0) { - goto out; + goto out_unlock; } else if (ret > 0) { /* No more file extent items for this inode. */ break; @@ -3143,22 +3234,12 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, } check_eof_delalloc: - /* - * Release (and free) the path before emitting any final entries to - * fiemap_fill_next_extent() to keep lockdep happy. This is because - * once we find no more file extent items exist, we may have a - * non-cloned leaf, and fiemap_fill_next_extent() can trigger page - * faults when copying data to the user space buffer. - */ - btrfs_free_path(path); - path = NULL; - if (!stopped && prev_extent_end < range_end) { ret = fiemap_process_hole(inode, fieinfo, &cache, &delalloc_cached_state, backref_ctx, 0, 0, 0, prev_extent_end, range_end - 1); if (ret < 0) - goto out; + goto out_unlock; prev_extent_end = range_end; } @@ -3166,28 +3247,16 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, const u64 i_size = i_size_read(&inode->vfs_inode); if (prev_extent_end < i_size) { - struct extent_state *cached_state = NULL; u64 delalloc_start; u64 delalloc_end; - u64 lockstart; - u64 lockend; bool delalloc; - lockstart = round_down(prev_extent_end, sectorsize); - lockend = round_up(i_size, sectorsize); - - /* - * See the comment in fiemap_process_hole as to why - * we're doing the locking here. - */ - lock_extent(&inode->io_tree, lockstart, lockend, &cached_state); delalloc = btrfs_find_delalloc_in_range(inode, prev_extent_end, i_size - 1, &delalloc_cached_state, &delalloc_start, &delalloc_end); - unlock_extent(&inode->io_tree, lockstart, lockend, &cached_state); if (!delalloc) cache.flags |= FIEMAP_EXTENT_LAST; } else { @@ -3195,9 +3264,39 @@ int extent_fiemap(struct btrfs_inode *inode, struct fiemap_extent_info *fieinfo, } } +out_unlock: + unlock_extent(&inode->io_tree, range_start, range_end, &cached_state); + + if (ret == BTRFS_FIEMAP_FLUSH_CACHE) { + btrfs_release_path(path); + ret = flush_fiemap_cache(fieinfo, &cache); + if (ret) + goto out; + len -= cache.next_search_offset - start; + start = cache.next_search_offset; + goto restart; + } else if (ret < 0) { + goto out; + } + + /* + * Must free the path before emitting to the fiemap buffer because we + * may have a non-cloned leaf and if the fiemap buffer is memory mapped + * to a file, a write into it (through btrfs_page_mkwrite()) may trigger + * waiting for an ordered extent that in order to complete needs to + * modify that leaf, therefore leading to a deadlock. + */ + btrfs_free_path(path); + path = NULL; + + ret = flush_fiemap_cache(fieinfo, &cache); + if (ret) + goto out; + ret = emit_last_fiemap_cache(fieinfo, &cache); out: free_extent_state(delalloc_cached_state); + kfree(cache.entries); btrfs_free_backref_share_ctx(backref_ctx); btrfs_free_path(path); return ret;

1 year, 5 months

1
0
0 0

[PATCH 4.19 v2 0/2] Fix stable-4.19 use-after-free bug

by George Guo

v2: - add branch info the patch belongs to. - add upstream commit id (these patches are equivalent fix ones). George Guo (2): tracing: Remove unnecessary hist_data destroy in destroy_synth_var_refs() tracing: Remove unnecessary var destroy in onmax_destroy() kernel/trace/trace_events_hist.c | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) -- 2.34.1

1 year, 5 months

2
4
0 0

FAILED: patch "[PATCH] crash: use macro to add crashk_res into iomem early for" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 32fbe5246582af4f611ccccee33fd6e559087252 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033005-graded-dangle-3a21@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 32fbe5246582 ("crash: use macro to add crashk_res into iomem early for specific arch") 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32fbe5246582af4f611ccccee33fd6e559087252 Mon Sep 17 00:00:00 2001 From: Baoquan He <bhe(a)redhat.com> Date: Mon, 25 Mar 2024 09:50:50 +0800 Subject: [PATCH] crash: use macro to add crashk_res into iomem early for specific arch There are regression reports[1][2] that crashkernel region on x86_64 can't be added into iomem tree sometime. This causes the later failure of kdump loading. This happened after commit 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") was merged. Even though, these reported issues are proved to be related to other component, they are just exposed after above commmit applied, I still would like to keep crashk_res and crashk_low_res being added into iomem early as before because the early adding has been always there on x86_64 and working very well. For safety of kdump, Let's change it back. Here, add a macro HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY to limit that only ARCH defining the macro can have the early adding crashk_res/_low_res into iomem. Then define HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY on x86 to enable it. Note: In reserve_crashkernel_low(), there's a remnant of crashk_low_res handling which was mistakenly added back in commit 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c"). [1] [PATCH V2] x86/kexec: do not update E820 kexec table for setup_data https://lore.kernel.org/all/Zfv8iCL6CT2JqLIC@darkstar.users.ipa.redhat.com/… [2] Question about Address Range Validation in Crash Kernel Allocation https://lore.kernel.org/all/4eeac1f733584855965a2ea62fa4da58@huawei.com/T/#u Link: https://lkml.kernel.org/r/ZgDYemRQ2jxjLkq+@MiWiFi-R3L-srv Fixes: 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") Signed-off-by: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Huacai Chen <chenhuacai(a)loongson.cn> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Jiri Bohac <jbohac(a)suse.cz> Cc: Li Huafei <lihuafei1(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/include/asm/crash_reserve.h b/arch/x86/include/asm/crash_reserve.h index 152239f95541..7835b2cdff04 100644 --- a/arch/x86/include/asm/crash_reserve.h +++ b/arch/x86/include/asm/crash_reserve.h @@ -39,4 +39,6 @@ static inline unsigned long crash_low_size_default(void) #endif } +#define HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY + #endif /* _X86_CRASH_RESERVE_H */ diff --git a/kernel/crash_reserve.c b/kernel/crash_reserve.c index bbb6c3cb00e4..066668799f75 100644 --- a/kernel/crash_reserve.c +++ b/kernel/crash_reserve.c @@ -366,7 +366,9 @@ static int __init reserve_crashkernel_low(unsigned long long low_size) crashk_low_res.start = low_base; crashk_low_res.end = low_base + low_size - 1; +#ifdef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY insert_resource(&iomem_resource, &crashk_low_res); +#endif #endif return 0; } @@ -448,8 +450,12 @@ void __init reserve_crashkernel_generic(char *cmdline, crashk_res.start = crash_base; crashk_res.end = crash_base + crash_size - 1; +#ifdef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY + insert_resource(&iomem_resource, &crashk_res); +#endif } +#ifndef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY static __init int insert_crashkernel_resources(void) { if (crashk_res.start < crashk_res.end) @@ -462,3 +468,4 @@ static __init int insert_crashkernel_resources(void) } early_initcall(insert_crashkernel_resources); #endif +#endif

1 year, 5 months

3
2
0 0

FAILED: patch "[PATCH] scsi: sd: Fix TCG OPAL unlock on system resume" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0c76106cb97548810214def8ee22700bbbb90543 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040127-defraud-ladle-60f4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") 99398d2070ab ("scsi: sd: Do not issue commands to suspended disks on shutdown") 8b4d9469d0b0 ("ata: libata-scsi: Fix delayed scsi_rescan_device() execution") ff48b37802e5 ("scsi: Do not attempt to rescan suspended devices") aa3998dbeb3a ("ata: libata-scsi: Disable scsi device manage_system_start_stop") 3cc2ffe5c16d ("scsi: sd: Differentiate system and runtime start/stop management") 2a5a4326e583 ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0c76106cb97548810214def8ee22700bbbb90543 Mon Sep 17 00:00:00 2001 From: Damien Le Moal <dlemoal(a)kernel.org> Date: Tue, 19 Mar 2024 16:12:09 +0900 Subject: [PATCH] scsi: sd: Fix TCG OPAL unlock on system resume Commit 3cc2ffe5c16d ("scsi: sd: Differentiate system and runtime start/stop management") introduced the manage_system_start_stop scsi_device flag to allow libata to indicate to the SCSI disk driver that nothing should be done when resuming a disk on system resume. This change turned the execution of sd_resume() into a no-op for ATA devices on system resume. While this solved deadlock issues during device resume, this change also wrongly removed the execution of opal_unlock_from_suspend(). As a result, devices with TCG OPAL locking enabled remain locked and inaccessible after a system resume from sleep. To fix this issue, introduce the SCSI driver resume method and implement it with the sd_resume() function calling opal_unlock_from_suspend(). The former sd_resume() function is renamed to sd_resume_common() and modified to call the new sd_resume() function. For non-ATA devices, this result in no functional changes. In order for libata to explicitly execute sd_resume() when a device is resumed during system restart, the function scsi_resume_device() is introduced. libata calls this function from the revalidation work executed on devie resume, a state that is indicated with the new device flag ATA_DFLAG_RESUMING. Doing so, locked TCG OPAL enabled devices are unlocked on resume, allowing normal operation. Fixes: 3cc2ffe5c16d ("scsi: sd: Differentiate system and runtime start/stop management") Link: https://bugzilla.kernel.org/show_bug.cgi?id=218538 Cc: stable(a)vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> Link: https://lore.kernel.org/r/20240319071209.1179257-1-dlemoal@kernel.org Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c index b0d6e69c4a5b..214b935c2ced 100644 --- a/drivers/ata/libata-eh.c +++ b/drivers/ata/libata-eh.c @@ -712,8 +712,10 @@ void ata_scsi_port_error_handler(struct Scsi_Host *host, struct ata_port *ap) ehc->saved_ncq_enabled |= 1 << devno; /* If we are resuming, wake up the device */ - if (ap->pflags & ATA_PFLAG_RESUMING) + if (ap->pflags & ATA_PFLAG_RESUMING) { + dev->flags |= ATA_DFLAG_RESUMING; ehc->i.dev_action[devno] |= ATA_EH_SET_ACTIVE; + } } } @@ -3169,6 +3171,7 @@ static int ata_eh_revalidate_and_attach(struct ata_link *link, return 0; err: + dev->flags &= ~ATA_DFLAG_RESUMING; *r_failed_dev = dev; return rc; } diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 0a0f483124c3..2f4c58837641 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -4730,6 +4730,7 @@ void ata_scsi_dev_rescan(struct work_struct *work) struct ata_link *link; struct ata_device *dev; unsigned long flags; + bool do_resume; int ret = 0; mutex_lock(&ap->scsi_scan_mutex); @@ -4751,7 +4752,15 @@ void ata_scsi_dev_rescan(struct work_struct *work) if (scsi_device_get(sdev)) continue; + do_resume = dev->flags & ATA_DFLAG_RESUMING; + spin_unlock_irqrestore(ap->lock, flags); + if (do_resume) { + ret = scsi_resume_device(sdev); + if (ret == -EWOULDBLOCK) + goto unlock; + dev->flags &= ~ATA_DFLAG_RESUMING; + } ret = scsi_rescan_device(sdev); scsi_device_put(sdev); spin_lock_irqsave(ap->lock, flags); diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c index 8d06475de17a..ffd7e7e72933 100644 --- a/drivers/scsi/scsi_scan.c +++ b/drivers/scsi/scsi_scan.c @@ -1642,6 +1642,40 @@ int scsi_add_device(struct Scsi_Host *host, uint channel, } EXPORT_SYMBOL(scsi_add_device); +int scsi_resume_device(struct scsi_device *sdev) +{ + struct device *dev = &sdev->sdev_gendev; + int ret = 0; + + device_lock(dev); + + /* + * Bail out if the device or its queue are not running. Otherwise, + * the rescan may block waiting for commands to be executed, with us + * holding the device lock. This can result in a potential deadlock + * in the power management core code when system resume is on-going. + */ + if (sdev->sdev_state != SDEV_RUNNING || + blk_queue_pm_only(sdev->request_queue)) { + ret = -EWOULDBLOCK; + goto unlock; + } + + if (dev->driver && try_module_get(dev->driver->owner)) { + struct scsi_driver *drv = to_scsi_driver(dev->driver); + + if (drv->resume) + ret = drv->resume(dev); + module_put(dev->driver->owner); + } + +unlock: + device_unlock(dev); + + return ret; +} +EXPORT_SYMBOL(scsi_resume_device); + int scsi_rescan_device(struct scsi_device *sdev) { struct device *dev = &sdev->sdev_gendev; diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index ccff8f2e2e75..3cf898670290 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -4108,7 +4108,21 @@ static int sd_suspend_runtime(struct device *dev) return sd_suspend_common(dev, true); } -static int sd_resume(struct device *dev, bool runtime) +static int sd_resume(struct device *dev) +{ + struct scsi_disk *sdkp = dev_get_drvdata(dev); + + sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); + + if (opal_unlock_from_suspend(sdkp->opal_dev)) { + sd_printk(KERN_NOTICE, sdkp, "OPAL unlock failed\n"); + return -EIO; + } + + return 0; +} + +static int sd_resume_common(struct device *dev, bool runtime) { struct scsi_disk *sdkp = dev_get_drvdata(dev); int ret; @@ -4124,7 +4138,7 @@ static int sd_resume(struct device *dev, bool runtime) sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); ret = sd_start_stop_device(sdkp, 1); if (!ret) { - opal_unlock_from_suspend(sdkp->opal_dev); + sd_resume(dev); sdkp->suspended = false; } @@ -4143,7 +4157,7 @@ static int sd_resume_system(struct device *dev) return 0; } - return sd_resume(dev, false); + return sd_resume_common(dev, false); } static int sd_resume_runtime(struct device *dev) @@ -4170,7 +4184,7 @@ static int sd_resume_runtime(struct device *dev) "Failed to clear sense data\n"); } - return sd_resume(dev, true); + return sd_resume_common(dev, true); } static const struct dev_pm_ops sd_pm_ops = { @@ -4193,6 +4207,7 @@ static struct scsi_driver sd_template = { .pm = &sd_pm_ops, }, .rescan = sd_rescan, + .resume = sd_resume, .init_command = sd_init_command, .uninit_command = sd_uninit_command, .done = sd_done, diff --git a/include/linux/libata.h b/include/linux/libata.h index 26d68115afb8..324d792e7c78 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h @@ -107,6 +107,7 @@ enum { ATA_DFLAG_NCQ_PRIO_ENABLED = (1 << 20), /* Priority cmds sent to dev */ ATA_DFLAG_CDL_ENABLED = (1 << 21), /* cmd duration limits is enabled */ + ATA_DFLAG_RESUMING = (1 << 22), /* Device is resuming */ ATA_DFLAG_DETACH = (1 << 24), ATA_DFLAG_DETACHED = (1 << 25), ATA_DFLAG_DA = (1 << 26), /* device supports Device Attention */ diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h index 4ce1988b2ba0..f40915d2ecee 100644 --- a/include/scsi/scsi_driver.h +++ b/include/scsi/scsi_driver.h @@ -12,6 +12,7 @@ struct request; struct scsi_driver { struct device_driver gendrv; + int (*resume)(struct device *); void (*rescan)(struct device *); blk_status_t (*init_command)(struct scsi_cmnd *); void (*uninit_command)(struct scsi_cmnd *); diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h index b259d42a1e1a..129001f600fc 100644 --- a/include/scsi/scsi_host.h +++ b/include/scsi/scsi_host.h @@ -767,6 +767,7 @@ scsi_template_proc_dir(const struct scsi_host_template *sht); #define scsi_template_proc_dir(sht) NULL #endif extern void scsi_scan_host(struct Scsi_Host *); +extern int scsi_resume_device(struct scsi_device *sdev); extern int scsi_rescan_device(struct scsi_device *sdev); extern void scsi_remove_host(struct Scsi_Host *); extern struct Scsi_Host *scsi_host_get(struct Scsi_Host *);

1 year, 5 months

3
2
0 0

[PATCH] scsi: sg: Avoid race in error handling & drop bogus warn

by Alexander Wetzel

commit 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") introduced an incorrect WARN_ON_ONCE() and missed a sequence where sg_device_destroy() after scsi_device_put() when handling errors. sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. Drop the incorrect WARN_ON_ONCE() - allowing more than one concurrent access to the sg device - and make sure sg_device_destroy() is not used after scsi_device_put() in the error handling. Link: https://lore.kernel.org/all/5375B275-D137-4D5F-BE25-6AF8ACAE41EF@linux.ibm.… Fixes: 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Wetzel <Alexander(a)wetzel-home.de> --- The WARN_ON_ONCE() was kind of stupid to add: We get add reference for each sg_open(). So opening a second session and then closing either one will trigger the warning... Nothing to warn about here. Alexander --- drivers/scsi/sg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 386981c6976a..833c9277419b 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -372,8 +372,9 @@ sg_open(struct inode *inode, struct file *filp) error_out: scsi_autopm_put_device(sdp->device); sdp_put: + kref_put(&sdp->d_ref, sg_device_destroy); scsi_device_put(sdp->device); - goto sg_put; + return retval; } /* Release resources associated with a successful sg_open() @@ -2233,7 +2234,6 @@ sg_remove_sfp_usercontext(struct work_struct *work) "sg_remove_sfp: sfp=0x%p\n", sfp)); kfree(sfp); - WARN_ON_ONCE(kref_read(&sdp->d_ref) != 1); kref_put(&sdp->d_ref, sg_device_destroy); scsi_device_put(device); module_put(THIS_MODULE); -- 2.44.0

