May 2021 - Linux-stable-mirror

[merged] squashfs-fix-divide-error-in-calculate_skip.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: squashfs: fix divide error in calculate_skip() has been removed from the -mm tree. Its filename was squashfs-fix-divide-error-in-calculate_skip.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Phillip Lougher <phillip(a)squashfs.org.uk> Subject: squashfs: fix divide error in calculate_skip() Sysbot has reported a "divide error" which has been identified as being caused by a corrupted file_size value within the file inode. This value has been corrupted to a much larger value than expected. Calculate_skip() is passed i_size_read(inode) >> msblk->block_log. Due to the file_size value corruption this overflows the int argument/variable in that function, leading to the divide error. This patch changes the function to use u64. This will accommodate any unexpectedly large values due to corruption. The value returned from calculate_skip() is clamped to be never more than SQUASHFS_CACHED_BLKS - 1, or 7. So file_size corruption does not lead to an unexpectedly large return result here. Link: https://lkml.kernel.org/r/20210507152618.9447-1-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: <syzbot+e8f781243ce16ac2f962(a)syzkaller.appspotmail.com> Reported-by: <syzbot+7b98870d4fec9447b951(a)syzkaller.appspotmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/squashfs/file.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/fs/squashfs/file.c~squashfs-fix-divide-error-in-calculate_skip +++ a/fs/squashfs/file.c @@ -211,11 +211,11 @@ failure: * If the skip factor is limited in this way then the file will use multiple * slots. */ -static inline int calculate_skip(int blocks) +static inline int calculate_skip(u64 blocks) { - int skip = blocks / ((SQUASHFS_META_ENTRIES + 1) + u64 skip = blocks / ((SQUASHFS_META_ENTRIES + 1) * SQUASHFS_META_INDEXES); - return min(SQUASHFS_CACHED_BLKS - 1, skip + 1); + return min((u64) SQUASHFS_CACHED_BLKS - 1, skip + 1); } _ Patches currently in -mm which might be from phillip(a)squashfs.org.uk are

3 years, 7 months

1
0
0 0

[merged] mm-hugetlb-fix-cow-where-page-writtable-in-child.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hugetlb: fix cow where page writable in child has been removed from the -mm tree. Its filename was mm-hugetlb-fix-cow-where-page-writtable-in-child.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/hugetlb: fix cow where page writtable in child When rework early cow of pinned hugetlb pages, we moved huge_ptep_get() upper but overlooked a side effect that the huge_ptep_get() will fetch the pte after wr-protection. After moving it upwards, we need explicit wr-protect of child pte or we will keep the write bit set in the child process, which could cause data corrution where the child can write to the original page directly. This issue can also be exposed by "memfd_test hugetlbfs" kselftest. Link: https://lkml.kernel.org/r/20210503234356.9097-3-peterx@redhat.com Fixes: 4eae4efa2c299 ("hugetlb: do early cow when page pinned on src mm") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Joel Fernandes (Google) <joel(a)joelfernandes.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/hugetlb.c~mm-hugetlb-fix-cow-where-page-writtable-in-child +++ a/mm/hugetlb.c @@ -4056,6 +4056,7 @@ again: * See Documentation/vm/mmu_notifier.rst */ huge_ptep_set_wrprotect(src, addr, src_pte); + entry = huge_pte_wrprotect(entry); } page_dup_rmap(ptepage, true); _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-gup_benchmark-support-threading.patch mm-gup-pack-has_pinned-in-mmf_has_pinned-fix.patch userfaultfd-selftests-use-user-mode-only.patch userfaultfd-selftests-remove-the-time-check-on-delayed-uffd.patch userfaultfd-selftests-dropping-verify-check-in-locking_thread.patch userfaultfd-selftests-only-dump-counts-if-mode-enabled.patch userfaultfd-selftests-unify-error-handling.patch mm-thp-simplify-copying-of-huge-zero-page-pmd-when-fork.patch mm-userfaultfd-fix-uffd-wp-special-cases-for-fork.patch mm-userfaultfd-fix-a-few-thp-pmd-missing-uffd-wp-bit.patch mm-userfaultfd-fail-uffd-wp-registeration-if-not-supported.patch mm-pagemap-export-uffd-wp-protection-information.patch userfaultfd-selftests-add-pagemap-uffd-wp-test.patch