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in port "disable" sysfs attribute" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f4d1960764d8a70318b02f15203a1be2b2554ca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040119-ranked-doormat-088b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f4d1960764d8 ("USB: core: Fix deadlock in port "disable" sysfs attribute") f061f43d7418 ("usb: hub: port: add sysfs entry to switch port power") 8c67d06f3fd9 ("usb: Link the ports to the connectors they are attached to") b8f1ba99cea5 ("usb: hub: make wait_for_connected() take an int instead of a pointer to int") f59f93cd1d72 ("usb: hub: avoid warm port reset during USB3 disconnect") 7142452387c7 ("USB: Verify the port status when timeout happens during port suspend") 975f94c7d6c3 ("usb: core: hub: fix race condition about TRSMRCY of resume") 355c74e55e99 ("usb: export firmware port location in sysfs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4d1960764d8a70318b02f15203a1be2b2554ca1 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Fri, 15 Mar 2024 13:06:33 -0400 Subject: [PATCH] USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be removed, and device_del() waits until all outstanding sysfs attribute callbacks for the ports have returned. The lock can't be released until then. But the disable_show() or disable_store() routine can't return until after it has acquired the lock. The resulting deadlock can be avoided by calling sysfs_break_active_protection(). This will cause the sysfs core not to wait for the attribute's callback routine to return, allowing the removal to proceed. The disadvantage is that after making this call, there is no guarantee that the hub structure won't be deallocated at any moment. To prevent this, we have to acquire a reference to it first by calling hub_get(). Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)kernel.org> Link: https://lore.kernel.org/r/f7a8c135-a495-4ce6-bd49-405a45e7ea9a@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index 5b5e613a11e5..686c01af03e6 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -56,11 +56,22 @@ static ssize_t disable_show(struct device *dev, u16 portstatus, unused; bool disabled; int rc; + struct kernfs_node *kn; + hub_get(hub); rc = usb_autopm_get_interface(intf); if (rc < 0) - return rc; + goto out_hub_get; + /* + * Prevent deadlock if another process is concurrently + * trying to unregister hdev. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (!kn) { + rc = -ENODEV; + goto out_autopm; + } usb_lock_device(hdev); if (hub->disconnected) { rc = -ENODEV; @@ -70,9 +81,13 @@ static ssize_t disable_show(struct device *dev, usb_hub_port_status(hub, port1, &portstatus, &unused); disabled = !usb_port_is_power_on(hub, portstatus); -out_hdev_lock: + out_hdev_lock: usb_unlock_device(hdev); + sysfs_unbreak_active_protection(kn); + out_autopm: usb_autopm_put_interface(intf); + out_hub_get: + hub_put(hub); if (rc) return rc; @@ -90,15 +105,26 @@ static ssize_t disable_store(struct device *dev, struct device_attribute *attr, int port1 = port_dev->portnum; bool disabled; int rc; + struct kernfs_node *kn; rc = kstrtobool(buf, &disabled); if (rc) return rc; + hub_get(hub); rc = usb_autopm_get_interface(intf); if (rc < 0) - return rc; + goto out_hub_get; + /* + * Prevent deadlock if another process is concurrently + * trying to unregister hdev. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (!kn) { + rc = -ENODEV; + goto out_autopm; + } usb_lock_device(hdev); if (hub->disconnected) { rc = -ENODEV; @@ -119,9 +145,13 @@ static ssize_t disable_store(struct device *dev, struct device_attribute *attr, if (!rc) rc = count; -out_hdev_lock: + out_hdev_lock: usb_unlock_device(hdev); + sysfs_unbreak_active_protection(kn); + out_autopm: usb_autopm_put_interface(intf); + out_hub_get: + hub_put(hub); return rc; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in port "disable" sysfs attribute" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f4d1960764d8a70318b02f15203a1be2b2554ca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040117-shallow-faceless-7f3d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f4d1960764d8 ("USB: core: Fix deadlock in port "disable" sysfs attribute") f061f43d7418 ("usb: hub: port: add sysfs entry to switch port power") 8c67d06f3fd9 ("usb: Link the ports to the connectors they are attached to") b8f1ba99cea5 ("usb: hub: make wait_for_connected() take an int instead of a pointer to int") f59f93cd1d72 ("usb: hub: avoid warm port reset during USB3 disconnect") 7142452387c7 ("USB: Verify the port status when timeout happens during port suspend") 975f94c7d6c3 ("usb: core: hub: fix race condition about TRSMRCY of resume") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4d1960764d8a70318b02f15203a1be2b2554ca1 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Fri, 15 Mar 2024 13:06:33 -0400 Subject: [PATCH] USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be removed, and device_del() waits until all outstanding sysfs attribute callbacks for the ports have returned. The lock can't be released until then. But the disable_show() or disable_store() routine can't return until after it has acquired the lock. The resulting deadlock can be avoided by calling sysfs_break_active_protection(). This will cause the sysfs core not to wait for the attribute's callback routine to return, allowing the removal to proceed. The disadvantage is that after making this call, there is no guarantee that the hub structure won't be deallocated at any moment. To prevent this, we have to acquire a reference to it first by calling hub_get(). Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)kernel.org> Link: https://lore.kernel.org/r/f7a8c135-a495-4ce6-bd49-405a45e7ea9a@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index 5b5e613a11e5..686c01af03e6 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -56,11 +56,22 @@ static ssize_t disable_show(struct device *dev, u16 portstatus, unused; bool disabled; int rc; + struct kernfs_node *kn; + hub_get(hub); rc = usb_autopm_get_interface(intf); if (rc < 0) - return rc; + goto out_hub_get; + /* + * Prevent deadlock if another process is concurrently + * trying to unregister hdev. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (!kn) { + rc = -ENODEV; + goto out_autopm; + } usb_lock_device(hdev); if (hub->disconnected) { rc = -ENODEV; @@ -70,9 +81,13 @@ static ssize_t disable_show(struct device *dev, usb_hub_port_status(hub, port1, &portstatus, &unused); disabled = !usb_port_is_power_on(hub, portstatus); -out_hdev_lock: + out_hdev_lock: usb_unlock_device(hdev); + sysfs_unbreak_active_protection(kn); + out_autopm: usb_autopm_put_interface(intf); + out_hub_get: + hub_put(hub); if (rc) return rc; @@ -90,15 +105,26 @@ static ssize_t disable_store(struct device *dev, struct device_attribute *attr, int port1 = port_dev->portnum; bool disabled; int rc; + struct kernfs_node *kn; rc = kstrtobool(buf, &disabled); if (rc) return rc; + hub_get(hub); rc = usb_autopm_get_interface(intf); if (rc < 0) - return rc; + goto out_hub_get; + /* + * Prevent deadlock if another process is concurrently + * trying to unregister hdev. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (!kn) { + rc = -ENODEV; + goto out_autopm; + } usb_lock_device(hdev); if (hub->disconnected) { rc = -ENODEV; @@ -119,9 +145,13 @@ static ssize_t disable_store(struct device *dev, struct device_attribute *attr, if (!rc) rc = count; -out_hdev_lock: + out_hdev_lock: usb_unlock_device(hdev); + sysfs_unbreak_active_protection(kn); + out_autopm: usb_autopm_put_interface(intf); + out_hub_get: + hub_put(hub); return rc; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in port "disable" sysfs attribute" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f4d1960764d8a70318b02f15203a1be2b2554ca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040116-mortician-grudging-9be5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f4d1960764d8 ("USB: core: Fix deadlock in port "disable" sysfs attribute") f061f43d7418 ("usb: hub: port: add sysfs entry to switch port power") 8c67d06f3fd9 ("usb: Link the ports to the connectors they are attached to") b8f1ba99cea5 ("usb: hub: make wait_for_connected() take an int instead of a pointer to int") f59f93cd1d72 ("usb: hub: avoid warm port reset during USB3 disconnect") 7142452387c7 ("USB: Verify the port status when timeout happens during port suspend") 975f94c7d6c3 ("usb: core: hub: fix race condition about TRSMRCY of resume") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4d1960764d8a70318b02f15203a1be2b2554ca1 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Fri, 15 Mar 2024 13:06:33 -0400 Subject: [PATCH] USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be removed, and device_del() waits until all outstanding sysfs attribute callbacks for the ports have returned. The lock can't be released until then. But the disable_show() or disable_store() routine can't return until after it has acquired the lock. The resulting deadlock can be avoided by calling sysfs_break_active_protection(). This will cause the sysfs core not to wait for the attribute's callback routine to return, allowing the removal to proceed. The disadvantage is that after making this call, there is no guarantee that the hub structure won't be deallocated at any moment. To prevent this, we have to acquire a reference to it first by calling hub_get(). Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)kernel.org> Link: https://lore.kernel.org/r/f7a8c135-a495-4ce6-bd49-405a45e7ea9a@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index 5b5e613a11e5..686c01af03e6 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -56,11 +56,22 @@ static ssize_t disable_show(struct device *dev, u16 portstatus, unused; bool disabled; int rc; + struct kernfs_node *kn; + hub_get(hub); rc = usb_autopm_get_interface(intf); if (rc < 0) - return rc; + goto out_hub_get; + /* + * Prevent deadlock if another process is concurrently + * trying to unregister hdev. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (!kn) { + rc = -ENODEV; + goto out_autopm; + } usb_lock_device(hdev); if (hub->disconnected) { rc = -ENODEV; @@ -70,9 +81,13 @@ static ssize_t disable_show(struct device *dev, usb_hub_port_status(hub, port1, &portstatus, &unused); disabled = !usb_port_is_power_on(hub, portstatus); -out_hdev_lock: + out_hdev_lock: usb_unlock_device(hdev); + sysfs_unbreak_active_protection(kn); + out_autopm: usb_autopm_put_interface(intf); + out_hub_get: + hub_put(hub); if (rc) return rc; @@ -90,15 +105,26 @@ static ssize_t disable_store(struct device *dev, struct device_attribute *attr, int port1 = port_dev->portnum; bool disabled; int rc; + struct kernfs_node *kn; rc = kstrtobool(buf, &disabled); if (rc) return rc; + hub_get(hub); rc = usb_autopm_get_interface(intf); if (rc < 0) - return rc; + goto out_hub_get; + /* + * Prevent deadlock if another process is concurrently + * trying to unregister hdev. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (!kn) { + rc = -ENODEV; + goto out_autopm; + } usb_lock_device(hdev); if (hub->disconnected) { rc = -ENODEV; @@ -119,9 +145,13 @@ static ssize_t disable_store(struct device *dev, struct device_attribute *attr, if (!rc) rc = count; -out_hdev_lock: + out_hdev_lock: usb_unlock_device(hdev); + sysfs_unbreak_active_protection(kn); + out_autopm: usb_autopm_put_interface(intf); + out_hub_get: + hub_put(hub); return rc; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in port "disable" sysfs attribute" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f4d1960764d8a70318b02f15203a1be2b2554ca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040114-outer-channel-e465@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f4d1960764d8 ("USB: core: Fix deadlock in port "disable" sysfs attribute") f061f43d7418 ("usb: hub: port: add sysfs entry to switch port power") 8c67d06f3fd9 ("usb: Link the ports to the connectors they are attached to") b8f1ba99cea5 ("usb: hub: make wait_for_connected() take an int instead of a pointer to int") f59f93cd1d72 ("usb: hub: avoid warm port reset during USB3 disconnect") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4d1960764d8a70318b02f15203a1be2b2554ca1 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Fri, 15 Mar 2024 13:06:33 -0400 Subject: [PATCH] USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be removed, and device_del() waits until all outstanding sysfs attribute callbacks for the ports have returned. The lock can't be released until then. But the disable_show() or disable_store() routine can't return until after it has acquired the lock. The resulting deadlock can be avoided by calling sysfs_break_active_protection(). This will cause the sysfs core not to wait for the attribute's callback routine to return, allowing the removal to proceed. The disadvantage is that after making this call, there is no guarantee that the hub structure won't be deallocated at any moment. To prevent this, we have to acquire a reference to it first by calling hub_get(). Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)kernel.org> Link: https://lore.kernel.org/r/f7a8c135-a495-4ce6-bd49-405a45e7ea9a@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index 5b5e613a11e5..686c01af03e6 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -56,11 +56,22 @@ static ssize_t disable_show(struct device *dev, u16 portstatus, unused; bool disabled; int rc; + struct kernfs_node *kn; + hub_get(hub); rc = usb_autopm_get_interface(intf); if (rc < 0) - return rc; + goto out_hub_get; + /* + * Prevent deadlock if another process is concurrently + * trying to unregister hdev. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (!kn) { + rc = -ENODEV; + goto out_autopm; + } usb_lock_device(hdev); if (hub->disconnected) { rc = -ENODEV; @@ -70,9 +81,13 @@ static ssize_t disable_show(struct device *dev, usb_hub_port_status(hub, port1, &portstatus, &unused); disabled = !usb_port_is_power_on(hub, portstatus); -out_hdev_lock: + out_hdev_lock: usb_unlock_device(hdev); + sysfs_unbreak_active_protection(kn); + out_autopm: usb_autopm_put_interface(intf); + out_hub_get: + hub_put(hub); if (rc) return rc; @@ -90,15 +105,26 @@ static ssize_t disable_store(struct device *dev, struct device_attribute *attr, int port1 = port_dev->portnum; bool disabled; int rc; + struct kernfs_node *kn; rc = kstrtobool(buf, &disabled); if (rc) return rc; + hub_get(hub); rc = usb_autopm_get_interface(intf); if (rc < 0) - return rc; + goto out_hub_get; + /* + * Prevent deadlock if another process is concurrently + * trying to unregister hdev. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (!kn) { + rc = -ENODEV; + goto out_autopm; + } usb_lock_device(hdev); if (hub->disconnected) { rc = -ENODEV; @@ -119,9 +145,13 @@ static ssize_t disable_store(struct device *dev, struct device_attribute *attr, if (!rc) rc = count; -out_hdev_lock: + out_hdev_lock: usb_unlock_device(hdev); + sysfs_unbreak_active_protection(kn); + out_autopm: usb_autopm_put_interface(intf); + out_hub_get: + hub_put(hub); return rc; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Add hub_get() and hub_put() routines" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x ee113b860aa169e9a4d2c167c95d0f1961c6e1b8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040159-scurvy-gestation-ae70@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: ee113b860aa1 ("USB: core: Add hub_get() and hub_put() routines") 3a6bf4a08142 ("usb: core: hub: Create platform devices for onboard hubs in hub_probe()") 1208f9e1d758 ("USB: hub: Fix the broken detection of USB3 device in SMSC hub") 95d23dc27bde ("usb, kcov: collect coverage from hub_event") 8eb58994dd96 ("usb: hub: add retry routine after intr URB submit error") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee113b860aa169e9a4d2c167c95d0f1961c6e1b8 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Fri, 15 Mar 2024 13:04:50 -0400 Subject: [PATCH] USB: core: Add hub_get() and hub_put() routines Create hub_get() and hub_put() routines to encapsulate the kref_get() and kref_put() calls in hub.c. The new routines will be used by the next patch in this series. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/r/604da420-ae8a-4a9e-91a4-2d511ff404fb@rowland.harv… Cc: stable <stable(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 3ee8455585b6..9446660e231b 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -130,7 +130,6 @@ EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rwsem); #define HUB_DEBOUNCE_STEP 25 #define HUB_DEBOUNCE_STABLE 100 -static void hub_release(struct kref *kref); static int usb_reset_and_verify_device(struct usb_device *udev); static int hub_port_disable(struct usb_hub *hub, int port1, int set_state); static bool hub_port_warm_reset_required(struct usb_hub *hub, int port1, @@ -720,14 +719,14 @@ static void kick_hub_wq(struct usb_hub *hub) */ intf = to_usb_interface(hub->intfdev); usb_autopm_get_interface_no_resume(intf); - kref_get(&hub->kref); + hub_get(hub); if (queue_work(hub_wq, &hub->events)) return; /* the work has already been scheduled */ usb_autopm_put_interface_async(intf); - kref_put(&hub->kref, hub_release); + hub_put(hub); } void usb_kick_hub_wq(struct usb_device *hdev) @@ -1095,7 +1094,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) goto init2; goto init3; } - kref_get(&hub->kref); + hub_get(hub); /* The superspeed hub except for root hub has to use Hub Depth * value as an offset into the route string to locate the bits @@ -1343,7 +1342,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) device_unlock(&hdev->dev); } - kref_put(&hub->kref, hub_release); + hub_put(hub); } /* Implement the continuations for the delays above */ @@ -1759,6 +1758,16 @@ static void hub_release(struct kref *kref) kfree(hub); } +void hub_get(struct usb_hub *hub) +{ + kref_get(&hub->kref); +} + +void hub_put(struct usb_hub *hub) +{ + kref_put(&hub->kref, hub_release); +} + static unsigned highspeed_hubs; static void hub_disconnect(struct usb_interface *intf) @@ -1807,7 +1816,7 @@ static void hub_disconnect(struct usb_interface *intf) onboard_hub_destroy_pdevs(&hub->onboard_hub_devs); - kref_put(&hub->kref, hub_release); + hub_put(hub); } static bool hub_descriptor_is_sane(struct usb_host_interface *desc) @@ -5934,7 +5943,7 @@ static void hub_event(struct work_struct *work) /* Balance the stuff in kick_hub_wq() and allow autosuspend */ usb_autopm_put_interface(intf); - kref_put(&hub->kref, hub_release); + hub_put(hub); kcov_remote_stop(); } diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h index 43ce21c96a51..183b69dc2955 100644 --- a/drivers/usb/core/hub.h +++ b/drivers/usb/core/hub.h @@ -129,6 +129,8 @@ extern void usb_hub_remove_port_device(struct usb_hub *hub, extern int usb_hub_set_port_power(struct usb_device *hdev, struct usb_hub *hub, int port1, bool set); extern struct usb_hub *usb_hub_to_struct_hub(struct usb_device *hdev); +extern void hub_get(struct usb_hub *hub); +extern void hub_put(struct usb_hub *hub); extern int hub_port_debounce(struct usb_hub *hub, int port1, bool must_be_connected); extern int usb_clear_port_feature(struct usb_device *hdev,

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Add hub_get() and hub_put() routines" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ee113b860aa169e9a4d2c167c95d0f1961c6e1b8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040158-stump-bucked-e91c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ee113b860aa1 ("USB: core: Add hub_get() and hub_put() routines") 3a6bf4a08142 ("usb: core: hub: Create platform devices for onboard hubs in hub_probe()") 1208f9e1d758 ("USB: hub: Fix the broken detection of USB3 device in SMSC hub") 95d23dc27bde ("usb, kcov: collect coverage from hub_event") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee113b860aa169e9a4d2c167c95d0f1961c6e1b8 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Fri, 15 Mar 2024 13:04:50 -0400 Subject: [PATCH] USB: core: Add hub_get() and hub_put() routines Create hub_get() and hub_put() routines to encapsulate the kref_get() and kref_put() calls in hub.c. The new routines will be used by the next patch in this series. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/r/604da420-ae8a-4a9e-91a4-2d511ff404fb@rowland.harv… Cc: stable <stable(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 3ee8455585b6..9446660e231b 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -130,7 +130,6 @@ EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rwsem); #define HUB_DEBOUNCE_STEP 25 #define HUB_DEBOUNCE_STABLE 100 -static void hub_release(struct kref *kref); static int usb_reset_and_verify_device(struct usb_device *udev); static int hub_port_disable(struct usb_hub *hub, int port1, int set_state); static bool hub_port_warm_reset_required(struct usb_hub *hub, int port1, @@ -720,14 +719,14 @@ static void kick_hub_wq(struct usb_hub *hub) */ intf = to_usb_interface(hub->intfdev); usb_autopm_get_interface_no_resume(intf); - kref_get(&hub->kref); + hub_get(hub); if (queue_work(hub_wq, &hub->events)) return; /* the work has already been scheduled */ usb_autopm_put_interface_async(intf); - kref_put(&hub->kref, hub_release); + hub_put(hub); } void usb_kick_hub_wq(struct usb_device *hdev) @@ -1095,7 +1094,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) goto init2; goto init3; } - kref_get(&hub->kref); + hub_get(hub); /* The superspeed hub except for root hub has to use Hub Depth * value as an offset into the route string to locate the bits @@ -1343,7 +1342,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) device_unlock(&hdev->dev); } - kref_put(&hub->kref, hub_release); + hub_put(hub); } /* Implement the continuations for the delays above */ @@ -1759,6 +1758,16 @@ static void hub_release(struct kref *kref) kfree(hub); } +void hub_get(struct usb_hub *hub) +{ + kref_get(&hub->kref); +} + +void hub_put(struct usb_hub *hub) +{ + kref_put(&hub->kref, hub_release); +} + static unsigned highspeed_hubs; static void hub_disconnect(struct usb_interface *intf) @@ -1807,7 +1816,7 @@ static void hub_disconnect(struct usb_interface *intf) onboard_hub_destroy_pdevs(&hub->onboard_hub_devs); - kref_put(&hub->kref, hub_release); + hub_put(hub); } static bool hub_descriptor_is_sane(struct usb_host_interface *desc) @@ -5934,7 +5943,7 @@ static void hub_event(struct work_struct *work) /* Balance the stuff in kick_hub_wq() and allow autosuspend */ usb_autopm_put_interface(intf); - kref_put(&hub->kref, hub_release); + hub_put(hub); kcov_remote_stop(); } diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h index 43ce21c96a51..183b69dc2955 100644 --- a/drivers/usb/core/hub.h +++ b/drivers/usb/core/hub.h @@ -129,6 +129,8 @@ extern void usb_hub_remove_port_device(struct usb_hub *hub, extern int usb_hub_set_port_power(struct usb_device *hdev, struct usb_hub *hub, int port1, bool set); extern struct usb_hub *usb_hub_to_struct_hub(struct usb_device *hdev); +extern void hub_get(struct usb_hub *hub); +extern void hub_put(struct usb_hub *hub); extern int hub_port_debounce(struct usb_hub *hub, int port1, bool must_be_connected); extern int usb_clear_port_feature(struct usb_device *hdev,

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in usb_deauthorize_interface()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 80ba43e9f799cbdd83842fc27db667289b3150f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040155-shakiness-romp-690e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 80ba43e9f799 ("USB: core: Fix deadlock in usb_deauthorize_interface()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 80ba43e9f799cbdd83842fc27db667289b3150f5 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Tue, 12 Mar 2024 11:48:23 -0400 Subject: [PATCH] USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported-and-tested by: Yue Sun <samsun1006219(a)gmail.com> Reported by: xingwei lee <xrivendell7(a)gmail.com> Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/linux-usb/CAEkJfYO6jRVC8Tfrd_R=cjO0hguhrV31fDPrLrNO… Fixes: 310d2b4124c0 ("usb: interface authorization: SysFS part of USB interface authorization") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/1c37eea1-9f56-4534-b9d8-b443438dc869@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c index f98263e21c2a..d83231d6736a 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -1217,14 +1217,24 @@ static ssize_t interface_authorized_store(struct device *dev, { struct usb_interface *intf = to_usb_interface(dev); bool val; + struct kernfs_node *kn; if (kstrtobool(buf, &val) != 0) return -EINVAL; - if (val) + if (val) { usb_authorize_interface(intf); - else - usb_deauthorize_interface(intf); + } else { + /* + * Prevent deadlock if another process is concurrently + * trying to unregister intf. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (kn) { + usb_deauthorize_interface(intf); + sysfs_unbreak_active_protection(kn); + } + } return count; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in usb_deauthorize_interface()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 80ba43e9f799cbdd83842fc27db667289b3150f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040154-partner-wizard-6ead@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 80ba43e9f799 ("USB: core: Fix deadlock in usb_deauthorize_interface()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 80ba43e9f799cbdd83842fc27db667289b3150f5 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Tue, 12 Mar 2024 11:48:23 -0400 Subject: [PATCH] USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported-and-tested by: Yue Sun <samsun1006219(a)gmail.com> Reported by: xingwei lee <xrivendell7(a)gmail.com> Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/linux-usb/CAEkJfYO6jRVC8Tfrd_R=cjO0hguhrV31fDPrLrNO… Fixes: 310d2b4124c0 ("usb: interface authorization: SysFS part of USB interface authorization") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/1c37eea1-9f56-4534-b9d8-b443438dc869@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c index f98263e21c2a..d83231d6736a 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -1217,14 +1217,24 @@ static ssize_t interface_authorized_store(struct device *dev, { struct usb_interface *intf = to_usb_interface(dev); bool val; + struct kernfs_node *kn; if (kstrtobool(buf, &val) != 0) return -EINVAL; - if (val) + if (val) { usb_authorize_interface(intf); - else - usb_deauthorize_interface(intf); + } else { + /* + * Prevent deadlock if another process is concurrently + * trying to unregister intf. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (kn) { + usb_deauthorize_interface(intf); + sysfs_unbreak_active_protection(kn); + } + } return count; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in usb_deauthorize_interface()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 80ba43e9f799cbdd83842fc27db667289b3150f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040153-verbalize-drum-2ff0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 80ba43e9f799 ("USB: core: Fix deadlock in usb_deauthorize_interface()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 80ba43e9f799cbdd83842fc27db667289b3150f5 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Tue, 12 Mar 2024 11:48:23 -0400 Subject: [PATCH] USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported-and-tested by: Yue Sun <samsun1006219(a)gmail.com> Reported by: xingwei lee <xrivendell7(a)gmail.com> Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/linux-usb/CAEkJfYO6jRVC8Tfrd_R=cjO0hguhrV31fDPrLrNO… Fixes: 310d2b4124c0 ("usb: interface authorization: SysFS part of USB interface authorization") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/1c37eea1-9f56-4534-b9d8-b443438dc869@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c index f98263e21c2a..d83231d6736a 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -1217,14 +1217,24 @@ static ssize_t interface_authorized_store(struct device *dev, { struct usb_interface *intf = to_usb_interface(dev); bool val; + struct kernfs_node *kn; if (kstrtobool(buf, &val) != 0) return -EINVAL; - if (val) + if (val) { usb_authorize_interface(intf); - else - usb_deauthorize_interface(intf); + } else { + /* + * Prevent deadlock if another process is concurrently + * trying to unregister intf. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (kn) { + usb_deauthorize_interface(intf); + sysfs_unbreak_active_protection(kn); + } + } return count; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: core: Fix deadlock in usb_deauthorize_interface()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 80ba43e9f799cbdd83842fc27db667289b3150f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040151-singular-unfunded-b5a8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 80ba43e9f799 ("USB: core: Fix deadlock in usb_deauthorize_interface()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 80ba43e9f799cbdd83842fc27db667289b3150f5 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Tue, 12 Mar 2024 11:48:23 -0400 Subject: [PATCH] USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported-and-tested by: Yue Sun <samsun1006219(a)gmail.com> Reported by: xingwei lee <xrivendell7(a)gmail.com> Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/linux-usb/CAEkJfYO6jRVC8Tfrd_R=cjO0hguhrV31fDPrLrNO… Fixes: 310d2b4124c0 ("usb: interface authorization: SysFS part of USB interface authorization") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/1c37eea1-9f56-4534-b9d8-b443438dc869@rowland.harv… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c index f98263e21c2a..d83231d6736a 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -1217,14 +1217,24 @@ static ssize_t interface_authorized_store(struct device *dev, { struct usb_interface *intf = to_usb_interface(dev); bool val; + struct kernfs_node *kn; if (kstrtobool(buf, &val) != 0) return -EINVAL; - if (val) + if (val) { usb_authorize_interface(intf); - else - usb_deauthorize_interface(intf); + } else { + /* + * Prevent deadlock if another process is concurrently + * trying to unregister intf. + */ + kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); + if (kn) { + usb_deauthorize_interface(intf); + sysfs_unbreak_active_protection(kn); + } + } return count; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Properly set system wakeup" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f9aa41130ac69d13a53ce2a153ca79c70d43f39c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040103-preheated-anthology-d288@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f9aa41130ac6 ("usb: dwc3: Properly set system wakeup") 047161686b81 ("usb: dwc3: Add remote wakeup handling") 63c4c320ccf7 ("usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer") 40edb52298df ("usb: dwc3: avoid NULL access of usb_gadget_driver") c560e76319a9 ("usb: dwc3: gadget: Fix START_TRANSFER link state check") 475e8be53d04 ("usb: dwc3: gadget: Check for disabled LPM quirk") 6f0764b5adea ("usb: dwc3: add a power supply for current control") 82c46b8ed9dc ("usb: dwc3: gadget: Introduce a DWC3 VBUS draw callback") f580170f135a ("usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc") e81a7018d93a ("usb: dwc3: allocate gadget structure dynamically") c5a7092f4015 ("usb: dwc3: gadget: make starting isoc transfers more robust") 9af21dd6faeb ("usb: dwc3: Add support for DWC_usb32 IP") 8bb14308a869 ("usb: dwc3: core: Use role-switch default dr_mode") d0550cd20e52 ("usb: dwc3: gadget: Do link recovery for SS and SSP") d94ea5319813 ("usb: dwc3: gadget: Properly set maxpacket limit") 586f4335700f ("usb: dwc3: Fix GTXFIFOSIZ.TXFDEP macro name") 5eb5afb07853 ("usb: dwc3: use proper initializers for property entries") 9ba3aca8fe82 ("usb: dwc3: Disable phy suspend after power-on reset") a0a465569b45 ("usb: dwc3: remove generic PHY calibrate() calls") c09b73cfac2a ("usb: dwc3: don't set gadget->is_otg flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f9aa41130ac69d13a53ce2a153ca79c70d43f39c Mon Sep 17 00:00:00 2001 From: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Date: Fri, 8 Mar 2024 02:40:25 +0000 Subject: [PATCH] usb: dwc3: Properly set system wakeup If the device is configured for system wakeup, then make sure that the xHCI driver knows about it and make sure to permit wakeup only at the appropriate time. For host mode, if the controller goes through the dwc3 code path, then a child xHCI platform device is created. Make sure the platform device also inherits the wakeup setting for xHCI to enable remote wakeup. For device mode, make sure to disable system wakeup if no gadget driver is bound. We may experience unwanted system wakeup due to the wakeup signal from the controller PMU detecting connection/disconnection when in low power (D3). E.g. In the case of Steam Deck, the PCI PME prevents the system staying in suspend. Cc: stable(a)vger.kernel.org Reported-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Closes: https://lore.kernel.org/linux-usb/70a7692d-647c-9be7-00a6-06fc60f77294@igal… Fixes: d07e8819a03d ("usb: dwc3: add xHCI Host support") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Tested-by: Sanath S <Sanath.S(a)amd.com> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> # Steam Deck Link: https://lore.kernel.org/r/667cfda7009b502e08462c8fb3f65841d103cc0a.17098654… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 3e55838c0001..31684cdaaae3 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1519,6 +1519,8 @@ static void dwc3_get_properties(struct dwc3 *dwc) else dwc->sysdev = dwc->dev; + dwc->sys_wakeup = device_may_wakeup(dwc->sysdev); + ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name); if (ret >= 0) { dwc->usb_psy = power_supply_get_by_name(usb_psy_name); diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c07edfc954f7..7e80dd3d466b 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1133,6 +1133,7 @@ struct dwc3_scratchpad_array { * 3 - Reserved * @dis_metastability_quirk: set to disable metastability quirk. * @dis_split_quirk: set to disable split boundary. + * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. * @imod_interval: set the interrupt moderation interval in 250ns @@ -1357,6 +1358,7 @@ struct dwc3 { unsigned dis_split_quirk:1; unsigned async_callbacks:1; + unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 40c52dbc28d3..4df2661f6675 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2955,6 +2955,9 @@ static int dwc3_gadget_start(struct usb_gadget *g, dwc->gadget_driver = driver; spin_unlock_irqrestore(&dwc->lock, flags); + if (dwc->sys_wakeup) + device_wakeup_enable(dwc->sysdev); + return 0; } @@ -2970,6 +2973,9 @@ static int dwc3_gadget_stop(struct usb_gadget *g) struct dwc3 *dwc = gadget_to_dwc(g); unsigned long flags; + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + spin_lock_irqsave(&dwc->lock, flags); dwc->gadget_driver = NULL; dwc->max_cfg_eps = 0; @@ -4651,6 +4657,10 @@ int dwc3_gadget_init(struct dwc3 *dwc) else dwc3_gadget_set_speed(dwc->gadget, dwc->maximum_speed); + /* No system wakeup if no gadget driver bound */ + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + return 0; err5: diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c index 5a5cb6ce9946..0204787df81d 100644 --- a/drivers/usb/dwc3/host.c +++ b/drivers/usb/dwc3/host.c @@ -173,6 +173,14 @@ int dwc3_host_init(struct dwc3 *dwc) goto err; } + if (dwc->sys_wakeup) { + /* Restore wakeup setting if switched from device */ + device_wakeup_enable(dwc->sysdev); + + /* Pass on wakeup setting to the new xhci platform device */ + device_init_wakeup(&xhci->dev, true); + } + return 0; err: platform_device_put(xhci); @@ -181,6 +189,9 @@ int dwc3_host_init(struct dwc3 *dwc) void dwc3_host_exit(struct dwc3 *dwc) { + if (dwc->sys_wakeup) + device_init_wakeup(&dwc->xhci->dev, false); + platform_device_unregister(dwc->xhci); dwc->xhci = NULL; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Properly set system wakeup" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f9aa41130ac69d13a53ce2a153ca79c70d43f39c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040102-flatterer-enslave-672e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f9aa41130ac6 ("usb: dwc3: Properly set system wakeup") 047161686b81 ("usb: dwc3: Add remote wakeup handling") 63c4c320ccf7 ("usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer") 40edb52298df ("usb: dwc3: avoid NULL access of usb_gadget_driver") c560e76319a9 ("usb: dwc3: gadget: Fix START_TRANSFER link state check") 475e8be53d04 ("usb: dwc3: gadget: Check for disabled LPM quirk") 6f0764b5adea ("usb: dwc3: add a power supply for current control") 82c46b8ed9dc ("usb: dwc3: gadget: Introduce a DWC3 VBUS draw callback") f580170f135a ("usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc") e81a7018d93a ("usb: dwc3: allocate gadget structure dynamically") c5a7092f4015 ("usb: dwc3: gadget: make starting isoc transfers more robust") 9af21dd6faeb ("usb: dwc3: Add support for DWC_usb32 IP") 8bb14308a869 ("usb: dwc3: core: Use role-switch default dr_mode") d0550cd20e52 ("usb: dwc3: gadget: Do link recovery for SS and SSP") d94ea5319813 ("usb: dwc3: gadget: Properly set maxpacket limit") 586f4335700f ("usb: dwc3: Fix GTXFIFOSIZ.TXFDEP macro name") 5eb5afb07853 ("usb: dwc3: use proper initializers for property entries") 9ba3aca8fe82 ("usb: dwc3: Disable phy suspend after power-on reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f9aa41130ac69d13a53ce2a153ca79c70d43f39c Mon Sep 17 00:00:00 2001 From: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Date: Fri, 8 Mar 2024 02:40:25 +0000 Subject: [PATCH] usb: dwc3: Properly set system wakeup If the device is configured for system wakeup, then make sure that the xHCI driver knows about it and make sure to permit wakeup only at the appropriate time. For host mode, if the controller goes through the dwc3 code path, then a child xHCI platform device is created. Make sure the platform device also inherits the wakeup setting for xHCI to enable remote wakeup. For device mode, make sure to disable system wakeup if no gadget driver is bound. We may experience unwanted system wakeup due to the wakeup signal from the controller PMU detecting connection/disconnection when in low power (D3). E.g. In the case of Steam Deck, the PCI PME prevents the system staying in suspend. Cc: stable(a)vger.kernel.org Reported-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Closes: https://lore.kernel.org/linux-usb/70a7692d-647c-9be7-00a6-06fc60f77294@igal… Fixes: d07e8819a03d ("usb: dwc3: add xHCI Host support") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Tested-by: Sanath S <Sanath.S(a)amd.com> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> # Steam Deck Link: https://lore.kernel.org/r/667cfda7009b502e08462c8fb3f65841d103cc0a.17098654… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 3e55838c0001..31684cdaaae3 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1519,6 +1519,8 @@ static void dwc3_get_properties(struct dwc3 *dwc) else dwc->sysdev = dwc->dev; + dwc->sys_wakeup = device_may_wakeup(dwc->sysdev); + ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name); if (ret >= 0) { dwc->usb_psy = power_supply_get_by_name(usb_psy_name); diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c07edfc954f7..7e80dd3d466b 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1133,6 +1133,7 @@ struct dwc3_scratchpad_array { * 3 - Reserved * @dis_metastability_quirk: set to disable metastability quirk. * @dis_split_quirk: set to disable split boundary. + * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. * @imod_interval: set the interrupt moderation interval in 250ns @@ -1357,6 +1358,7 @@ struct dwc3 { unsigned dis_split_quirk:1; unsigned async_callbacks:1; + unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 40c52dbc28d3..4df2661f6675 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2955,6 +2955,9 @@ static int dwc3_gadget_start(struct usb_gadget *g, dwc->gadget_driver = driver; spin_unlock_irqrestore(&dwc->lock, flags); + if (dwc->sys_wakeup) + device_wakeup_enable(dwc->sysdev); + return 0; } @@ -2970,6 +2973,9 @@ static int dwc3_gadget_stop(struct usb_gadget *g) struct dwc3 *dwc = gadget_to_dwc(g); unsigned long flags; + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + spin_lock_irqsave(&dwc->lock, flags); dwc->gadget_driver = NULL; dwc->max_cfg_eps = 0; @@ -4651,6 +4657,10 @@ int dwc3_gadget_init(struct dwc3 *dwc) else dwc3_gadget_set_speed(dwc->gadget, dwc->maximum_speed); + /* No system wakeup if no gadget driver bound */ + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + return 0; err5: diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c index 5a5cb6ce9946..0204787df81d 100644 --- a/drivers/usb/dwc3/host.c +++ b/drivers/usb/dwc3/host.c @@ -173,6 +173,14 @@ int dwc3_host_init(struct dwc3 *dwc) goto err; } + if (dwc->sys_wakeup) { + /* Restore wakeup setting if switched from device */ + device_wakeup_enable(dwc->sysdev); + + /* Pass on wakeup setting to the new xhci platform device */ + device_init_wakeup(&xhci->dev, true); + } + return 0; err: platform_device_put(xhci); @@ -181,6 +189,9 @@ int dwc3_host_init(struct dwc3 *dwc) void dwc3_host_exit(struct dwc3 *dwc) { + if (dwc->sys_wakeup) + device_init_wakeup(&dwc->xhci->dev, false); + platform_device_unregister(dwc->xhci); dwc->xhci = NULL; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Properly set system wakeup" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f9aa41130ac69d13a53ce2a153ca79c70d43f39c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040101-uprising-avid-b607@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f9aa41130ac6 ("usb: dwc3: Properly set system wakeup") 047161686b81 ("usb: dwc3: Add remote wakeup handling") 63c4c320ccf7 ("usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer") 40edb52298df ("usb: dwc3: avoid NULL access of usb_gadget_driver") c560e76319a9 ("usb: dwc3: gadget: Fix START_TRANSFER link state check") 475e8be53d04 ("usb: dwc3: gadget: Check for disabled LPM quirk") 6f0764b5adea ("usb: dwc3: add a power supply for current control") 82c46b8ed9dc ("usb: dwc3: gadget: Introduce a DWC3 VBUS draw callback") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f9aa41130ac69d13a53ce2a153ca79c70d43f39c Mon Sep 17 00:00:00 2001 From: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Date: Fri, 8 Mar 2024 02:40:25 +0000 Subject: [PATCH] usb: dwc3: Properly set system wakeup If the device is configured for system wakeup, then make sure that the xHCI driver knows about it and make sure to permit wakeup only at the appropriate time. For host mode, if the controller goes through the dwc3 code path, then a child xHCI platform device is created. Make sure the platform device also inherits the wakeup setting for xHCI to enable remote wakeup. For device mode, make sure to disable system wakeup if no gadget driver is bound. We may experience unwanted system wakeup due to the wakeup signal from the controller PMU detecting connection/disconnection when in low power (D3). E.g. In the case of Steam Deck, the PCI PME prevents the system staying in suspend. Cc: stable(a)vger.kernel.org Reported-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Closes: https://lore.kernel.org/linux-usb/70a7692d-647c-9be7-00a6-06fc60f77294@igal… Fixes: d07e8819a03d ("usb: dwc3: add xHCI Host support") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Tested-by: Sanath S <Sanath.S(a)amd.com> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> # Steam Deck Link: https://lore.kernel.org/r/667cfda7009b502e08462c8fb3f65841d103cc0a.17098654… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 3e55838c0001..31684cdaaae3 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1519,6 +1519,8 @@ static void dwc3_get_properties(struct dwc3 *dwc) else dwc->sysdev = dwc->dev; + dwc->sys_wakeup = device_may_wakeup(dwc->sysdev); + ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name); if (ret >= 0) { dwc->usb_psy = power_supply_get_by_name(usb_psy_name); diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c07edfc954f7..7e80dd3d466b 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1133,6 +1133,7 @@ struct dwc3_scratchpad_array { * 3 - Reserved * @dis_metastability_quirk: set to disable metastability quirk. * @dis_split_quirk: set to disable split boundary. + * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. * @imod_interval: set the interrupt moderation interval in 250ns @@ -1357,6 +1358,7 @@ struct dwc3 { unsigned dis_split_quirk:1; unsigned async_callbacks:1; + unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 40c52dbc28d3..4df2661f6675 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2955,6 +2955,9 @@ static int dwc3_gadget_start(struct usb_gadget *g, dwc->gadget_driver = driver; spin_unlock_irqrestore(&dwc->lock, flags); + if (dwc->sys_wakeup) + device_wakeup_enable(dwc->sysdev); + return 0; } @@ -2970,6 +2973,9 @@ static int dwc3_gadget_stop(struct usb_gadget *g) struct dwc3 *dwc = gadget_to_dwc(g); unsigned long flags; + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + spin_lock_irqsave(&dwc->lock, flags); dwc->gadget_driver = NULL; dwc->max_cfg_eps = 0; @@ -4651,6 +4657,10 @@ int dwc3_gadget_init(struct dwc3 *dwc) else dwc3_gadget_set_speed(dwc->gadget, dwc->maximum_speed); + /* No system wakeup if no gadget driver bound */ + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + return 0; err5: diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c index 5a5cb6ce9946..0204787df81d 100644 --- a/drivers/usb/dwc3/host.c +++ b/drivers/usb/dwc3/host.c @@ -173,6 +173,14 @@ int dwc3_host_init(struct dwc3 *dwc) goto err; } + if (dwc->sys_wakeup) { + /* Restore wakeup setting if switched from device */ + device_wakeup_enable(dwc->sysdev); + + /* Pass on wakeup setting to the new xhci platform device */ + device_init_wakeup(&xhci->dev, true); + } + return 0; err: platform_device_put(xhci); @@ -181,6 +189,9 @@ int dwc3_host_init(struct dwc3 *dwc) void dwc3_host_exit(struct dwc3 *dwc) { + if (dwc->sys_wakeup) + device_init_wakeup(&dwc->xhci->dev, false); + platform_device_unregister(dwc->xhci); dwc->xhci = NULL; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Properly set system wakeup" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f9aa41130ac69d13a53ce2a153ca79c70d43f39c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040159-entrench-bogged-287d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f9aa41130ac6 ("usb: dwc3: Properly set system wakeup") 047161686b81 ("usb: dwc3: Add remote wakeup handling") 63c4c320ccf7 ("usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f9aa41130ac69d13a53ce2a153ca79c70d43f39c Mon Sep 17 00:00:00 2001 From: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Date: Fri, 8 Mar 2024 02:40:25 +0000 Subject: [PATCH] usb: dwc3: Properly set system wakeup If the device is configured for system wakeup, then make sure that the xHCI driver knows about it and make sure to permit wakeup only at the appropriate time. For host mode, if the controller goes through the dwc3 code path, then a child xHCI platform device is created. Make sure the platform device also inherits the wakeup setting for xHCI to enable remote wakeup. For device mode, make sure to disable system wakeup if no gadget driver is bound. We may experience unwanted system wakeup due to the wakeup signal from the controller PMU detecting connection/disconnection when in low power (D3). E.g. In the case of Steam Deck, the PCI PME prevents the system staying in suspend. Cc: stable(a)vger.kernel.org Reported-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Closes: https://lore.kernel.org/linux-usb/70a7692d-647c-9be7-00a6-06fc60f77294@igal… Fixes: d07e8819a03d ("usb: dwc3: add xHCI Host support") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Tested-by: Sanath S <Sanath.S(a)amd.com> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> # Steam Deck Link: https://lore.kernel.org/r/667cfda7009b502e08462c8fb3f65841d103cc0a.17098654… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 3e55838c0001..31684cdaaae3 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1519,6 +1519,8 @@ static void dwc3_get_properties(struct dwc3 *dwc) else dwc->sysdev = dwc->dev; + dwc->sys_wakeup = device_may_wakeup(dwc->sysdev); + ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name); if (ret >= 0) { dwc->usb_psy = power_supply_get_by_name(usb_psy_name); diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c07edfc954f7..7e80dd3d466b 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1133,6 +1133,7 @@ struct dwc3_scratchpad_array { * 3 - Reserved * @dis_metastability_quirk: set to disable metastability quirk. * @dis_split_quirk: set to disable split boundary. + * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. * @imod_interval: set the interrupt moderation interval in 250ns @@ -1357,6 +1358,7 @@ struct dwc3 { unsigned dis_split_quirk:1; unsigned async_callbacks:1; + unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 40c52dbc28d3..4df2661f6675 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2955,6 +2955,9 @@ static int dwc3_gadget_start(struct usb_gadget *g, dwc->gadget_driver = driver; spin_unlock_irqrestore(&dwc->lock, flags); + if (dwc->sys_wakeup) + device_wakeup_enable(dwc->sysdev); + return 0; } @@ -2970,6 +2973,9 @@ static int dwc3_gadget_stop(struct usb_gadget *g) struct dwc3 *dwc = gadget_to_dwc(g); unsigned long flags; + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + spin_lock_irqsave(&dwc->lock, flags); dwc->gadget_driver = NULL; dwc->max_cfg_eps = 0; @@ -4651,6 +4657,10 @@ int dwc3_gadget_init(struct dwc3 *dwc) else dwc3_gadget_set_speed(dwc->gadget, dwc->maximum_speed); + /* No system wakeup if no gadget driver bound */ + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + return 0; err5: diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c index 5a5cb6ce9946..0204787df81d 100644 --- a/drivers/usb/dwc3/host.c +++ b/drivers/usb/dwc3/host.c @@ -173,6 +173,14 @@ int dwc3_host_init(struct dwc3 *dwc) goto err; } + if (dwc->sys_wakeup) { + /* Restore wakeup setting if switched from device */ + device_wakeup_enable(dwc->sysdev); + + /* Pass on wakeup setting to the new xhci platform device */ + device_init_wakeup(&xhci->dev, true); + } + return 0; err: platform_device_put(xhci); @@ -181,6 +189,9 @@ int dwc3_host_init(struct dwc3 *dwc) void dwc3_host_exit(struct dwc3 *dwc) { + if (dwc->sys_wakeup) + device_init_wakeup(&dwc->xhci->dev, false); + platform_device_unregister(dwc->xhci); dwc->xhci = NULL; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Properly set system wakeup" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f9aa41130ac69d13a53ce2a153ca79c70d43f39c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040158-headrest-purge-7899@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f9aa41130ac6 ("usb: dwc3: Properly set system wakeup") 047161686b81 ("usb: dwc3: Add remote wakeup handling") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f9aa41130ac69d13a53ce2a153ca79c70d43f39c Mon Sep 17 00:00:00 2001 From: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Date: Fri, 8 Mar 2024 02:40:25 +0000 Subject: [PATCH] usb: dwc3: Properly set system wakeup If the device is configured for system wakeup, then make sure that the xHCI driver knows about it and make sure to permit wakeup only at the appropriate time. For host mode, if the controller goes through the dwc3 code path, then a child xHCI platform device is created. Make sure the platform device also inherits the wakeup setting for xHCI to enable remote wakeup. For device mode, make sure to disable system wakeup if no gadget driver is bound. We may experience unwanted system wakeup due to the wakeup signal from the controller PMU detecting connection/disconnection when in low power (D3). E.g. In the case of Steam Deck, the PCI PME prevents the system staying in suspend. Cc: stable(a)vger.kernel.org Reported-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Closes: https://lore.kernel.org/linux-usb/70a7692d-647c-9be7-00a6-06fc60f77294@igal… Fixes: d07e8819a03d ("usb: dwc3: add xHCI Host support") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Tested-by: Sanath S <Sanath.S(a)amd.com> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> # Steam Deck Link: https://lore.kernel.org/r/667cfda7009b502e08462c8fb3f65841d103cc0a.17098654… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 3e55838c0001..31684cdaaae3 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1519,6 +1519,8 @@ static void dwc3_get_properties(struct dwc3 *dwc) else dwc->sysdev = dwc->dev; + dwc->sys_wakeup = device_may_wakeup(dwc->sysdev); + ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name); if (ret >= 0) { dwc->usb_psy = power_supply_get_by_name(usb_psy_name); diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c07edfc954f7..7e80dd3d466b 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1133,6 +1133,7 @@ struct dwc3_scratchpad_array { * 3 - Reserved * @dis_metastability_quirk: set to disable metastability quirk. * @dis_split_quirk: set to disable split boundary. + * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. * @imod_interval: set the interrupt moderation interval in 250ns @@ -1357,6 +1358,7 @@ struct dwc3 { unsigned dis_split_quirk:1; unsigned async_callbacks:1; + unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 40c52dbc28d3..4df2661f6675 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2955,6 +2955,9 @@ static int dwc3_gadget_start(struct usb_gadget *g, dwc->gadget_driver = driver; spin_unlock_irqrestore(&dwc->lock, flags); + if (dwc->sys_wakeup) + device_wakeup_enable(dwc->sysdev); + return 0; } @@ -2970,6 +2973,9 @@ static int dwc3_gadget_stop(struct usb_gadget *g) struct dwc3 *dwc = gadget_to_dwc(g); unsigned long flags; + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + spin_lock_irqsave(&dwc->lock, flags); dwc->gadget_driver = NULL; dwc->max_cfg_eps = 0; @@ -4651,6 +4657,10 @@ int dwc3_gadget_init(struct dwc3 *dwc) else dwc3_gadget_set_speed(dwc->gadget, dwc->maximum_speed); + /* No system wakeup if no gadget driver bound */ + if (dwc->sys_wakeup) + device_wakeup_disable(dwc->sysdev); + return 0; err5: diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c index 5a5cb6ce9946..0204787df81d 100644 --- a/drivers/usb/dwc3/host.c +++ b/drivers/usb/dwc3/host.c @@ -173,6 +173,14 @@ int dwc3_host_init(struct dwc3 *dwc) goto err; } + if (dwc->sys_wakeup) { + /* Restore wakeup setting if switched from device */ + device_wakeup_enable(dwc->sysdev); + + /* Pass on wakeup setting to the new xhci platform device */ + device_init_wakeup(&xhci->dev, true); + } + return 0; err: platform_device_put(xhci); @@ -181,6 +189,9 @@ int dwc3_host_init(struct dwc3 *dwc) void dwc3_host_exit(struct dwc3 *dwc) { + if (dwc->sys_wakeup) + device_init_wakeup(&dwc->xhci->dev, false); + platform_device_unregister(dwc->xhci); dwc->xhci = NULL; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] x86/sev: Skip ROM range scans and validation for SEV-SNP" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0f4a1e80989aca185d955fcd791d7750082044a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040110-nimble-unfair-399c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0f4a1e80989a ("x86/sev: Skip ROM range scans and validation for SEV-SNP guests") 428080c9b19b ("x86/sev: Move early startup code into .head.text section") b82a8dbd3d2f ("x86/coco: Disable 32-bit emulation by default on TDX and SEV") ed766c26119c ("Merge tag 'x86-entry-2023-10-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0f4a1e80989aca185d955fcd791d7750082044a2 Mon Sep 17 00:00:00 2001 From: Kevin Loughlin <kevinloughlin(a)google.com> Date: Wed, 13 Mar 2024 12:15:46 +0000 Subject: [PATCH] x86/sev: Skip ROM range scans and validation for SEV-SNP guests SEV-SNP requires encrypted memory to be validated before access. Because the ROM memory range is not part of the e820 table, it is not pre-validated by the BIOS. Therefore, if a SEV-SNP guest kernel wishes to access this range, the guest must first validate the range. The current SEV-SNP code does indeed scan the ROM range during early boot and thus attempts to validate the ROM range in probe_roms(). However, this behavior is neither sufficient nor necessary for the following reasons: * With regards to sufficiency, if EFI_CONFIG_TABLES are not enabled and CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK is set, the kernel will attempt to access the memory at SMBIOS_ENTRY_POINT_SCAN_START (which falls in the ROM range) prior to validation. For example, Project Oak Stage 0 provides a minimal guest firmware that currently meets these configuration conditions, meaning guests booting atop Oak Stage 0 firmware encounter a problematic call chain during dmi_setup() -> dmi_scan_machine() that results in a crash during boot if SEV-SNP is enabled. * With regards to necessity, SEV-SNP guests generally read garbage (which changes across boots) from the ROM range, meaning these scans are unnecessary. The guest reads garbage because the legacy ROM range is unencrypted data but is accessed via an encrypted PMD during early boot (where the PMD is marked as encrypted due to potentially mapping actually-encrypted data in other PMD-contained ranges). In one exceptional case, EISA probing treats the ROM range as unencrypted data, which is inconsistent with other probing. Continuing to allow SEV-SNP guests to use garbage and to inconsistently classify ROM range encryption status can trigger undesirable behavior. For instance, if garbage bytes appear to be a valid signature, memory may be unnecessarily reserved for the ROM range. Future code or other use cases may result in more problematic (arbitrary) behavior that should be avoided. While one solution would be to overhaul the early PMD mapping to always treat the ROM region of the PMD as unencrypted, SEV-SNP guests do not currently rely on data from the ROM region during early boot (and even if they did, they would be mostly relying on garbage data anyways). As a simpler solution, skip the ROM range scans (and the otherwise- necessary range validation) during SEV-SNP guest early boot. The potential SEV-SNP guest crash due to lack of ROM range validation is thus avoided by simply not accessing the ROM range. In most cases, skip the scans by overriding problematic x86_init functions during sme_early_init() to SNP-safe variants, which can be likened to x86_init overrides done for other platforms (ex: Xen); such overrides also avoid the spread of cc_platform_has() checks throughout the tree. In the exceptional EISA case, still use cc_platform_has() for the simplest change, given (1) checks for guest type (ex: Xen domain status) are already performed here, and (2) these checks occur in a subsys initcall instead of an x86_init function. [ bp: Massage commit message, remove "we"s. ] Fixes: 9704c07bf9f7 ("x86/kernel: Validate ROM memory before accessing when SEV-SNP is active") Signed-off-by: Kevin Loughlin <kevinloughlin(a)google.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/r/20240313121546.2964854-1-kevinloughlin@google.com diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 9477b4053bce..07e125f32528 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -218,12 +218,12 @@ void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages); -void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op); void snp_set_memory_shared(unsigned long vaddr, unsigned long npages); void snp_set_memory_private(unsigned long vaddr, unsigned long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); +void snp_dmi_setup(void); int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); @@ -244,12 +244,12 @@ static inline void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } static inline void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } -static inline void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) { } static inline void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_memory_private(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } +static inline void snp_dmi_setup(void) { } static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { return -ENOTTY; diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h index b89b40f250e6..6149eabe200f 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -30,12 +30,13 @@ struct x86_init_mpparse { * @reserve_resources: reserve the standard resources for the * platform * @memory_setup: platform specific memory setup - * + * @dmi_setup: platform specific DMI setup */ struct x86_init_resources { void (*probe_roms)(void); void (*reserve_resources)(void); char *(*memory_setup)(void); + void (*dmi_setup)(void); }; /** diff --git a/arch/x86/kernel/eisa.c b/arch/x86/kernel/eisa.c index e963344b0449..53935b4d62e3 100644 --- a/arch/x86/kernel/eisa.c +++ b/arch/x86/kernel/eisa.c @@ -2,6 +2,7 @@ /* * EISA specific code */ +#include <linux/cc_platform.h> #include <linux/ioport.h> #include <linux/eisa.h> #include <linux/io.h> @@ -12,7 +13,7 @@ static __init int eisa_bus_probe(void) { void __iomem *p; - if (xen_pv_domain() && !xen_initial_domain()) + if ((xen_pv_domain() && !xen_initial_domain()) || cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return 0; p = ioremap(0x0FFFD9, 4); diff --git a/arch/x86/kernel/probe_roms.c b/arch/x86/kernel/probe_roms.c index 319fef37d9dc..cc2c34ba7228 100644 --- a/arch/x86/kernel/probe_roms.c +++ b/arch/x86/kernel/probe_roms.c @@ -203,16 +203,6 @@ void __init probe_roms(void) unsigned char c; int i; - /* - * The ROM memory range is not part of the e820 table and is therefore not - * pre-validated by BIOS. The kernel page table maps the ROM region as encrypted - * memory, and SNP requires encrypted memory to be validated before access. - * Do that here. - */ - snp_prep_memory(video_rom_resource.start, - ((system_rom_resource.end + 1) - video_rom_resource.start), - SNP_PAGE_STATE_PRIVATE); - /* video rom */ upper = adapter_rom_resources[0].start; for (start = video_rom_resource.start; start < upper; start += 2048) { diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index ef206500ed6f..0109e6c510e0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -9,7 +9,6 @@ #include <linux/console.h> #include <linux/crash_dump.h> #include <linux/dma-map-ops.h> -#include <linux/dmi.h> #include <linux/efi.h> #include <linux/ima.h> #include <linux/init_ohci1394_dma.h> @@ -902,7 +901,7 @@ void __init setup_arch(char **cmdline_p) efi_init(); reserve_ibft_region(); - dmi_setup(); + x86_init.resources.dmi_setup(); /* * VMware detection requires dmi to be available, so this diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index b59b09c2f284..7e1e63cc48e6 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -23,6 +23,7 @@ #include <linux/platform_device.h> #include <linux/io.h> #include <linux/psp-sev.h> +#include <linux/dmi.h> #include <uapi/linux/sev-guest.h> #include <asm/init.h> @@ -795,21 +796,6 @@ void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); } -void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) -{ - unsigned long vaddr, npages; - - vaddr = (unsigned long)__va(paddr); - npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - - if (op == SNP_PAGE_STATE_PRIVATE) - early_snp_set_memory_private(vaddr, paddr, npages); - else if (op == SNP_PAGE_STATE_SHARED) - early_snp_set_memory_shared(vaddr, paddr, npages); - else - WARN(1, "invalid memory op %d\n", op); -} - static unsigned long __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, unsigned long vaddr_end, int op) { @@ -2136,6 +2122,17 @@ void __head __noreturn snp_abort(void) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } +/* + * SEV-SNP guests should only execute dmi_setup() if EFI_CONFIG_TABLES are + * enabled, as the alternative (fallback) logic for DMI probing in the legacy + * ROM region can cause a crash since this region is not pre-validated. + */ +void __init snp_dmi_setup(void) +{ + if (efi_enabled(EFI_CONFIG_TABLES)) + dmi_setup(); +} + static void dump_cpuid_table(void) { const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table(); diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c index a42830dc151b..d5dc5a92635a 100644 --- a/arch/x86/kernel/x86_init.c +++ b/arch/x86/kernel/x86_init.c @@ -3,6 +3,7 @@ * * For licencing details see kernel-base/COPYING */ +#include <linux/dmi.h> #include <linux/init.h> #include <linux/ioport.h> #include <linux/export.h> @@ -66,6 +67,7 @@ struct x86_init_ops x86_init __initdata = { .probe_roms = probe_roms, .reserve_resources = reserve_standard_io_resources, .memory_setup = e820__memory_setup_default, + .dmi_setup = dmi_setup, }, .mpparse = { diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index 70b91de2e053..422602f6039b 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -492,6 +492,24 @@ void __init sme_early_init(void) */ if (sev_status & MSR_AMD64_SEV_ENABLED) ia32_disable(); + + /* + * Override init functions that scan the ROM region in SEV-SNP guests, + * as this memory is not pre-validated and would thus cause a crash. + */ + if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { + x86_init.mpparse.find_mptable = x86_init_noop; + x86_init.pci.init_irq = x86_init_noop; + x86_init.resources.probe_roms = x86_init_noop; + + /* + * DMI setup behavior for SEV-SNP guests depends on + * efi_enabled(EFI_CONFIG_TABLES), which hasn't been + * parsed yet. snp_dmi_setup() will run after that + * parsing has happened. + */ + x86_init.resources.dmi_setup = snp_dmi_setup; + } } void __init mem_encrypt_free_decrypted_mem(void)