3 years, 7 months

1
0
0 0

[merged] mm-hugetlb-fix-f_seal_future_write.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hugetlb: fix F_SEAL_FUTURE_WRITE has been removed from the -mm tree. Its filename was mm-hugetlb-fix-f_seal_future_write.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/hugetlb: fix F_SEAL_FUTURE_WRITE Patch series "mm/hugetlb: Fix issues on file sealing and fork", v2. Hugh reported issue with F_SEAL_FUTURE_WRITE not applied correctly to hugetlbfs, which I can easily verify using the memfd_test program, which seems that the program is hardly run with hugetlbfs pages (as by default shmem). Meanwhile I found another probably even more severe issue on that hugetlb fork won't wr-protect child cow pages, so child can potentially write to parent private pages. Patch 2 addresses that. After this series applied, "memfd_test hugetlbfs" should start to pass. This patch (of 2): F_SEAL_FUTURE_WRITE is missing for hugetlb starting from the first day. There is a test program for that and it fails constantly. $ ./memfd_test hugetlbfs memfd-hugetlb: CREATE memfd-hugetlb: BASIC memfd-hugetlb: SEAL-WRITE memfd-hugetlb: SEAL-FUTURE-WRITE mmap() didn't fail as expected Aborted (core dumped) I think it's probably because no one is really running the hugetlbfs test. Fix it by checking FUTURE_WRITE also in hugetlbfs_file_mmap() as what we do in shmem_mmap(). Generalize a helper for that. Link: https://lkml.kernel.org/r/20210503234356.9097-1-peterx@redhat.com Link: https://lkml.kernel.org/r/20210503234356.9097-2-peterx@redhat.com Fixes: ab3948f58ff84 ("mm/memfd: add an F_SEAL_FUTURE_WRITE seal to memfd") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Hugh Dickins <hughd(a)google.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Joel Fernandes (Google) <joel(a)joelfernandes.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/hugetlbfs/inode.c | 5 +++++ include/linux/mm.h | 32 ++++++++++++++++++++++++++++++++ mm/shmem.c | 22 ++++------------------ 3 files changed, 41 insertions(+), 18 deletions(-) --- a/fs/hugetlbfs/inode.c~mm-hugetlb-fix-f_seal_future_write +++ a/fs/hugetlbfs/inode.c @@ -131,6 +131,7 @@ static void huge_pagevec_release(struct static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) { struct inode *inode = file_inode(file); + struct hugetlbfs_inode_info *info = HUGETLBFS_I(inode); loff_t len, vma_len; int ret; struct hstate *h = hstate_file(file); @@ -146,6 +147,10 @@ static int hugetlbfs_file_mmap(struct fi vma->vm_flags |= VM_HUGETLB | VM_DONTEXPAND; vma->vm_ops = &hugetlb_vm_ops; + ret = seal_check_future_write(info->seals, vma); + if (ret) + return ret; + /* * page based offset in vm_pgoff could be sufficiently large to * overflow a loff_t when converted to byte offset. This can --- a/include/linux/mm.h~mm-hugetlb-fix-f_seal_future_write +++ a/include/linux/mm.h @@ -3216,5 +3216,37 @@ void mem_dump_obj(void *object); static inline void mem_dump_obj(void *object) {} #endif +/** + * seal_check_future_write - Check for F_SEAL_FUTURE_WRITE flag and handle it + * @seals: the seals to check + * @vma: the vma to operate on + * + * Check whether F_SEAL_FUTURE_WRITE is set; if so, do proper check/handling on + * the vma flags. Return 0 if check pass, or <0 for errors. + */ +static inline int seal_check_future_write(int seals, struct vm_area_struct *vma) +{ + if (seals & F_SEAL_FUTURE_WRITE) { + /* + * New PROT_WRITE and MAP_SHARED mmaps are not allowed when + * "future write" seal active. + */ + if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_WRITE)) + return -EPERM; + + /* + * Since an F_SEAL_FUTURE_WRITE sealed memfd can be mapped as + * MAP_SHARED and read-only, take care to not allow mprotect to + * revert protections on such mappings. Do this only for shared + * mappings. For private mappings, don't need to mask + * VM_MAYWRITE as we still want them to be COW-writable. + */ + if (vma->vm_flags & VM_SHARED) + vma->vm_flags &= ~(VM_MAYWRITE); + } + + return 0; +} + #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ --- a/mm/shmem.c~mm-hugetlb-fix-f_seal_future_write +++ a/mm/shmem.c @@ -2258,25 +2258,11 @@ out_nomem: static int shmem_mmap(struct file *file, struct vm_area_struct *vma) { struct shmem_inode_info *info = SHMEM_I(file_inode(file)); + int ret; - if (info->seals & F_SEAL_FUTURE_WRITE) { - /* - * New PROT_WRITE and MAP_SHARED mmaps are not allowed when - * "future write" seal active. - */ - if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_WRITE)) - return -EPERM; - - /* - * Since an F_SEAL_FUTURE_WRITE sealed memfd can be mapped as - * MAP_SHARED and read-only, take care to not allow mprotect to - * revert protections on such mappings. Do this only for shared - * mappings. For private mappings, don't need to mask - * VM_MAYWRITE as we still want them to be COW-writable. - */ - if (vma->vm_flags & VM_SHARED) - vma->vm_flags &= ~(VM_MAYWRITE); - } + ret = seal_check_future_write(info->seals, vma); + if (ret) + return ret; /* arm64 - allow memory tagging on RAM-based files */ vma->vm_flags |= VM_MTE_ALLOWED; _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-gup_benchmark-support-threading.patch mm-gup-pack-has_pinned-in-mmf_has_pinned-fix.patch userfaultfd-selftests-use-user-mode-only.patch userfaultfd-selftests-remove-the-time-check-on-delayed-uffd.patch userfaultfd-selftests-dropping-verify-check-in-locking_thread.patch userfaultfd-selftests-only-dump-counts-if-mode-enabled.patch userfaultfd-selftests-unify-error-handling.patch mm-thp-simplify-copying-of-huge-zero-page-pmd-when-fork.patch mm-userfaultfd-fix-uffd-wp-special-cases-for-fork.patch mm-userfaultfd-fix-a-few-thp-pmd-missing-uffd-wp-bit.patch mm-userfaultfd-fail-uffd-wp-registeration-if-not-supported.patch mm-pagemap-export-uffd-wp-protection-information.patch userfaultfd-selftests-add-pagemap-uffd-wp-test.patch