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] x86/sev: Skip ROM range scans and validation for SEV-SNP" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0f4a1e80989aca185d955fcd791d7750082044a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040108-dreadful-pumice-e64d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0f4a1e80989a ("x86/sev: Skip ROM range scans and validation for SEV-SNP guests") 428080c9b19b ("x86/sev: Move early startup code into .head.text section") b82a8dbd3d2f ("x86/coco: Disable 32-bit emulation by default on TDX and SEV") ed766c26119c ("Merge tag 'x86-entry-2023-10-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0f4a1e80989aca185d955fcd791d7750082044a2 Mon Sep 17 00:00:00 2001 From: Kevin Loughlin <kevinloughlin(a)google.com> Date: Wed, 13 Mar 2024 12:15:46 +0000 Subject: [PATCH] x86/sev: Skip ROM range scans and validation for SEV-SNP guests SEV-SNP requires encrypted memory to be validated before access. Because the ROM memory range is not part of the e820 table, it is not pre-validated by the BIOS. Therefore, if a SEV-SNP guest kernel wishes to access this range, the guest must first validate the range. The current SEV-SNP code does indeed scan the ROM range during early boot and thus attempts to validate the ROM range in probe_roms(). However, this behavior is neither sufficient nor necessary for the following reasons: * With regards to sufficiency, if EFI_CONFIG_TABLES are not enabled and CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK is set, the kernel will attempt to access the memory at SMBIOS_ENTRY_POINT_SCAN_START (which falls in the ROM range) prior to validation. For example, Project Oak Stage 0 provides a minimal guest firmware that currently meets these configuration conditions, meaning guests booting atop Oak Stage 0 firmware encounter a problematic call chain during dmi_setup() -> dmi_scan_machine() that results in a crash during boot if SEV-SNP is enabled. * With regards to necessity, SEV-SNP guests generally read garbage (which changes across boots) from the ROM range, meaning these scans are unnecessary. The guest reads garbage because the legacy ROM range is unencrypted data but is accessed via an encrypted PMD during early boot (where the PMD is marked as encrypted due to potentially mapping actually-encrypted data in other PMD-contained ranges). In one exceptional case, EISA probing treats the ROM range as unencrypted data, which is inconsistent with other probing. Continuing to allow SEV-SNP guests to use garbage and to inconsistently classify ROM range encryption status can trigger undesirable behavior. For instance, if garbage bytes appear to be a valid signature, memory may be unnecessarily reserved for the ROM range. Future code or other use cases may result in more problematic (arbitrary) behavior that should be avoided. While one solution would be to overhaul the early PMD mapping to always treat the ROM region of the PMD as unencrypted, SEV-SNP guests do not currently rely on data from the ROM region during early boot (and even if they did, they would be mostly relying on garbage data anyways). As a simpler solution, skip the ROM range scans (and the otherwise- necessary range validation) during SEV-SNP guest early boot. The potential SEV-SNP guest crash due to lack of ROM range validation is thus avoided by simply not accessing the ROM range. In most cases, skip the scans by overriding problematic x86_init functions during sme_early_init() to SNP-safe variants, which can be likened to x86_init overrides done for other platforms (ex: Xen); such overrides also avoid the spread of cc_platform_has() checks throughout the tree. In the exceptional EISA case, still use cc_platform_has() for the simplest change, given (1) checks for guest type (ex: Xen domain status) are already performed here, and (2) these checks occur in a subsys initcall instead of an x86_init function. [ bp: Massage commit message, remove "we"s. ] Fixes: 9704c07bf9f7 ("x86/kernel: Validate ROM memory before accessing when SEV-SNP is active") Signed-off-by: Kevin Loughlin <kevinloughlin(a)google.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/r/20240313121546.2964854-1-kevinloughlin@google.com diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 9477b4053bce..07e125f32528 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -218,12 +218,12 @@ void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages); -void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op); void snp_set_memory_shared(unsigned long vaddr, unsigned long npages); void snp_set_memory_private(unsigned long vaddr, unsigned long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); +void snp_dmi_setup(void); int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); @@ -244,12 +244,12 @@ static inline void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } static inline void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } -static inline void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) { } static inline void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_memory_private(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } +static inline void snp_dmi_setup(void) { } static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { return -ENOTTY; diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h index b89b40f250e6..6149eabe200f 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -30,12 +30,13 @@ struct x86_init_mpparse { * @reserve_resources: reserve the standard resources for the * platform * @memory_setup: platform specific memory setup - * + * @dmi_setup: platform specific DMI setup */ struct x86_init_resources { void (*probe_roms)(void); void (*reserve_resources)(void); char *(*memory_setup)(void); + void (*dmi_setup)(void); }; /** diff --git a/arch/x86/kernel/eisa.c b/arch/x86/kernel/eisa.c index e963344b0449..53935b4d62e3 100644 --- a/arch/x86/kernel/eisa.c +++ b/arch/x86/kernel/eisa.c @@ -2,6 +2,7 @@ /* * EISA specific code */ +#include <linux/cc_platform.h> #include <linux/ioport.h> #include <linux/eisa.h> #include <linux/io.h> @@ -12,7 +13,7 @@ static __init int eisa_bus_probe(void) { void __iomem *p; - if (xen_pv_domain() && !xen_initial_domain()) + if ((xen_pv_domain() && !xen_initial_domain()) || cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return 0; p = ioremap(0x0FFFD9, 4); diff --git a/arch/x86/kernel/probe_roms.c b/arch/x86/kernel/probe_roms.c index 319fef37d9dc..cc2c34ba7228 100644 --- a/arch/x86/kernel/probe_roms.c +++ b/arch/x86/kernel/probe_roms.c @@ -203,16 +203,6 @@ void __init probe_roms(void) unsigned char c; int i; - /* - * The ROM memory range is not part of the e820 table and is therefore not - * pre-validated by BIOS. The kernel page table maps the ROM region as encrypted - * memory, and SNP requires encrypted memory to be validated before access. - * Do that here. - */ - snp_prep_memory(video_rom_resource.start, - ((system_rom_resource.end + 1) - video_rom_resource.start), - SNP_PAGE_STATE_PRIVATE); - /* video rom */ upper = adapter_rom_resources[0].start; for (start = video_rom_resource.start; start < upper; start += 2048) { diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index ef206500ed6f..0109e6c510e0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -9,7 +9,6 @@ #include <linux/console.h> #include <linux/crash_dump.h> #include <linux/dma-map-ops.h> -#include <linux/dmi.h> #include <linux/efi.h> #include <linux/ima.h> #include <linux/init_ohci1394_dma.h> @@ -902,7 +901,7 @@ void __init setup_arch(char **cmdline_p) efi_init(); reserve_ibft_region(); - dmi_setup(); + x86_init.resources.dmi_setup(); /* * VMware detection requires dmi to be available, so this diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index b59b09c2f284..7e1e63cc48e6 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -23,6 +23,7 @@ #include <linux/platform_device.h> #include <linux/io.h> #include <linux/psp-sev.h> +#include <linux/dmi.h> #include <uapi/linux/sev-guest.h> #include <asm/init.h> @@ -795,21 +796,6 @@ void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); } -void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) -{ - unsigned long vaddr, npages; - - vaddr = (unsigned long)__va(paddr); - npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - - if (op == SNP_PAGE_STATE_PRIVATE) - early_snp_set_memory_private(vaddr, paddr, npages); - else if (op == SNP_PAGE_STATE_SHARED) - early_snp_set_memory_shared(vaddr, paddr, npages); - else - WARN(1, "invalid memory op %d\n", op); -} - static unsigned long __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, unsigned long vaddr_end, int op) { @@ -2136,6 +2122,17 @@ void __head __noreturn snp_abort(void) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } +/* + * SEV-SNP guests should only execute dmi_setup() if EFI_CONFIG_TABLES are + * enabled, as the alternative (fallback) logic for DMI probing in the legacy + * ROM region can cause a crash since this region is not pre-validated. + */ +void __init snp_dmi_setup(void) +{ + if (efi_enabled(EFI_CONFIG_TABLES)) + dmi_setup(); +} + static void dump_cpuid_table(void) { const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table(); diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c index a42830dc151b..d5dc5a92635a 100644 --- a/arch/x86/kernel/x86_init.c +++ b/arch/x86/kernel/x86_init.c @@ -3,6 +3,7 @@ * * For licencing details see kernel-base/COPYING */ +#include <linux/dmi.h> #include <linux/init.h> #include <linux/ioport.h> #include <linux/export.h> @@ -66,6 +67,7 @@ struct x86_init_ops x86_init __initdata = { .probe_roms = probe_roms, .reserve_resources = reserve_standard_io_resources, .memory_setup = e820__memory_setup_default, + .dmi_setup = dmi_setup, }, .mpparse = { diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index 70b91de2e053..422602f6039b 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -492,6 +492,24 @@ void __init sme_early_init(void) */ if (sev_status & MSR_AMD64_SEV_ENABLED) ia32_disable(); + + /* + * Override init functions that scan the ROM region in SEV-SNP guests, + * as this memory is not pre-validated and would thus cause a crash. + */ + if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { + x86_init.mpparse.find_mptable = x86_init_noop; + x86_init.pci.init_irq = x86_init_noop; + x86_init.resources.probe_roms = x86_init_noop; + + /* + * DMI setup behavior for SEV-SNP guests depends on + * efi_enabled(EFI_CONFIG_TABLES), which hasn't been + * parsed yet. snp_dmi_setup() will run after that + * parsing has happened. + */ + x86_init.resources.dmi_setup = snp_dmi_setup; + } } void __init mem_encrypt_free_decrypted_mem(void)

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] x86/sev: Skip ROM range scans and validation for SEV-SNP" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 0f4a1e80989aca185d955fcd791d7750082044a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040105-swarm-prenatal-5d72@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 0f4a1e80989a ("x86/sev: Skip ROM range scans and validation for SEV-SNP guests") 428080c9b19b ("x86/sev: Move early startup code into .head.text section") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0f4a1e80989aca185d955fcd791d7750082044a2 Mon Sep 17 00:00:00 2001 From: Kevin Loughlin <kevinloughlin(a)google.com> Date: Wed, 13 Mar 2024 12:15:46 +0000 Subject: [PATCH] x86/sev: Skip ROM range scans and validation for SEV-SNP guests SEV-SNP requires encrypted memory to be validated before access. Because the ROM memory range is not part of the e820 table, it is not pre-validated by the BIOS. Therefore, if a SEV-SNP guest kernel wishes to access this range, the guest must first validate the range. The current SEV-SNP code does indeed scan the ROM range during early boot and thus attempts to validate the ROM range in probe_roms(). However, this behavior is neither sufficient nor necessary for the following reasons: * With regards to sufficiency, if EFI_CONFIG_TABLES are not enabled and CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK is set, the kernel will attempt to access the memory at SMBIOS_ENTRY_POINT_SCAN_START (which falls in the ROM range) prior to validation. For example, Project Oak Stage 0 provides a minimal guest firmware that currently meets these configuration conditions, meaning guests booting atop Oak Stage 0 firmware encounter a problematic call chain during dmi_setup() -> dmi_scan_machine() that results in a crash during boot if SEV-SNP is enabled. * With regards to necessity, SEV-SNP guests generally read garbage (which changes across boots) from the ROM range, meaning these scans are unnecessary. The guest reads garbage because the legacy ROM range is unencrypted data but is accessed via an encrypted PMD during early boot (where the PMD is marked as encrypted due to potentially mapping actually-encrypted data in other PMD-contained ranges). In one exceptional case, EISA probing treats the ROM range as unencrypted data, which is inconsistent with other probing. Continuing to allow SEV-SNP guests to use garbage and to inconsistently classify ROM range encryption status can trigger undesirable behavior. For instance, if garbage bytes appear to be a valid signature, memory may be unnecessarily reserved for the ROM range. Future code or other use cases may result in more problematic (arbitrary) behavior that should be avoided. While one solution would be to overhaul the early PMD mapping to always treat the ROM region of the PMD as unencrypted, SEV-SNP guests do not currently rely on data from the ROM region during early boot (and even if they did, they would be mostly relying on garbage data anyways). As a simpler solution, skip the ROM range scans (and the otherwise- necessary range validation) during SEV-SNP guest early boot. The potential SEV-SNP guest crash due to lack of ROM range validation is thus avoided by simply not accessing the ROM range. In most cases, skip the scans by overriding problematic x86_init functions during sme_early_init() to SNP-safe variants, which can be likened to x86_init overrides done for other platforms (ex: Xen); such overrides also avoid the spread of cc_platform_has() checks throughout the tree. In the exceptional EISA case, still use cc_platform_has() for the simplest change, given (1) checks for guest type (ex: Xen domain status) are already performed here, and (2) these checks occur in a subsys initcall instead of an x86_init function. [ bp: Massage commit message, remove "we"s. ] Fixes: 9704c07bf9f7 ("x86/kernel: Validate ROM memory before accessing when SEV-SNP is active") Signed-off-by: Kevin Loughlin <kevinloughlin(a)google.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/r/20240313121546.2964854-1-kevinloughlin@google.com diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 9477b4053bce..07e125f32528 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -218,12 +218,12 @@ void early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages); void early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages); -void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op); void snp_set_memory_shared(unsigned long vaddr, unsigned long npages); void snp_set_memory_private(unsigned long vaddr, unsigned long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); +void snp_dmi_setup(void); int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); @@ -244,12 +244,12 @@ static inline void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } static inline void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages) { } -static inline void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) { } static inline void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_memory_private(unsigned long vaddr, unsigned long npages) { } static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } +static inline void snp_dmi_setup(void) { } static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { return -ENOTTY; diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h index b89b40f250e6..6149eabe200f 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -30,12 +30,13 @@ struct x86_init_mpparse { * @reserve_resources: reserve the standard resources for the * platform * @memory_setup: platform specific memory setup - * + * @dmi_setup: platform specific DMI setup */ struct x86_init_resources { void (*probe_roms)(void); void (*reserve_resources)(void); char *(*memory_setup)(void); + void (*dmi_setup)(void); }; /** diff --git a/arch/x86/kernel/eisa.c b/arch/x86/kernel/eisa.c index e963344b0449..53935b4d62e3 100644 --- a/arch/x86/kernel/eisa.c +++ b/arch/x86/kernel/eisa.c @@ -2,6 +2,7 @@ /* * EISA specific code */ +#include <linux/cc_platform.h> #include <linux/ioport.h> #include <linux/eisa.h> #include <linux/io.h> @@ -12,7 +13,7 @@ static __init int eisa_bus_probe(void) { void __iomem *p; - if (xen_pv_domain() && !xen_initial_domain()) + if ((xen_pv_domain() && !xen_initial_domain()) || cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return 0; p = ioremap(0x0FFFD9, 4); diff --git a/arch/x86/kernel/probe_roms.c b/arch/x86/kernel/probe_roms.c index 319fef37d9dc..cc2c34ba7228 100644 --- a/arch/x86/kernel/probe_roms.c +++ b/arch/x86/kernel/probe_roms.c @@ -203,16 +203,6 @@ void __init probe_roms(void) unsigned char c; int i; - /* - * The ROM memory range is not part of the e820 table and is therefore not - * pre-validated by BIOS. The kernel page table maps the ROM region as encrypted - * memory, and SNP requires encrypted memory to be validated before access. - * Do that here. - */ - snp_prep_memory(video_rom_resource.start, - ((system_rom_resource.end + 1) - video_rom_resource.start), - SNP_PAGE_STATE_PRIVATE); - /* video rom */ upper = adapter_rom_resources[0].start; for (start = video_rom_resource.start; start < upper; start += 2048) { diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index ef206500ed6f..0109e6c510e0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -9,7 +9,6 @@ #include <linux/console.h> #include <linux/crash_dump.h> #include <linux/dma-map-ops.h> -#include <linux/dmi.h> #include <linux/efi.h> #include <linux/ima.h> #include <linux/init_ohci1394_dma.h> @@ -902,7 +901,7 @@ void __init setup_arch(char **cmdline_p) efi_init(); reserve_ibft_region(); - dmi_setup(); + x86_init.resources.dmi_setup(); /* * VMware detection requires dmi to be available, so this diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index b59b09c2f284..7e1e63cc48e6 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -23,6 +23,7 @@ #include <linux/platform_device.h> #include <linux/io.h> #include <linux/psp-sev.h> +#include <linux/dmi.h> #include <uapi/linux/sev-guest.h> #include <asm/init.h> @@ -795,21 +796,6 @@ void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED); } -void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) -{ - unsigned long vaddr, npages; - - vaddr = (unsigned long)__va(paddr); - npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - - if (op == SNP_PAGE_STATE_PRIVATE) - early_snp_set_memory_private(vaddr, paddr, npages); - else if (op == SNP_PAGE_STATE_SHARED) - early_snp_set_memory_shared(vaddr, paddr, npages); - else - WARN(1, "invalid memory op %d\n", op); -} - static unsigned long __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr, unsigned long vaddr_end, int op) { @@ -2136,6 +2122,17 @@ void __head __noreturn snp_abort(void) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } +/* + * SEV-SNP guests should only execute dmi_setup() if EFI_CONFIG_TABLES are + * enabled, as the alternative (fallback) logic for DMI probing in the legacy + * ROM region can cause a crash since this region is not pre-validated. + */ +void __init snp_dmi_setup(void) +{ + if (efi_enabled(EFI_CONFIG_TABLES)) + dmi_setup(); +} + static void dump_cpuid_table(void) { const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table(); diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c index a42830dc151b..d5dc5a92635a 100644 --- a/arch/x86/kernel/x86_init.c +++ b/arch/x86/kernel/x86_init.c @@ -3,6 +3,7 @@ * * For licencing details see kernel-base/COPYING */ +#include <linux/dmi.h> #include <linux/init.h> #include <linux/ioport.h> #include <linux/export.h> @@ -66,6 +67,7 @@ struct x86_init_ops x86_init __initdata = { .probe_roms = probe_roms, .reserve_resources = reserve_standard_io_resources, .memory_setup = e820__memory_setup_default, + .dmi_setup = dmi_setup, }, .mpparse = { diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index 70b91de2e053..422602f6039b 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -492,6 +492,24 @@ void __init sme_early_init(void) */ if (sev_status & MSR_AMD64_SEV_ENABLED) ia32_disable(); + + /* + * Override init functions that scan the ROM region in SEV-SNP guests, + * as this memory is not pre-validated and would thus cause a crash. + */ + if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) { + x86_init.mpparse.find_mptable = x86_init_noop; + x86_init.pci.init_irq = x86_init_noop; + x86_init.resources.probe_roms = x86_init_noop; + + /* + * DMI setup behavior for SEV-SNP guests depends on + * efi_enabled(EFI_CONFIG_TABLES), which hasn't been + * parsed yet. snp_dmi_setup() will run after that + * parsing has happened. + */ + x86_init.resources.dmi_setup = snp_dmi_setup; + } } void __init mem_encrypt_free_decrypted_mem(void)

1 year, 5 months

1
0
0 0

[PATCH v4.19-v5.4] vt: fix memory overlapping when deleting chars in the buffer

by Kuntal Nayak

From: Yangxi Xiang <xyangxi5(a)gmail.com> [ upstream commit 39cdb68c64d8 ] A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew. Fixes: 81732c3b2fed ("tty vt: Fix line garbage in virtual console on command line edition") Cc: stable <stable(a)kernel.org> Signed-off-by: Yangxi Xiang <xyangxi5(a)gmail.com> Link: https://lore.kernel.org/r/20220628093322.5688-1-xyangxi5@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [ KN: vc_state is not a separate structure in LTS v4.19, v5.4. Adjusted the patch accordingly by using vc_x instead of state.x for backport. ] Signed-off-by: Kuntal Nayak <kuntal.nayak(a)broadcom.com> --- drivers/tty/vt/vt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index c9083d853..a351e264d 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -855,7 +855,7 @@ static void delete_char(struct vc_data *vc, unsigned int nr) unsigned short *p = (unsigned short *) vc->vc_pos; vc_uniscr_delete(vc, nr); - scr_memcpyw(p, p + nr, (vc->vc_cols - vc->vc_x - nr) * 2); + scr_memmovew(p, p + nr, (vc->vc_cols - vc->vc_x - nr) * 2); scr_memsetw(p + vc->vc_cols - vc->vc_x - nr, vc->vc_video_erase_char, nr * 2); vc->vc_need_wrap = 0; -- 2.39.0

1 year, 5 months

3
3
0 0

[RFC PATCH v2 1/6] cxl/core: correct length of DPA field masks

by Shiyang Ruan

The length of Physical Address in General Media Event Record/DRAM Event Record is 64-bit, so the field mask should be defined as such length. Otherwise, this causes cxl_general_media and cxl_dram tracepoints to mask off the upper-32-bits of DPA addresses. The cxl_poison event is unaffected. If userspace was doing its own DPA-to-HPA translation this could lead to incorrect page retirement decisions, but there is no known consumer (like rasdaemon) of this event today. Fixes: d54a531a430b ("cxl/mem: Trace General Media Event Record") Cc: <stable(a)vger.kernel.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Shiyang Ruan <ruansy.fnst(a)fujitsu.com> --- drivers/cxl/core/trace.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/cxl/core/trace.h b/drivers/cxl/core/trace.h index e5f13260fc52..e2d1f296df97 100644 --- a/drivers/cxl/core/trace.h +++ b/drivers/cxl/core/trace.h @@ -253,11 +253,11 @@ TRACE_EVENT(cxl_generic_event, * DRAM Event Record * CXL rev 3.0 section 8.2.9.2.1.2; Table 8-44 */ -#define CXL_DPA_FLAGS_MASK 0x3F +#define CXL_DPA_FLAGS_MASK 0x3FULL #define CXL_DPA_MASK (~CXL_DPA_FLAGS_MASK) -#define CXL_DPA_VOLATILE BIT(0) -#define CXL_DPA_NOT_REPAIRABLE BIT(1) +#define CXL_DPA_VOLATILE BIT_ULL(0) +#define CXL_DPA_NOT_REPAIRABLE BIT_ULL(1) #define show_dpa_flags(flags) __print_flags(flags, "|", \ { CXL_DPA_VOLATILE, "VOLATILE" }, \ { CXL_DPA_NOT_REPAIRABLE, "NOT_REPAIRABLE" } \ -- 2.34.1

1 year, 5 months

2
2
0 0

[PATCH] net: usb: ax88179_178a: avoid the interface always configured as random address

by Jose Ignacio Tornos Martinez

After the commit d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets"), reset is not executed from bind operation and mac address is not read from the device registers or the devicetree at that moment. Since the check to configure if the assigned mac address is random or not for the interface, happens after the bind operation from usbnet_probe, the interface keeps configured as random address, although the address is correctly read and set during open operation (the only reset now). In order to keep only one reset for the device and to avoid the interface always configured as random address, after reset, configure correctly the suitable field from the driver, if the mac address is read successfully from the device registers or the devicetree. In addition, if mac address can not be read from the driver, a random address is configured again, so it is not necessary to call eth_hw_addr_random from here. Indeed, in this situtatuon, when reset was also executed from bind, this was invalidating the check to configure if the assigned mac address for the interface was random or not. cc: stable(a)vger.kernel.org # 6.6+ Fixes: d2689b6a86b9 ("net: usb: ax88179_178a: avoid two consecutive device resets") Reported-by: Dave Stevenson <dave.stevenson(a)raspberrypi.com> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- drivers/net/usb/ax88179_178a.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c index 88e084534853..d2324cc02461 100644 --- a/drivers/net/usb/ax88179_178a.c +++ b/drivers/net/usb/ax88179_178a.c @@ -1273,10 +1273,9 @@ static void ax88179_get_mac_addr(struct usbnet *dev) if (is_valid_ether_addr(mac)) { eth_hw_addr_set(dev->net, mac); - } else { + dev->net->addr_assign_type = NET_ADDR_PERM; + } else netdev_info(dev->net, "invalid MAC address, using random\n"); - eth_hw_addr_random(dev->net); - } ax88179_write_cmd(dev, AX_ACCESS_MAC, AX_NODE_ID, ETH_ALEN, ETH_ALEN, dev->net->dev_addr); -- 2.44.0