3 years, 7 months

1
0
0 0

[PATCH] x86/i8259: Work around buggy legacy PIC

by Maximilian Luz

The legacy PIC on the AMD variant of the Microsoft Surface Laptop 4 has some problems on boot. For some reason it consistently does not respond on the first try, requiring a couple more tries before it finally responds. This currently leads to the PIC not being properly recognized, which prevents interrupt handling down the line. Ultimately, this also leads to the pinctrl-amd driver failing to probe due to platform_get_irq() returning -EINVAL for its base IRQ. That, in turn, means that several interrupts are not available and device drivers relying on those will defer probing indefinitely, as querying those interrupts returns -EPROBE_DEFER. Add a quirk table and a retry-loop to work around that. Also switch to pr_info() due to complaints by checkpatch and add a pr_fmt() definition for completeness. Cc: <stable(a)vger.kernel.org> # 5.10+ Co-developed-by: Sachi King <nakato(a)nakato.io> Signed-off-by: Sachi King <nakato(a)nakato.io> Signed-off-by: Maximilian Luz <luzmaximilian(a)gmail.com> --- arch/x86/kernel/i8259.c | 51 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c index 282b4ee1339f..0da757c6b292 100644 --- a/arch/x86/kernel/i8259.c +++ b/arch/x86/kernel/i8259.c @@ -1,4 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 + +#define pr_fmt(fmt) "i8259: " fmt + #include <linux/linkage.h> #include <linux/errno.h> #include <linux/signal.h> @@ -16,6 +19,7 @@ #include <linux/io.h> #include <linux/delay.h> #include <linux/pgtable.h> +#include <linux/dmi.h> #include <linux/atomic.h> #include <asm/timer.h> @@ -298,11 +302,39 @@ static void unmask_8259A(void) raw_spin_unlock_irqrestore(&i8259A_lock, flags); } +/* + * DMI table to identify devices with quirky probe behavior. See comment in + * probe_8259A() for more details. + */ +static const struct dmi_system_id retry_probe_quirk_table[] = { + { + .ident = "Microsoft Surface Laptop 4 (AMD)", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Microsoft Corporation"), + DMI_MATCH(DMI_PRODUCT_SKU, "Surface_Laptop_4_1952:1953") + }, + }, + {} +}; + static int probe_8259A(void) { unsigned long flags; unsigned char probe_val = ~(1 << PIC_CASCADE_IR); unsigned char new_val; + unsigned int i, imax = 1; + + /* + * Some systems have a legacy PIC that doesn't immediately respond + * after boot. We know it's there, we know it should respond and is + * required for proper interrupt handling later on, so let's try a + * couple of times. + */ + if (dmi_check_system(retry_probe_quirk_table)) { + pr_warn("system with broken legacy PIC detected, re-trying multiple times if necessary\n"); + imax = 10; + } + /* * Check to see if we have a PIC. * Mask all except the cascade and read @@ -312,15 +344,24 @@ static int probe_8259A(void) */ raw_spin_lock_irqsave(&i8259A_lock, flags); - outb(0xff, PIC_SLAVE_IMR); /* mask all of 8259A-2 */ - outb(probe_val, PIC_MASTER_IMR); - new_val = inb(PIC_MASTER_IMR); - if (new_val != probe_val) { - printk(KERN_INFO "Using NULL legacy PIC\n"); + for (i = 0; i < imax; i++) { + outb(0xff, PIC_SLAVE_IMR); /* mask all of 8259A-2 */ + outb(probe_val, PIC_MASTER_IMR); + new_val = inb(PIC_MASTER_IMR); + if (new_val == probe_val) + break; + } + + if (i == imax) { + pr_info("using NULL legacy PIC\n"); legacy_pic = &null_legacy_pic; } raw_spin_unlock_irqrestore(&i8259A_lock, flags); + + if (imax > 1 && i < imax) + pr_info("got legacy PIC after %d tries\n", i + 1); + return nr_legacy_irqs(); } -- 2.31.1