1 year, 5 months

2
6
0 0

[REGRESSION] external monitor+Dell dock in 6.8

by Andrei Gaponenko

Hello, I noticed a regression with the mailine kernel pre-compiled by EPEL. I have just tried linux-6.9-rc1.tar.gz from kernel.org, and it still misbehaves. The default setup: a laptop is connected to a dock, Dell WD22TB4, via a USB-C cable. The dock is connected to an external monitor via a Display Port cable. With a "good" kernel everything works. With a "broken" kernel, the external monitor is still correctly identified by the system, and is shown as enabled in plasma systemsettings. The system also behaves like the monitor is working, for example, one can move the mouse pointer off the laptop screen. However the external monitor screen stays black, and it eventually goes to sleep. Everything worked with EPEL mainline kernels up to and including kernel-ml-6.7.9-1.el9.elrepo.x86_64 The breakage is observed in kernel-ml-6.8.1-1.el9.elrepo.x86_64 kernel-ml-6.8.2-1.el9.elrepo.x86_64 linux-6.9-rc1.tar.gz from kernel.org (with olddefconfig) Other tests: using an HDMI cable instead of the Display Port cable between the monitor and the dock does not change things, black screen with the newer kernels. Using a small HDMI-to-USB-C adapter instead of the dock results in a working system, even with the newer kernels. So the breakage appears to be specific to the Dell WD22TB4 dock. Operating System: AlmaLinux 9.3 (Shamrock Pampas Cat) uname -mi: x86_64 x86_64 Laptop: Dell Precision 5470/02RK6V lsusb |grep dock Bus 003 Device 007: ID 413c:b06e Dell Computer Corp. Dell dock Bus 003 Device 008: ID 413c:b06f Dell Computer Corp. Dell dock Bus 003 Device 006: ID 0bda:5413 Realtek Semiconductor Corp. Dell dock Bus 003 Device 005: ID 0bda:5487 Realtek Semiconductor Corp. Dell dock Bus 002 Device 004: ID 0bda:0413 Realtek Semiconductor Corp. Dell dock Bus 002 Device 003: ID 0bda:0487 Realtek Semiconductor Corp. Dell dock dmesg and kernel config are attached to https://bugzilla.kernel.org/show_bug.cgi?id=218663 #regzbot introduced: v6.7.9..v6.8.1 Andrei

1 year, 5 months

2
4
0 0

Re: [PATCH] aio: Fix null ptr deref in aio_complete() wakeup

by kernel test robot

Hi, Thanks for your patch. FYI: kernel test robot notices the stable kernel rule is not satisfied. The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opt… Rule: add the tag "Cc: stable(a)vger.kernel.org" in the sign-off area to have the patch automatically included in the stable tree. Subject: [PATCH] aio: Fix null ptr deref in aio_complete() wakeup Link: https://lore.kernel.org/stable/20240331215212.522544-1-kent.overstreet%40li… -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: UAS: return ENODEV when submit urbs fail with device not" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x cd5432c712351a3d5f82512908f5febfca946ca6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033144-armless-overact-1e1d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd5432c712351a3d5f82512908f5febfca946ca6 Mon Sep 17 00:00:00 2001 From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Date: Thu, 7 Mar 2024 02:08:14 +0800 Subject: [PATCH] USB: UAS: return ENODEV when submit urbs fail with device not attached In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs to return original generic error when submitting URB failed. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Suggested-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Link: https://lore.kernel.org/r/20240306180814.4897-1-WeitaoWang-oc@zhaoxin.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 71ace274761f..08953f0d4532 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,30 +541,28 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, struct uas_dev_info *devinfo) { struct uas_cmd_info *cmdinfo = scsi_cmd_priv(cmnd); - struct urb *urb; int err; lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return err; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -572,7 +570,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_FROM_DEVICE); if (!cmdinfo->data_in_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_IN_URB; } @@ -582,7 +580,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -592,7 +590,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_TO_DEVICE); if (!cmdinfo->data_out_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_OUT_URB; } @@ -602,7 +600,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -611,7 +609,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (cmdinfo->state & ALLOC_CMD_URB) { cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd); if (!cmdinfo->cmd_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_CMD_URB; } @@ -621,7 +619,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +696,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: UAS: return ENODEV when submit urbs fail with device not" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x cd5432c712351a3d5f82512908f5febfca946ca6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033142-wisplike-kindle-7914@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd5432c712351a3d5f82512908f5febfca946ca6 Mon Sep 17 00:00:00 2001 From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Date: Thu, 7 Mar 2024 02:08:14 +0800 Subject: [PATCH] USB: UAS: return ENODEV when submit urbs fail with device not attached In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs to return original generic error when submitting URB failed. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Suggested-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Link: https://lore.kernel.org/r/20240306180814.4897-1-WeitaoWang-oc@zhaoxin.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 71ace274761f..08953f0d4532 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,30 +541,28 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, struct uas_dev_info *devinfo) { struct uas_cmd_info *cmdinfo = scsi_cmd_priv(cmnd); - struct urb *urb; int err; lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return err; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -572,7 +570,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_FROM_DEVICE); if (!cmdinfo->data_in_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_IN_URB; } @@ -582,7 +580,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -592,7 +590,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_TO_DEVICE); if (!cmdinfo->data_out_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_OUT_URB; } @@ -602,7 +600,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -611,7 +609,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (cmdinfo->state & ALLOC_CMD_URB) { cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd); if (!cmdinfo->cmd_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_CMD_URB; } @@ -621,7 +619,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +696,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: UAS: return ENODEV when submit urbs fail with device not" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cd5432c712351a3d5f82512908f5febfca946ca6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033141-prototype-camera-04df@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd5432c712351a3d5f82512908f5febfca946ca6 Mon Sep 17 00:00:00 2001 From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Date: Thu, 7 Mar 2024 02:08:14 +0800 Subject: [PATCH] USB: UAS: return ENODEV when submit urbs fail with device not attached In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs to return original generic error when submitting URB failed. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Suggested-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Link: https://lore.kernel.org/r/20240306180814.4897-1-WeitaoWang-oc@zhaoxin.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 71ace274761f..08953f0d4532 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,30 +541,28 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, struct uas_dev_info *devinfo) { struct uas_cmd_info *cmdinfo = scsi_cmd_priv(cmnd); - struct urb *urb; int err; lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return err; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -572,7 +570,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_FROM_DEVICE); if (!cmdinfo->data_in_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_IN_URB; } @@ -582,7 +580,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -592,7 +590,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_TO_DEVICE); if (!cmdinfo->data_out_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_OUT_URB; } @@ -602,7 +600,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -611,7 +609,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (cmdinfo->state & ALLOC_CMD_URB) { cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd); if (!cmdinfo->cmd_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_CMD_URB; } @@ -621,7 +619,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +696,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] USB: UAS: return ENODEV when submit urbs fail with device not" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cd5432c712351a3d5f82512908f5febfca946ca6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033140-goon-residence-7f8c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd5432c712351a3d5f82512908f5febfca946ca6 Mon Sep 17 00:00:00 2001 From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Date: Thu, 7 Mar 2024 02:08:14 +0800 Subject: [PATCH] USB: UAS: return ENODEV when submit urbs fail with device not attached In the scenario of entering hibernation with udisk in the system, if the udisk was gone or resume fail in the thaw phase of hibernation. Its state will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed and can't not handle disconnect event. Next, in the poweroff phase of hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk when poweroff this scsi device, which will cause uas_submit_urbs to be called to submit URB for sense/data/cmd pipe. However, these URBs will submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead the SCSI layer go into an ugly loop and system fail to go into hibernation. On the other hand, when we specially check for -ENODEV in function uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device poweroff fail and system shutdown instead of entering hibernation. To fix this issue, let uas_submit_urbs to return original generic error when submitting URB failed. At the same time, we need to translate -ENODEV to DID_NOT_CONNECT for the SCSI layer. Suggested-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Link: https://lore.kernel.org/r/20240306180814.4897-1-WeitaoWang-oc@zhaoxin.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 71ace274761f..08953f0d4532 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp, * daft to me. */ -static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) +static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) { struct uas_dev_info *devinfo = cmnd->device->hostdata; struct urb *urb; @@ -541,30 +541,28 @@ static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp) urb = uas_alloc_sense_urb(devinfo, gfp, cmnd); if (!urb) - return NULL; + return -ENOMEM; usb_anchor_urb(urb, &devinfo->sense_urbs); err = usb_submit_urb(urb, gfp); if (err) { usb_unanchor_urb(urb); uas_log_cmd_state(cmnd, "sense submit err", err); usb_free_urb(urb); - return NULL; } - return urb; + return err; } static int uas_submit_urbs(struct scsi_cmnd *cmnd, struct uas_dev_info *devinfo) { struct uas_cmd_info *cmdinfo = scsi_cmd_priv(cmnd); - struct urb *urb; int err; lockdep_assert_held(&devinfo->lock); if (cmdinfo->state & SUBMIT_STATUS_URB) { - urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC); - if (!urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + err = uas_submit_sense_urb(cmnd, GFP_ATOMIC); + if (err) + return err; cmdinfo->state &= ~SUBMIT_STATUS_URB; } @@ -572,7 +570,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_FROM_DEVICE); if (!cmdinfo->data_in_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_IN_URB; } @@ -582,7 +580,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_in_urb); uas_log_cmd_state(cmnd, "data in submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_IN_URB; cmdinfo->state |= DATA_IN_URB_INFLIGHT; @@ -592,7 +590,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC, cmnd, DMA_TO_DEVICE); if (!cmdinfo->data_out_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_DATA_OUT_URB; } @@ -602,7 +600,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->data_out_urb); uas_log_cmd_state(cmnd, "data out submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->state &= ~SUBMIT_DATA_OUT_URB; cmdinfo->state |= DATA_OUT_URB_INFLIGHT; @@ -611,7 +609,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (cmdinfo->state & ALLOC_CMD_URB) { cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd); if (!cmdinfo->cmd_urb) - return SCSI_MLQUEUE_DEVICE_BUSY; + return -ENOMEM; cmdinfo->state &= ~ALLOC_CMD_URB; } @@ -621,7 +619,7 @@ static int uas_submit_urbs(struct scsi_cmnd *cmnd, if (err) { usb_unanchor_urb(cmdinfo->cmd_urb); uas_log_cmd_state(cmnd, "cmd submit err", err); - return SCSI_MLQUEUE_DEVICE_BUSY; + return err; } cmdinfo->cmd_urb = NULL; cmdinfo->state &= ~SUBMIT_CMD_URB; @@ -698,7 +696,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd) * of queueing, no matter how fatal the error */ if (err == -ENODEV) { - set_host_byte(cmnd, DID_ERROR); + set_host_byte(cmnd, DID_NO_CONNECT); scsi_done(cmnd); goto zombie; }

1 year, 5 months

1
0
0 0

[PATCH 5.15 v2 0/3] Support static calls with LLVM-built kernels

by Thadeu Lima de Souza Cascardo

Otherwise, we see warnings like this: [ 0.000000][ T0] ------------[ cut here ]------------ [ 0.000000][ T0] unexpected static_call insn opcode 0xf at kvm_vcpu_reload_apic_access_page+0x17/0x30 [ 0.000000][ T0] WARNING: CPU: 0 PID: 0 at arch/x86/kernel/static_call.c:88 __static_call_validate+0x68/0x70 [ 0.000000][ T0] Modules linked in: [ 0.000000][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.15.151-00083-gf200c7260296 #68 fe3cb25cf78cb710722bb5acd1cadddd35172924 [ 0.000000][ T0] RIP: 0010:__static_call_validate+0x68/0x70 [ 0.000000][ T0] Code: 0f b6 4a 04 81 f1 c0 00 00 00 09 c1 74 cc 80 3d be 2c 02 02 00 75 c3 c6 05 b5 2c 02 02 01 48 c7 c7 38 4f c3 82 e8 e8 c8 09 00 <0f> 0b c3 00 00 cc cc 00 53 48 89 fb 48 63 15 31 71 06 02 e8 b0 b8 [ 0.000000][ T0] RSP: 0000:ffffffff82e03e70 EFLAGS: 00010046 ORIG_RAX: 0000000000000000 [ 0.000000][ T0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002 [ 0.000000][ T0] RDX: 0000000000000000 RSI: ffffffff82e03ce0 RDI: 0000000000000001 [ 0.000000][ T0] RBP: 0000000000000001 R08: 00000000ffffffff R09: ffffffff82eaab70 [ 0.000000][ T0] R10: ffffffff82e2e900 R11: 205d305420202020 R12: ffffffff82e51960 [ 0.000000][ T0] R13: ffffffff81038987 R14: ffffffff81038987 R15: 0000000000000001 [ 0.000000][ T0] FS: 0000000000000000(0000) GS:ffffffff83726000(0000) knlGS:0000000000000000 [ 0.000000][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.000000][ T0] CR2: ffff888000014be8 CR3: 00000000037b2000 CR4: 00000000000000a0 [ 0.000000][ T0] Call Trace: [ 0.000000][ T0] <TASK> [ 0.000000][ T0] ? __warn+0x75/0xe0 [ 0.000000][ T0] ? report_bug+0x81/0xe0 [ 0.000000][ T0] ? kvm_vcpu_reload_apic_access_page+0x17/0x30 [ 0.000000][ T0] ? kvm_vcpu_reload_apic_access_page+0x17/0x30 [ 0.000000][ T0] ? early_fixup_exception+0x44/0xa0 [ 0.000000][ T0] ? early_idt_handler_common+0x2f/0x40 [ 0.000000][ T0] ? kvm_vcpu_reload_apic_access_page+0x17/0x30 [ 0.000000][ T0] ? kvm_vcpu_reload_apic_access_page+0x17/0x30 [ 0.000000][ T0] ? __static_call_validate+0x68/0x70 [ 0.000000][ T0] ? arch_static_call_transform+0x5c/0x90 [ 0.000000][ T0] ? __static_call_init+0x1ec/0x230 [ 0.000000][ T0] ? static_call_init+0x32/0x70 [ 0.000000][ T0] ? setup_arch+0x36/0x4f0 [ 0.000000][ T0] ? start_kernel+0x67/0x400 [ 0.000000][ T0] ? secondary_startup_64_no_verify+0xb1/0xbb [ 0.000000][ T0] </TASK> [ 0.000000][ T0] ---[ end trace 8c8589c01f370686 ]--- Peter Zijlstra (3): x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/static_call: Add support for Jcc tail-calls arch/x86/include/asm/text-patching.h | 31 +++++++++++++++ arch/x86/kernel/alternative.c | 56 +++++++++++++++++++++++----- arch/x86/kernel/kprobes/core.c | 38 ++++--------------- arch/x86/kernel/static_call.c | 49 ++++++++++++++++++++++-- 4 files changed, 132 insertions(+), 42 deletions(-) -- 2.34.1

1 year, 5 months

2
7
0 0

[PATCH] rust: init: remove impl Zeroable for Infallible

by Benno Lossin

From: Laine Taffin Altman <alexanderaltman(a)me.com> It is not enough for a type to be a ZST to guarantee that zeroed memory is a valid value for it; it must also be inhabited. Creating a value of an uninhabited type, ZST or no, is immediate UB. Thus remove the implementation of `Zeroable` for `Infallible`, since that type is not inhabited. Cc: stable(a)vger.kernel.org Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function") Closes: https://github.com/Rust-for-Linux/pinned-init/pull/13 Signed-off-by: Laine Taffin Altman <alexanderaltman(a)me.com> Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> --- rust/kernel/init.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 424257284d16..538e03cfc84a 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -1292,8 +1292,8 @@ macro_rules! impl_zeroable { i8, i16, i32, i64, i128, isize, f32, f64, - // SAFETY: These are ZSTs, there is nothing to zero. - {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, Infallible, (), + // SAFETY: These are inhabited ZSTs, there is nothing to zero and a valid value exists. + {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, (), // SAFETY: Type is allowed to take any value, including all zeros. {<T>} MaybeUninit<T>, base-commit: 768409cff6cc89fe1194da880537a09857b6e4db -- 2.42.0

1 year, 5 months

5
12
0 0

Backport "mtd: spinand: Add support for 5-byte IDs" to 6.6, 6.7 and 6.8

by Hauke Mehrtens

Hi, Please backport the following commit back to the Linux stable kernels 6.6, 6.7 and 6.8: commit 34a956739d295de6010cdaafeed698ccbba87ea4 Author: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Date: Thu Jan 25 22:01:07 2024 +0200 mtd: spinand: Add support for 5-byte IDs E.g. ESMT chips will return an identification code with a length of 5 bytes. In order to prevent ambiguity, flash chips would actually need to return IDs that are up to 17 or more bytes long due to JEDEC's continuation scheme. I understand that if a manufacturer ID is located in bank N of JEDEC's database (there are currently 16 banks), N - 1 continuation codes (7Fh) need to be added to the identification code (comprising of manufacturer ID and device ID). However, most flash chip manufacturers don't seem to implement this (correctly). Signed-off-by: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Reviewed-by: Martin Kurbanov <mmkurbanov(a)salutedevices.com> Tested-by: Martin Kurbanov <mmkurbanov(a)salutedevices.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/20240125200108.24374-2-ezra@easyb.ch This will fix a regression introduced between Linux kernel 6.6.22 and 6.6.23 in OpenWrt. The esmt NAND flash is not detected any more: <3>[ 0.885607] spi-nand spi0.0: unknown raw ID c8017f7f <4>[ 0.890852] spi-nand: probe of spi0.0 failed with error -524 See: https://github.com/openwrt/openwrt/pull/14992 The following commit was backported to 6.6.22, but the commit it depends on was not backported. commit 4bd14b2fd8a83a2f5220ba4ef323f741e11bfdfd Author: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Date: Thu Jan 25 22:01:08 2024 +0200 mtd: spinand: esmt: Extend IDs to 5 bytes Hauke

1 year, 5 months

2
1
0 0

FAILED: patch "[PATCH] drm/i915: Pre-populate the cursor physical dma address" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 582dc04b0658ef3b90aeb49cbdd9747c2f1eccc3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033018-corsage-bacteria-dd67@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 582dc04b0658ef3b90aeb49cbdd9747c2f1eccc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Mon, 25 Mar 2024 19:57:38 +0200 Subject: [PATCH] drm/i915: Pre-populate the cursor physical dma address MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Calling i915_gem_object_get_dma_address() from the vblank evade critical section triggers might_sleep(). While we know that we've already pinned the framebuffer and thus i915_gem_object_get_dma_address() will in fact not sleep in this case, it seems reasonable to keep the unconditional might_sleep() for maximum coverage. So let's instead pre-populate the dma address during fb pinning, which all happens before we enter the vblank evade critical section. We can use u32 for the dma address as this class of hardware doesn't support >32bit addresses. Cc: stable(a)vger.kernel.org Fixes: 0225a90981c8 ("drm/i915: Make cursor plane registers unlocked") Reported-by: Borislav Petkov <bp(a)alien8.de> Closes: https://lore.kernel.org/intel-gfx/20240227100342.GAZd2zfmYcPS_SndtO@fat_cra… Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240325175738.3440-1-ville.s… Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> (cherry picked from commit c1289a5c3594cf04caa94ebf0edeb50c62009f1f) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cursor.c b/drivers/gpu/drm/i915/display/intel_cursor.c index f8b33999d43f..0d3da55e1c24 100644 --- a/drivers/gpu/drm/i915/display/intel_cursor.c +++ b/drivers/gpu/drm/i915/display/intel_cursor.c @@ -36,12 +36,10 @@ static u32 intel_cursor_base(const struct intel_plane_state *plane_state) { struct drm_i915_private *dev_priv = to_i915(plane_state->uapi.plane->dev); - const struct drm_framebuffer *fb = plane_state->hw.fb; - struct drm_i915_gem_object *obj = intel_fb_obj(fb); u32 base; if (DISPLAY_INFO(dev_priv)->cursor_needs_physical) - base = i915_gem_object_get_dma_address(obj, 0); + base = plane_state->phys_dma_addr; else base = intel_plane_ggtt_offset(plane_state); diff --git a/drivers/gpu/drm/i915/display/intel_display_types.h b/drivers/gpu/drm/i915/display/intel_display_types.h index e67cd5b02e84..9104f18753b4 100644 --- a/drivers/gpu/drm/i915/display/intel_display_types.h +++ b/drivers/gpu/drm/i915/display/intel_display_types.h @@ -727,6 +727,7 @@ struct intel_plane_state { #define PLANE_HAS_FENCE BIT(0) struct intel_fb_view view; + u32 phys_dma_addr; /* for cursor_needs_physical */ /* Plane pxp decryption state */ bool decrypt; diff --git a/drivers/gpu/drm/i915/display/intel_fb_pin.c b/drivers/gpu/drm/i915/display/intel_fb_pin.c index 7b42aef37d2f..b6df9baf481b 100644 --- a/drivers/gpu/drm/i915/display/intel_fb_pin.c +++ b/drivers/gpu/drm/i915/display/intel_fb_pin.c @@ -255,6 +255,16 @@ int intel_plane_pin_fb(struct intel_plane_state *plane_state) return PTR_ERR(vma); plane_state->ggtt_vma = vma; + + /* + * Pre-populate the dma address before we enter the vblank + * evade critical section as i915_gem_object_get_dma_address() + * will trigger might_sleep() even if it won't actually sleep, + * which is the case when the fb has already been pinned. + */ + if (phys_cursor) + plane_state->phys_dma_addr = + i915_gem_object_get_dma_address(intel_fb_obj(fb), 0); } else { struct intel_framebuffer *intel_fb = to_intel_framebuffer(fb);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Pre-populate the cursor physical dma address" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 582dc04b0658ef3b90aeb49cbdd9747c2f1eccc3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033016-jot-effects-834f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 582dc04b0658ef3b90aeb49cbdd9747c2f1eccc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Mon, 25 Mar 2024 19:57:38 +0200 Subject: [PATCH] drm/i915: Pre-populate the cursor physical dma address MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Calling i915_gem_object_get_dma_address() from the vblank evade critical section triggers might_sleep(). While we know that we've already pinned the framebuffer and thus i915_gem_object_get_dma_address() will in fact not sleep in this case, it seems reasonable to keep the unconditional might_sleep() for maximum coverage. So let's instead pre-populate the dma address during fb pinning, which all happens before we enter the vblank evade critical section. We can use u32 for the dma address as this class of hardware doesn't support >32bit addresses. Cc: stable(a)vger.kernel.org Fixes: 0225a90981c8 ("drm/i915: Make cursor plane registers unlocked") Reported-by: Borislav Petkov <bp(a)alien8.de> Closes: https://lore.kernel.org/intel-gfx/20240227100342.GAZd2zfmYcPS_SndtO@fat_cra… Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240325175738.3440-1-ville.s… Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> (cherry picked from commit c1289a5c3594cf04caa94ebf0edeb50c62009f1f) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cursor.c b/drivers/gpu/drm/i915/display/intel_cursor.c index f8b33999d43f..0d3da55e1c24 100644 --- a/drivers/gpu/drm/i915/display/intel_cursor.c +++ b/drivers/gpu/drm/i915/display/intel_cursor.c @@ -36,12 +36,10 @@ static u32 intel_cursor_base(const struct intel_plane_state *plane_state) { struct drm_i915_private *dev_priv = to_i915(plane_state->uapi.plane->dev); - const struct drm_framebuffer *fb = plane_state->hw.fb; - struct drm_i915_gem_object *obj = intel_fb_obj(fb); u32 base; if (DISPLAY_INFO(dev_priv)->cursor_needs_physical) - base = i915_gem_object_get_dma_address(obj, 0); + base = plane_state->phys_dma_addr; else base = intel_plane_ggtt_offset(plane_state); diff --git a/drivers/gpu/drm/i915/display/intel_display_types.h b/drivers/gpu/drm/i915/display/intel_display_types.h index e67cd5b02e84..9104f18753b4 100644 --- a/drivers/gpu/drm/i915/display/intel_display_types.h +++ b/drivers/gpu/drm/i915/display/intel_display_types.h @@ -727,6 +727,7 @@ struct intel_plane_state { #define PLANE_HAS_FENCE BIT(0) struct intel_fb_view view; + u32 phys_dma_addr; /* for cursor_needs_physical */ /* Plane pxp decryption state */ bool decrypt; diff --git a/drivers/gpu/drm/i915/display/intel_fb_pin.c b/drivers/gpu/drm/i915/display/intel_fb_pin.c index 7b42aef37d2f..b6df9baf481b 100644 --- a/drivers/gpu/drm/i915/display/intel_fb_pin.c +++ b/drivers/gpu/drm/i915/display/intel_fb_pin.c @@ -255,6 +255,16 @@ int intel_plane_pin_fb(struct intel_plane_state *plane_state) return PTR_ERR(vma); plane_state->ggtt_vma = vma; + + /* + * Pre-populate the dma address before we enter the vblank + * evade critical section as i915_gem_object_get_dma_address() + * will trigger might_sleep() even if it won't actually sleep, + * which is the case when the fb has already been pinned. + */ + if (phys_cursor) + plane_state->phys_dma_addr = + i915_gem_object_get_dma_address(intel_fb_obj(fb), 0); } else { struct intel_framebuffer *intel_fb = to_intel_framebuffer(fb);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Pre-populate the cursor physical dma address" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 582dc04b0658ef3b90aeb49cbdd9747c2f1eccc3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033015-handcart-chaos-edcc@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 582dc04b0658ef3b90aeb49cbdd9747c2f1eccc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Mon, 25 Mar 2024 19:57:38 +0200 Subject: [PATCH] drm/i915: Pre-populate the cursor physical dma address MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Calling i915_gem_object_get_dma_address() from the vblank evade critical section triggers might_sleep(). While we know that we've already pinned the framebuffer and thus i915_gem_object_get_dma_address() will in fact not sleep in this case, it seems reasonable to keep the unconditional might_sleep() for maximum coverage. So let's instead pre-populate the dma address during fb pinning, which all happens before we enter the vblank evade critical section. We can use u32 for the dma address as this class of hardware doesn't support >32bit addresses. Cc: stable(a)vger.kernel.org Fixes: 0225a90981c8 ("drm/i915: Make cursor plane registers unlocked") Reported-by: Borislav Petkov <bp(a)alien8.de> Closes: https://lore.kernel.org/intel-gfx/20240227100342.GAZd2zfmYcPS_SndtO@fat_cra… Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240325175738.3440-1-ville.s… Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> (cherry picked from commit c1289a5c3594cf04caa94ebf0edeb50c62009f1f) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_cursor.c b/drivers/gpu/drm/i915/display/intel_cursor.c index f8b33999d43f..0d3da55e1c24 100644 --- a/drivers/gpu/drm/i915/display/intel_cursor.c +++ b/drivers/gpu/drm/i915/display/intel_cursor.c @@ -36,12 +36,10 @@ static u32 intel_cursor_base(const struct intel_plane_state *plane_state) { struct drm_i915_private *dev_priv = to_i915(plane_state->uapi.plane->dev); - const struct drm_framebuffer *fb = plane_state->hw.fb; - struct drm_i915_gem_object *obj = intel_fb_obj(fb); u32 base; if (DISPLAY_INFO(dev_priv)->cursor_needs_physical) - base = i915_gem_object_get_dma_address(obj, 0); + base = plane_state->phys_dma_addr; else base = intel_plane_ggtt_offset(plane_state); diff --git a/drivers/gpu/drm/i915/display/intel_display_types.h b/drivers/gpu/drm/i915/display/intel_display_types.h index e67cd5b02e84..9104f18753b4 100644 --- a/drivers/gpu/drm/i915/display/intel_display_types.h +++ b/drivers/gpu/drm/i915/display/intel_display_types.h @@ -727,6 +727,7 @@ struct intel_plane_state { #define PLANE_HAS_FENCE BIT(0) struct intel_fb_view view; + u32 phys_dma_addr; /* for cursor_needs_physical */ /* Plane pxp decryption state */ bool decrypt; diff --git a/drivers/gpu/drm/i915/display/intel_fb_pin.c b/drivers/gpu/drm/i915/display/intel_fb_pin.c index 7b42aef37d2f..b6df9baf481b 100644 --- a/drivers/gpu/drm/i915/display/intel_fb_pin.c +++ b/drivers/gpu/drm/i915/display/intel_fb_pin.c @@ -255,6 +255,16 @@ int intel_plane_pin_fb(struct intel_plane_state *plane_state) return PTR_ERR(vma); plane_state->ggtt_vma = vma; + + /* + * Pre-populate the dma address before we enter the vblank + * evade critical section as i915_gem_object_get_dma_address() + * will trigger might_sleep() even if it won't actually sleep, + * which is the case when the fb has already been pinned. + */ + if (phys_cursor) + plane_state->phys_dma_addr = + i915_gem_object_get_dma_address(intel_fb_obj(fb), 0); } else { struct intel_framebuffer *intel_fb = to_intel_framebuffer(fb);

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] gpio: cdev: sanitize the label before requesting the" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b34490879baa847d16fc529c8ea6e6d34f004b38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033017-hate-turkey-7077@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b34490879baa847d16fc529c8ea6e6d34f004b38 Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Date: Mon, 25 Mar 2024 10:02:42 +0100 Subject: [PATCH] gpio: cdev: sanitize the label before requesting the interrupt When an interrupt is requested, a procfs directory is created under "/proc/irq/<irqnum>/<label>" where <label> is the string passed to one of the request_irq() variants. What follows is that the string must not contain the "/" character or the procfs mkdir operation will fail. We don't have such constraints for GPIO consumer labels which are used verbatim as interrupt labels for GPIO irqs. We must therefore sanitize the consumer string before requesting the interrupt. Let's replace all "/" with ":". Cc: stable(a)vger.kernel.org Reported-by: Stefan Wahren <wahrenst(a)gmx.net> Closes: https://lore.kernel.org/linux-gpio/39fe95cb-aa83-4b8b-8cab-63947a726754@gmx… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Reviewed-by: Kent Gibson <warthog618(a)gmail.com> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index f384fa278764..fa9635610251 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1083,10 +1083,20 @@ static u32 gpio_v2_line_config_debounce_period(struct gpio_v2_line_config *lc, return 0; } +static inline char *make_irq_label(const char *orig) +{ + return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); +} + +static inline void free_irq_label(const char *label) +{ + kfree(label); +} + static void edge_detector_stop(struct line *line) { if (line->irq) { - free_irq(line->irq, line); + free_irq_label(free_irq(line->irq, line)); line->irq = 0; } @@ -1110,6 +1120,7 @@ static int edge_detector_setup(struct line *line, unsigned long irqflags = 0; u64 eflags; int irq, ret; + char *label; eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS; if (eflags && !kfifo_initialized(&line->req->events)) { @@ -1146,11 +1157,17 @@ static int edge_detector_setup(struct line *line, IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; irqflags |= IRQF_ONESHOT; + label = make_irq_label(line->req->label); + if (!label) + return -ENOMEM; + /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, - irqflags, line->req->label, line); - if (ret) + irqflags, label, line); + if (ret) { + free_irq_label(label); return ret; + } line->irq = irq; return 0; @@ -1973,7 +1990,7 @@ static void lineevent_free(struct lineevent_state *le) blocking_notifier_chain_unregister(&le->gdev->device_notifier, &le->device_unregistered_nb); if (le->irq) - free_irq(le->irq, le); + free_irq_label(free_irq(le->irq, le)); if (le->desc) gpiod_free(le->desc); kfree(le->label); @@ -2114,6 +2131,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) int fd; int ret; int irq, irqflags = 0; + char *label; if (copy_from_user(&eventreq, ip, sizeof(eventreq))) return -EFAULT; @@ -2198,15 +2216,23 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_le; + label = make_irq_label(le->label); + if (!label) { + ret = -ENOMEM; + goto out_free_le; + } + /* Request a thread to read the events */ ret = request_threaded_irq(irq, lineevent_irq_handler, lineevent_irq_thread, irqflags, - le->label, + label, le); - if (ret) + if (ret) { + free_irq_label(label); goto out_free_le; + } le->irq = irq;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] gpio: cdev: sanitize the label before requesting the" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b34490879baa847d16fc529c8ea6e6d34f004b38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033016-ipod-snout-0b26@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b34490879baa847d16fc529c8ea6e6d34f004b38 Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Date: Mon, 25 Mar 2024 10:02:42 +0100 Subject: [PATCH] gpio: cdev: sanitize the label before requesting the interrupt When an interrupt is requested, a procfs directory is created under "/proc/irq/<irqnum>/<label>" where <label> is the string passed to one of the request_irq() variants. What follows is that the string must not contain the "/" character or the procfs mkdir operation will fail. We don't have such constraints for GPIO consumer labels which are used verbatim as interrupt labels for GPIO irqs. We must therefore sanitize the consumer string before requesting the interrupt. Let's replace all "/" with ":". Cc: stable(a)vger.kernel.org Reported-by: Stefan Wahren <wahrenst(a)gmx.net> Closes: https://lore.kernel.org/linux-gpio/39fe95cb-aa83-4b8b-8cab-63947a726754@gmx… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Reviewed-by: Kent Gibson <warthog618(a)gmail.com> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index f384fa278764..fa9635610251 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1083,10 +1083,20 @@ static u32 gpio_v2_line_config_debounce_period(struct gpio_v2_line_config *lc, return 0; } +static inline char *make_irq_label(const char *orig) +{ + return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); +} + +static inline void free_irq_label(const char *label) +{ + kfree(label); +} + static void edge_detector_stop(struct line *line) { if (line->irq) { - free_irq(line->irq, line); + free_irq_label(free_irq(line->irq, line)); line->irq = 0; } @@ -1110,6 +1120,7 @@ static int edge_detector_setup(struct line *line, unsigned long irqflags = 0; u64 eflags; int irq, ret; + char *label; eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS; if (eflags && !kfifo_initialized(&line->req->events)) { @@ -1146,11 +1157,17 @@ static int edge_detector_setup(struct line *line, IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; irqflags |= IRQF_ONESHOT; + label = make_irq_label(line->req->label); + if (!label) + return -ENOMEM; + /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, - irqflags, line->req->label, line); - if (ret) + irqflags, label, line); + if (ret) { + free_irq_label(label); return ret; + } line->irq = irq; return 0; @@ -1973,7 +1990,7 @@ static void lineevent_free(struct lineevent_state *le) blocking_notifier_chain_unregister(&le->gdev->device_notifier, &le->device_unregistered_nb); if (le->irq) - free_irq(le->irq, le); + free_irq_label(free_irq(le->irq, le)); if (le->desc) gpiod_free(le->desc); kfree(le->label); @@ -2114,6 +2131,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) int fd; int ret; int irq, irqflags = 0; + char *label; if (copy_from_user(&eventreq, ip, sizeof(eventreq))) return -EFAULT; @@ -2198,15 +2216,23 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_le; + label = make_irq_label(le->label); + if (!label) { + ret = -ENOMEM; + goto out_free_le; + } + /* Request a thread to read the events */ ret = request_threaded_irq(irq, lineevent_irq_handler, lineevent_irq_thread, irqflags, - le->label, + label, le); - if (ret) + if (ret) { + free_irq_label(label); goto out_free_le; + } le->irq = irq;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] gpio: cdev: sanitize the label before requesting the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b34490879baa847d16fc529c8ea6e6d34f004b38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033015-showy-immodest-66bb@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b34490879baa847d16fc529c8ea6e6d34f004b38 Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Date: Mon, 25 Mar 2024 10:02:42 +0100 Subject: [PATCH] gpio: cdev: sanitize the label before requesting the interrupt When an interrupt is requested, a procfs directory is created under "/proc/irq/<irqnum>/<label>" where <label> is the string passed to one of the request_irq() variants. What follows is that the string must not contain the "/" character or the procfs mkdir operation will fail. We don't have such constraints for GPIO consumer labels which are used verbatim as interrupt labels for GPIO irqs. We must therefore sanitize the consumer string before requesting the interrupt. Let's replace all "/" with ":". Cc: stable(a)vger.kernel.org Reported-by: Stefan Wahren <wahrenst(a)gmx.net> Closes: https://lore.kernel.org/linux-gpio/39fe95cb-aa83-4b8b-8cab-63947a726754@gmx… Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Reviewed-by: Kent Gibson <warthog618(a)gmail.com> diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index f384fa278764..fa9635610251 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1083,10 +1083,20 @@ static u32 gpio_v2_line_config_debounce_period(struct gpio_v2_line_config *lc, return 0; } +static inline char *make_irq_label(const char *orig) +{ + return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); +} + +static inline void free_irq_label(const char *label) +{ + kfree(label); +} + static void edge_detector_stop(struct line *line) { if (line->irq) { - free_irq(line->irq, line); + free_irq_label(free_irq(line->irq, line)); line->irq = 0; } @@ -1110,6 +1120,7 @@ static int edge_detector_setup(struct line *line, unsigned long irqflags = 0; u64 eflags; int irq, ret; + char *label; eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS; if (eflags && !kfifo_initialized(&line->req->events)) { @@ -1146,11 +1157,17 @@ static int edge_detector_setup(struct line *line, IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; irqflags |= IRQF_ONESHOT; + label = make_irq_label(line->req->label); + if (!label) + return -ENOMEM; + /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, - irqflags, line->req->label, line); - if (ret) + irqflags, label, line); + if (ret) { + free_irq_label(label); return ret; + } line->irq = irq; return 0; @@ -1973,7 +1990,7 @@ static void lineevent_free(struct lineevent_state *le) blocking_notifier_chain_unregister(&le->gdev->device_notifier, &le->device_unregistered_nb); if (le->irq) - free_irq(le->irq, le); + free_irq_label(free_irq(le->irq, le)); if (le->desc) gpiod_free(le->desc); kfree(le->label); @@ -2114,6 +2131,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) int fd; int ret; int irq, irqflags = 0; + char *label; if (copy_from_user(&eventreq, ip, sizeof(eventreq))) return -EFAULT; @@ -2198,15 +2216,23 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_le; + label = make_irq_label(le->label); + if (!label) { + ret = -ENOMEM; + goto out_free_le; + } + /* Request a thread to read the events */ ret = request_threaded_irq(irq, lineevent_irq_handler, lineevent_irq_thread, irqflags, - le->label, + label, le); - if (ret) + if (ret) { + free_irq_label(label); goto out_free_le; + } le->irq = irq;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Revert "thermal: core: Don't update trip points inside the" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f67cf45deedb118af302534643627ce59074e8eb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033013-flaring-scorn-694e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f67cf45deedb118af302534643627ce59074e8eb Mon Sep 17 00:00:00 2001 From: Daniel Lezcano <daniel.lezcano(a)linaro.org> Date: Mon, 25 Mar 2024 23:24:24 +0100 Subject: [PATCH] Revert "thermal: core: Don't update trip points inside the hysteresis range" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It has been reported the commit cf3986f8c01d3 introduced a regression when the temperature is wavering in the hysteresis region. The mitigation stops leading to an uncontrolled temperature increase until reaching the critical trip point. Here what happens: * 'throttle' is when the current temperature is greater than the trip point temperature * 'target' is the mitigation level * 'passive' is positive when there is a mitigation, zero otherwise * these values are computed in the step_wise governor Configuration: trip point 1: temp=95°C, hyst=5°C (passive) trip point 2: temp=115°C, hyst=0°C (critical) governor: step_wise 1. The temperature crosses the way up the trip point 1 at 95°C - trend=raising - throttle=1, target=1 - passive=1 - set_trips: low=90°C, high=115°C 2. The temperature decreases but stays in the hysteresis region at 93°C - trend=dropping - throttle=0, target=0 - passive=1 Before cf3986f8c01d3 - set_trips: low=90°C, high=95°C After cf3986f8c01d3 - set_trips: low=90°C, high=115°C 3. The temperature increases a bit but stays in the hysteresis region at 94°C (so below the trip point 1 temp 95°C) - trend=raising - throttle=0, target=0 - passive=1 Before cf3986f8c01d3 - set_trips: low=90°C, high=95°C After cf3986f8c01d3 - set_trips: low=90°C, high=115°C 4. The temperature decreases but stays in the hysteresis region at 93°C - trend=dropping - throttle=0, target=THERMAL_NO_TARGET - passive=0 Before cf3986f8c01d3 - set_trips: low=90°C, high=95°C After cf3986f8c01d3 - set_trips: low=90°C, high=115°C At this point, the 'passive' value is zero, there is no mitigation, the temperature is in the hysteresis region, the next trip point is 115°C. As 'passive' is zero, the timer to monitor the thermal zone is disabled. Consequently if the temperature continues to increase, no mitigation will happen and it will reach the 115°C trip point and reboot. Before the optimization, the high boundary would have been 95°C, thus triggering the mitigation again and rearming the polling timer. The optimization make sense but given the current implementation of the step_wise governor collaborating via this 'passive' flag with the core framework it can not work. From a higher perspective it seems like there is a problem between the governor which sets a variable to be used by the core framework. That sounds akward and it would make much more sense if the core framework controls the governor and not the opposite. But as the devil hides in the details, there are some subtilities to be addressed before. Elaborating those would be out of the scope this changelog. So let's stay simple and revert the change first to fixup all broken mobile platforms. This reverts commit cf3986f8c01d3 ("thermal: core: Don't update trip points inside the hysteresis range") and takes a conflict with commit 0c0c4740c9d26 ("0c0c4740c9d2 thermal: trip: Use for_each_trip() in __thermal_zone_set_trips()") in drivers/thermal/thermal_trip.c into account. Fixes: cf3986f8c01d3 ("thermal: core: Don't update trip points inside the hysteresis range") Reported-by: Manaf Meethalavalappu Pallikunhi <quic_manafm(a)quicinc.com> Signed-off-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Acked-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Cc: 6.7+ <stable(a)vger.kernel.org> # 6.7+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/thermal_trip.c b/drivers/thermal/thermal_trip.c index 09f6050dd041..497abf0d47ca 100644 --- a/drivers/thermal/thermal_trip.c +++ b/drivers/thermal/thermal_trip.c @@ -65,7 +65,6 @@ void __thermal_zone_set_trips(struct thermal_zone_device *tz) { const struct thermal_trip *trip; int low = -INT_MAX, high = INT_MAX; - bool same_trip = false; int ret; lockdep_assert_held(&tz->lock); @@ -74,36 +73,22 @@ void __thermal_zone_set_trips(struct thermal_zone_device *tz) return; for_each_trip(tz, trip) { - bool low_set = false; int trip_low; trip_low = trip->temperature - trip->hysteresis; - if (trip_low < tz->temperature && trip_low > low) { + if (trip_low < tz->temperature && trip_low > low) low = trip_low; - low_set = true; - same_trip = false; - } if (trip->temperature > tz->temperature && - trip->temperature < high) { + trip->temperature < high) high = trip->temperature; - same_trip = low_set; - } } /* No need to change trip points */ if (tz->prev_low_trip == low && tz->prev_high_trip == high) return; - /* - * If "high" and "low" are the same, skip the change unless this is the - * first time. - */ - if (same_trip && (tz->prev_low_trip != -INT_MAX || - tz->prev_high_trip != INT_MAX)) - return; - tz->prev_low_trip = low; tz->prev_high_trip = high;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] Revert "thermal: core: Don't update trip points inside the" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x f67cf45deedb118af302534643627ce59074e8eb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033009-harmonica-veteran-127c@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f67cf45deedb118af302534643627ce59074e8eb Mon Sep 17 00:00:00 2001 From: Daniel Lezcano <daniel.lezcano(a)linaro.org> Date: Mon, 25 Mar 2024 23:24:24 +0100 Subject: [PATCH] Revert "thermal: core: Don't update trip points inside the hysteresis range" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It has been reported the commit cf3986f8c01d3 introduced a regression when the temperature is wavering in the hysteresis region. The mitigation stops leading to an uncontrolled temperature increase until reaching the critical trip point. Here what happens: * 'throttle' is when the current temperature is greater than the trip point temperature * 'target' is the mitigation level * 'passive' is positive when there is a mitigation, zero otherwise * these values are computed in the step_wise governor Configuration: trip point 1: temp=95°C, hyst=5°C (passive) trip point 2: temp=115°C, hyst=0°C (critical) governor: step_wise 1. The temperature crosses the way up the trip point 1 at 95°C - trend=raising - throttle=1, target=1 - passive=1 - set_trips: low=90°C, high=115°C 2. The temperature decreases but stays in the hysteresis region at 93°C - trend=dropping - throttle=0, target=0 - passive=1 Before cf3986f8c01d3 - set_trips: low=90°C, high=95°C After cf3986f8c01d3 - set_trips: low=90°C, high=115°C 3. The temperature increases a bit but stays in the hysteresis region at 94°C (so below the trip point 1 temp 95°C) - trend=raising - throttle=0, target=0 - passive=1 Before cf3986f8c01d3 - set_trips: low=90°C, high=95°C After cf3986f8c01d3 - set_trips: low=90°C, high=115°C 4. The temperature decreases but stays in the hysteresis region at 93°C - trend=dropping - throttle=0, target=THERMAL_NO_TARGET - passive=0 Before cf3986f8c01d3 - set_trips: low=90°C, high=95°C After cf3986f8c01d3 - set_trips: low=90°C, high=115°C At this point, the 'passive' value is zero, there is no mitigation, the temperature is in the hysteresis region, the next trip point is 115°C. As 'passive' is zero, the timer to monitor the thermal zone is disabled. Consequently if the temperature continues to increase, no mitigation will happen and it will reach the 115°C trip point and reboot. Before the optimization, the high boundary would have been 95°C, thus triggering the mitigation again and rearming the polling timer. The optimization make sense but given the current implementation of the step_wise governor collaborating via this 'passive' flag with the core framework it can not work. From a higher perspective it seems like there is a problem between the governor which sets a variable to be used by the core framework. That sounds akward and it would make much more sense if the core framework controls the governor and not the opposite. But as the devil hides in the details, there are some subtilities to be addressed before. Elaborating those would be out of the scope this changelog. So let's stay simple and revert the change first to fixup all broken mobile platforms. This reverts commit cf3986f8c01d3 ("thermal: core: Don't update trip points inside the hysteresis range") and takes a conflict with commit 0c0c4740c9d26 ("0c0c4740c9d2 thermal: trip: Use for_each_trip() in __thermal_zone_set_trips()") in drivers/thermal/thermal_trip.c into account. Fixes: cf3986f8c01d3 ("thermal: core: Don't update trip points inside the hysteresis range") Reported-by: Manaf Meethalavalappu Pallikunhi <quic_manafm(a)quicinc.com> Signed-off-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Acked-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Cc: 6.7+ <stable(a)vger.kernel.org> # 6.7+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/thermal_trip.c b/drivers/thermal/thermal_trip.c index 09f6050dd041..497abf0d47ca 100644 --- a/drivers/thermal/thermal_trip.c +++ b/drivers/thermal/thermal_trip.c @@ -65,7 +65,6 @@ void __thermal_zone_set_trips(struct thermal_zone_device *tz) { const struct thermal_trip *trip; int low = -INT_MAX, high = INT_MAX; - bool same_trip = false; int ret; lockdep_assert_held(&tz->lock); @@ -74,36 +73,22 @@ void __thermal_zone_set_trips(struct thermal_zone_device *tz) return; for_each_trip(tz, trip) { - bool low_set = false; int trip_low; trip_low = trip->temperature - trip->hysteresis; - if (trip_low < tz->temperature && trip_low > low) { + if (trip_low < tz->temperature && trip_low > low) low = trip_low; - low_set = true; - same_trip = false; - } if (trip->temperature > tz->temperature && - trip->temperature < high) { + trip->temperature < high) high = trip->temperature; - same_trip = low_set; - } } /* No need to change trip points */ if (tz->prev_low_trip == low && tz->prev_high_trip == high) return; - /* - * If "high" and "low" are the same, skip the change unless this is the - * first time. - */ - if (same_trip && (tz->prev_low_trip != -INT_MAX || - tz->prev_high_trip != INT_MAX)) - return; - tz->prev_low_trip = low; tz->prev_high_trip = high;