3 years, 7 months

7
21
0 0

[PATCH 5.12 000/363] 5.12.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.12.5 release. There are 363 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 19 May 2021 14:02:12 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.12.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.12.5-rc1 Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: check all BUSIF status when error Christoph Hellwig <hch(a)lst.de> nvme: do not try to reconfigure APST when the controller is not live Arnd Bergmann <arnd(a)arndb.de> ext4: fix debug format string warning Kees Cook <keescook(a)chromium.org> debugfs: Make debugfs_allow RO after init Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: PCI: rcar-pci-host: Document missing R-Car H1 support Zhen Lei <thunder.leizhen(a)huawei.com> dt-bindings: serial: 8250: Remove duplicated compatible strings Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> dt-bindings: phy: qcom,qmp-usb3-dp-phy: move usb3 compatibles back to qcom,qmp-phy.yaml Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: falcon: Move console config to CPU board DTS Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> dt-bindings: thermal: rcar-gen3-thermal: Support five TSC nodes on r8a779a0 Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: media: renesas,vin: Make resets optional on R-Car Gen1 Qii Wang <qii.wang(a)mediatek.com> i2c: mediatek: Fix send master code at more than 1MHz Fabio Estevam <festevam(a)gmail.com> media: rkvdec: Remove of_match_ptr() Enric Balletbo i Serra <enric.balletbo(a)collabora.com> soc: mediatek: pm-domains: Add a power domain names for mt8192 Enric Balletbo i Serra <enric.balletbo(a)collabora.com> soc: mediatek: pm-domains: Add a power domain names for mt8183 Enric Balletbo i Serra <enric.balletbo(a)collabora.com> soc: mediatek: pm-domains: Add a meaningful power domain name Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> clk: exynos7: Mark aclk_fsys1_200 as critical Stéphane Marchesin <marcheu(a)chromium.org> drm/i915: Fix crash in auto_retire Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> drm/i915/overlay: Fix active retire callback alignment Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Read C0DRB3/C1DRB3 as 16 bits again Kuogee Hsieh <khsieh(a)codeaurora.org> drm/msm/dp: check sink_count before update is_connected status Lv Yunlong <lyl2019(a)mail.ustc.edu.cn> drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> kobject_uevent: remove warning in init_uevent_argv() Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Fix error while calculating PPS out values Tony Lindgren <tony(a)atomide.com> clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 Tony Lindgren <tony(a)atomide.com> clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Avoid handcoded DIVU in `__div64_32' altogether Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Avoid DIVU in `__div64_32' is result would be zero Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Reinstate platform `__div64_32' handler Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: fix struct page layout on 32-bit systems Sean Christopherson <seanjc(a)google.com> KVM: VMX: Disable preemption when probing user return MSRs Sean Christopherson <seanjc(a)google.com> KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: nVMX: Always make an attempt to map eVMCS after migration Sean Christopherson <seanjc(a)google.com> KVM: x86: Add support for RDPID without RDTSCP Sean Christopherson <seanjc(a)google.com> KVM: x86: Move RDPID emulation intercept to its own enum Sean Christopherson <seanjc(a)google.com> KVM: x86: Emulate RDPID only if RDTSCP is supported Juergen Gross <jgross(a)suse.com> xen/gntdev: fix gntdev_mmap() error exit path Alexandre Belloni <alexandre.belloni(a)bootlin.com> alarmtimer: Check RTC features instead of ops Oliver Neukum <oneukum(a)suse.com> cdc-wdm: untangle a circular dependency between callback and softint Colin Ian King <colin.king(a)canonical.com> iio: tsl2583: Fix division by a zero lux_val Dmitry Osipenko <digetx(a)gmail.com> iio: gyro: mpu3050: Fix reported temperature value Tomasz Duszynski <tomasz.duszynski(a)octakon.com> iio: core: fix ioctl handlers removal Sandeep Singh <sandeep.singh(a)amd.com> xhci: Add reset resume quirk for AMD xhci controller. Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> xhci: Do not use GFP_KERNEL in (potentially) atomic context Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix giving back cancelled URBs even if halted endpoint can't reset Abhijeet Rao <abhijeet.rao(a)intel.com> xhci-pci: Allow host runtime PM as default for Intel Alder Lake xHCI Andy Shevchenko <andy.shevchenko(a)gmail.com> usb: typec: ucsi: Put fwnode in any case during ->probe() Jack Pham <jackp(a)codeaurora.org> usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Fix wrong handling in GET_SINK_CAP Wesley Cheng <wcheng(a)codeaurora.org> usb: dwc3: gadget: Return success always for kick transfer in ep queue Jack Pham <jackp(a)codeaurora.org> usb: dwc3: gadget: Enable suspend events Zhen Lei <thunder.leizhen(a)huawei.com> usb: dwc3: imx8mp: fix error return code in dwc3_imx8mp_probe() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: core: hub: fix race condition about TRSMRCY of resume Phil Elwell <phil(a)raspberrypi.com> usb: dwc2: Fix gadget DMA unmap direction Maximilian Luz <luzmaximilian(a)gmail.com> usb: xhci: Increase timeout for HC halt Ferry Toth <ftoth(a)exalondelft.nl> usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield Marcel Hamer <marcel(a)solidxs.se> usb: dwc3: omap: improve extcon initialization Bart Van Assche <bvanassche(a)acm.org> blk-mq: Swap two calls in blk_mq_exit_queue() Ming Lei <ming.lei(a)redhat.com> blk-mq: plug request for shared sbitmap Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Make NMI record implicitly soft-masked code as irqs disabled Sun Ke <sunke32(a)huawei.com> nbd: Fix NULL pointer in flush_workqueue Gautham R. Shenoy <ego(a)linux.vnet.ibm.com> sched/fair: Fix clearing of has_idle_cores flag in select_idle_cpu() Chao Yu <chao(a)kernel.org> f2fs: compress: fix to assign cc.cluster_idx correctly Chao Yu <chao(a)kernel.org> f2fs: compress: fix race condition of overwrite vs truncate Chao Yu <chao(a)kernel.org> f2fs: compress: fix to free compress page correctly Michal Kalderon <michal.kalderon(a)marvell.com> nvmet-rdma: Fix NULL deref when SEND is completed with error Chaitanya Kulkarni <chaitanya.kulkarni(a)wdc.com> nvmet: fix inline bio check for passthru Chaitanya Kulkarni <chaitanya.kulkarni(a)wdc.com> nvmet: fix inline bio check for bdev-ns Omar Sandoval <osandov(a)fb.com> kyber: fix out of bounds access when preempted Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ACPI: scan: Fix a memory leak in an error handling path Andy Shevchenko <andy.shevchenko(a)gmail.com> hwmon: (ltc2992) Put fwnode in error case during ->probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: musb: Fix an error message Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Fix wrong handling for Not_Supported in VDM AMS Eddie James <eajames(a)linux.ibm.com> hwmon: (occ) Fix poll rate limiting Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: fotg210-hcd: Fix an error message Alexandru Ardelean <aardelean(a)deviqon.com> iio: core: return ENODEV if ioctl is unknown Alexandru Ardelean <aardelean(a)deviqon.com> iio: hid-sensors: select IIO_TRIGGERED_BUFFER under HID_SENSOR_IIO_TRIGGER Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: proximity: pulsedlight: Fix rumtime PM imbalance on error Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: light: gp2ap002: Fix rumtime PM imbalance on error Jack Pham <jackp(a)codeaurora.org> usb: dwc3: gadget: Free gadget structure only after freeing endpoints Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix dynamic libbpf link Zhen Lei <thunder.leizhen(a)huawei.com> xen/unpopulated-alloc: fix error return code in fill_list() Vivek Goyal <vgoyal(a)redhat.com> dax: Wake up all waiters after invalidating dax entry Vivek Goyal <vgoyal(a)redhat.com> dax: Add a wakeup mode parameter to put_unlocked_entry() Vivek Goyal <vgoyal(a)redhat.com> dax: Add an enum for specifying dax wakup mode Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Move GHCB unmapping to fix RCU warning Thomas Gleixner <tglx(a)linutronix.de> KVM: x86: Prevent deadlock against tk_core.seq Thomas Gleixner <tglx(a)linutronix.de> KVM: x86: Cancel pvclock_gtod_work on module removal Kuogee Hsieh <khsieh(a)codeaurora.org> drm/msm/dp: initialize audio_comp when audio starts Wanpeng Li <wanpengli(a)tencent.com> KVM: LAPIC: Accurately guarantee busy wait for timer to expire when using hv_timer Jonathan Marek <jonathan(a)marek.ca> drm/msm: fix LLC not being enabled for mmu500 targets Benjamin Segall <bsegall(a)google.com> kvm: exit halt polling on need_resched() as well Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/i915/dp: Use slow and wide link training for everything Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Avoid div-by-zero on gen2 David Ward <david.ward(a)gatech.edu> drm/amd/display: Initialize attribute for hdcp_srm sysfs file Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: sanity check zone type Tom Rix <trix(a)redhat.com> btrfs: initialize return variable in cleanup_free_space_cache_v1 Filipe Manana <fdmanana(a)suse.com> btrfs: fix race leading to unpersisted data and metadata on fsync Filipe Manana <fdmanana(a)suse.com> btrfs: zoned: fix silent data loss after failure splitting ordered extent Filipe Manana <fdmanana(a)suse.com> btrfs: fix deadlock when cloning inline extents and using qgroups Catalin Marinas <catalin.marinas(a)arm.com> arm64: Fix race condition on PG_dcache_clean in __sync_icache_dcache() Peter Collingbourne <pcc(a)google.com> arm64: mte: initialize RGSR_EL1.SEED in __cpu_setup Huang Rui <ray.huang(a)amd.com> x86, sched: Fix the AMD CPPC maximum performance value on certain AMD Ryzen generations Tejun Heo <tj(a)kernel.org> blk-iocost: fix weight updates of inner active iocgs Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix cow where page writtable in child Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix F_SEAL_FUTURE_WRITE Peter Collingbourne <pcc(a)google.com> kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled Axel Rasmussen <axelrasmussen(a)google.com> userfaultfd: release page in error path to avoid BUG_ON Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix divide error in calculate_skip() Jouni Roivas <jouni.roivas(a)tuxera.com> hfsplus: prevent corruption in shrinking truncate Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix crashes when toggling entry flush barrier Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix crashes when toggling stf barrier Eric Dumazet <edumazet(a)google.com> sh: Remove unused variable Vladimir Isaev <isaev(a)synopsys.com> ARC: mm: Use max_high_pfn as a HIGHMEM zone border Vladimir Isaev <isaev(a)synopsys.com> ARC: mm: PAE: use 40-bit physical page mask Vineet Gupta <vgupta(a)synopsys.com> ARC: entry: fix off-by-one error in syscall number validation Paolo Abeni <pabeni(a)redhat.com> mptcp: fix splat when closing unaccepted socket Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> i40e: Remove LLDP frame filters Mateusz Palczewski <mateusz.palczewski(a)intel.com> i40e: Fix PHY type identifiers for 2.5G and 5G adapters Jaroslaw Gawin <jaroslawx.gawin(a)intel.com> i