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 25cd241408a2adc1ed0ebc90ae0793576c111880 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033007-filth-paver-678f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 25cd241408a2 ("mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices") a230c20e63ef ("mm/zswap: zswap entry doesn't need refcount anymore") c2e2ba770200 ("mm/zswap: only support zswap_exclusive_loads_enabled") 9986d35d4ceb ("mm: zswap: function ordering: writeback") f91e81d31c1e ("mm: zswap: function ordering: compress & decompress functions") 36034bf6fcdb ("mm: zswap: function ordering: move entry section out of tree section") 5182661a11ba ("mm: zswap: function ordering: move entry sections out of LRU section") 506a86c5e221 ("mm: zswap: function ordering: public lru api") abca07c04aa5 ("mm: zswap: function ordering: pool params") c1a0ecb82bdc ("mm: zswap: function ordering: zswap_pools") 39f3ec8eaa60 ("mm: zswap: function ordering: pool refcounting") a984649b5c1f ("mm: zswap: function ordering: pool alloc & free") fa9ad6e21003 ("mm: zswap: break out zwap_compress()") ff2972aa1b5d ("mm: zswap: rename __zswap_load() to zswap_decompress()") dab7711fac6d ("mm: zswap: clean up zswap_entry_put()") e477559ca602 ("mm: zswap: warn when referencing a dead entry") 7dd1f7f0fc1c ("mm: zswap: move zswap_invalidate_entry() to related functions") 5b297f70bb26 ("mm: zswap: inline and remove zswap_entry_find_get()") 42398be2adb1 ("mm: zswap: rename zswap_free_entry to zswap_entry_free") 5878303c5353 ("mm/zswap: fix race between lru writeback and swapoff") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25cd241408a2adc1ed0ebc90ae0793576c111880 Mon Sep 17 00:00:00 2001 From: Johannes Weiner <hannes(a)cmpxchg.org> Date: Sun, 24 Mar 2024 17:04:47 -0400 Subject: [PATCH] mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices Zhongkun He reports data corruption when combining zswap with zram. The issue is the exclusive loads we're doing in zswap. They assume that all reads are going into the swapcache, which can assume authoritative ownership of the data and so the zswap copy can go. However, zram files are marked SWP_SYNCHRONOUS_IO, and faults will try to bypass the swapcache. This results in an optimistic read of the swap data into a page that will be dismissed if the fault fails due to races. In this case, zswap mustn't drop its authoritative copy. Link: https://lore.kernel.org/all/CACSyD1N+dUvsu8=zV9P691B9bVq33erwOXNTmEaUbi9DrD… Fixes: b9c91c43412f ("mm: zswap: support exclusive loads") Link: https://lkml.kernel.org/r/20240324210447.956973-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Tested-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Chris Li <chrisl(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/zswap.c b/mm/zswap.c index 36612f34b5d7..caed028945b0 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1636,6 +1636,7 @@ bool zswap_load(struct folio *folio) swp_entry_t swp = folio->swap; pgoff_t offset = swp_offset(swp); struct page *page = &folio->page; + bool swapcache = folio_test_swapcache(folio); struct zswap_tree *tree = swap_zswap_tree(swp); struct zswap_entry *entry; u8 *dst; @@ -1648,7 +1649,20 @@ bool zswap_load(struct folio *folio) spin_unlock(&tree->lock); return false; } - zswap_rb_erase(&tree->rbroot, entry); + /* + * When reading into the swapcache, invalidate our entry. The + * swapcache can be the authoritative owner of the page and + * its mappings, and the pressure that results from having two + * in-memory copies outweighs any benefits of caching the + * compression work. + * + * (Most swapins go through the swapcache. The notable + * exception is the singleton fault on SWP_SYNCHRONOUS_IO + * files, which reads into a private page and may free it if + * the fault fails. We remain the primary owner of the entry.) + */ + if (swapcache) + zswap_rb_erase(&tree->rbroot, entry); spin_unlock(&tree->lock); if (entry->length) @@ -1663,9 +1677,10 @@ bool zswap_load(struct folio *folio) if (entry->objcg) count_objcg_event(entry->objcg, ZSWPIN); - zswap_entry_free(entry); - - folio_mark_dirty(folio); + if (swapcache) { + zswap_entry_free(entry); + folio_mark_dirty(folio); + } return true; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 25cd241408a2adc1ed0ebc90ae0793576c111880 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033006-evict-backtrack-360e@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: 25cd241408a2 ("mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices") a230c20e63ef ("mm/zswap: zswap entry doesn't need refcount anymore") c2e2ba770200 ("mm/zswap: only support zswap_exclusive_loads_enabled") 9986d35d4ceb ("mm: zswap: function ordering: writeback") f91e81d31c1e ("mm: zswap: function ordering: compress & decompress functions") 36034bf6fcdb ("mm: zswap: function ordering: move entry section out of tree section") 5182661a11ba ("mm: zswap: function ordering: move entry sections out of LRU section") 506a86c5e221 ("mm: zswap: function ordering: public lru api") abca07c04aa5 ("mm: zswap: function ordering: pool params") c1a0ecb82bdc ("mm: zswap: function ordering: zswap_pools") 39f3ec8eaa60 ("mm: zswap: function ordering: pool refcounting") a984649b5c1f ("mm: zswap: function ordering: pool alloc & free") fa9ad6e21003 ("mm: zswap: break out zwap_compress()") ff2972aa1b5d ("mm: zswap: rename __zswap_load() to zswap_decompress()") dab7711fac6d ("mm: zswap: clean up zswap_entry_put()") e477559ca602 ("mm: zswap: warn when referencing a dead entry") 7dd1f7f0fc1c ("mm: zswap: move zswap_invalidate_entry() to related functions") 5b297f70bb26 ("mm: zswap: inline and remove zswap_entry_find_get()") 42398be2adb1 ("mm: zswap: rename zswap_free_entry to zswap_entry_free") 5878303c5353 ("mm/zswap: fix race between lru writeback and swapoff") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25cd241408a2adc1ed0ebc90ae0793576c111880 Mon Sep 17 00:00:00 2001 From: Johannes Weiner <hannes(a)cmpxchg.org> Date: Sun, 24 Mar 2024 17:04:47 -0400 Subject: [PATCH] mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices Zhongkun He reports data corruption when combining zswap with zram. The issue is the exclusive loads we're doing in zswap. They assume that all reads are going into the swapcache, which can assume authoritative ownership of the data and so the zswap copy can go. However, zram files are marked SWP_SYNCHRONOUS_IO, and faults will try to bypass the swapcache. This results in an optimistic read of the swap data into a page that will be dismissed if the fault fails due to races. In this case, zswap mustn't drop its authoritative copy. Link: https://lore.kernel.org/all/CACSyD1N+dUvsu8=zV9P691B9bVq33erwOXNTmEaUbi9DrD… Fixes: b9c91c43412f ("mm: zswap: support exclusive loads") Link: https://lkml.kernel.org/r/20240324210447.956973-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Tested-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Chris Li <chrisl(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/zswap.c b/mm/zswap.c index 36612f34b5d7..caed028945b0 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1636,6 +1636,7 @@ bool zswap_load(struct folio *folio) swp_entry_t swp = folio->swap; pgoff_t offset = swp_offset(swp); struct page *page = &folio->page; + bool swapcache = folio_test_swapcache(folio); struct zswap_tree *tree = swap_zswap_tree(swp); struct zswap_entry *entry; u8 *dst; @@ -1648,7 +1649,20 @@ bool zswap_load(struct folio *folio) spin_unlock(&tree->lock); return false; } - zswap_rb_erase(&tree->rbroot, entry); + /* + * When reading into the swapcache, invalidate our entry. The + * swapcache can be the authoritative owner of the page and + * its mappings, and the pressure that results from having two + * in-memory copies outweighs any benefits of caching the + * compression work. + * + * (Most swapins go through the swapcache. The notable + * exception is the singleton fault on SWP_SYNCHRONOUS_IO + * files, which reads into a private page and may free it if + * the fault fails. We remain the primary owner of the entry.) + */ + if (swapcache) + zswap_rb_erase(&tree->rbroot, entry); spin_unlock(&tree->lock); if (entry->length) @@ -1663,9 +1677,10 @@ bool zswap_load(struct folio *folio) if (entry->objcg) count_objcg_event(entry->objcg, ZSWPIN); - zswap_entry_free(entry); - - folio_mark_dirty(folio); + if (swapcache) { + zswap_entry_free(entry); + folio_mark_dirty(folio); + } return true; }

1 year, 5 months

1
0
0 0

FAILED: patch "[PATCH] mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 25cd241408a2adc1ed0ebc90ae0793576c111880 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033005-politely-marauding-110a@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 25cd241408a2 ("mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices") a230c20e63ef ("mm/zswap: zswap entry doesn't need refcount anymore") c2e2ba770200 ("mm/zswap: only support zswap_exclusive_loads_enabled") 9986d35d4ceb ("mm: zswap: function ordering: writeback") f91e81d31c1e ("mm: zswap: function ordering: compress & decompress functions") 36034bf6fcdb ("mm: zswap: function ordering: move entry section out of tree section") 5182661a11ba ("mm: zswap: function ordering: move entry sections out of LRU section") 506a86c5e221 ("mm: zswap: function ordering: public lru api") abca07c04aa5 ("mm: zswap: function ordering: pool params") c1a0ecb82bdc ("mm: zswap: function ordering: zswap_pools") 39f3ec8eaa60 ("mm: zswap: function ordering: pool refcounting") a984649b5c1f ("mm: zswap: function ordering: pool alloc & free") fa9ad6e21003 ("mm: zswap: break out zwap_compress()") ff2972aa1b5d ("mm: zswap: rename __zswap_load() to zswap_decompress()") dab7711fac6d ("mm: zswap: clean up zswap_entry_put()") e477559ca602 ("mm: zswap: warn when referencing a dead entry") 7dd1f7f0fc1c ("mm: zswap: move zswap_invalidate_entry() to related functions") 5b297f70bb26 ("mm: zswap: inline and remove zswap_entry_find_get()") 42398be2adb1 ("mm: zswap: rename zswap_free_entry to zswap_entry_free") 5878303c5353 ("mm/zswap: fix race between lru writeback and swapoff") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25cd241408a2adc1ed0ebc90ae0793576c111880 Mon Sep 17 00:00:00 2001 From: Johannes Weiner <hannes(a)cmpxchg.org> Date: Sun, 24 Mar 2024 17:04:47 -0400 Subject: [PATCH] mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices Zhongkun He reports data corruption when combining zswap with zram. The issue is the exclusive loads we're doing in zswap. They assume that all reads are going into the swapcache, which can assume authoritative ownership of the data and so the zswap copy can go. However, zram files are marked SWP_SYNCHRONOUS_IO, and faults will try to bypass the swapcache. This results in an optimistic read of the swap data into a page that will be dismissed if the fault fails due to races. In this case, zswap mustn't drop its authoritative copy. Link: https://lore.kernel.org/all/CACSyD1N+dUvsu8=zV9P691B9bVq33erwOXNTmEaUbi9DrD… Fixes: b9c91c43412f ("mm: zswap: support exclusive loads") Link: https://lkml.kernel.org/r/20240324210447.956973-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Tested-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Chris Li <chrisl(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/zswap.c b/mm/zswap.c index 36612f34b5d7..caed028945b0 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1636,6 +1636,7 @@ bool zswap_load(struct folio *folio) swp_entry_t swp = folio->swap; pgoff_t offset = swp_offset(swp); struct page *page = &folio->page; + bool swapcache = folio_test_swapcache(folio); struct zswap_tree *tree = swap_zswap_tree(swp); struct zswap_entry *entry; u8 *dst; @@ -1648,7 +1649,20 @@ bool zswap_load(struct folio *folio) spin_unlock(&tree->lock); return false; } - zswap_rb_erase(&tree->rbroot, entry); + /* + * When reading into the swapcache, invalidate our entry. The + * swapcache can be the authoritative owner of the page and + * its mappings, and the pressure that results from having two + * in-memory copies outweighs any benefits of caching the + * compression work. + * + * (Most swapins go through the swapcache. The notable + * exception is the singleton fault on SWP_SYNCHRONOUS_IO + * files, which reads into a private page and may free it if + * the fault fails. We remain the primary owner of the entry.) + */ + if (swapcache) + zswap_rb_erase(&tree->rbroot, entry); spin_unlock(&tree->lock); if (entry->length) @@ -1663,9 +1677,10 @@ bool zswap_load(struct folio *folio) if (entry->objcg) count_objcg_event(entry->objcg, ZSWPIN); - zswap_entry_free(entry); - - folio_mark_dirty(folio); + if (swapcache) { + zswap_entry_free(entry); + folio_mark_dirty(folio); + } return true; }

1 year, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror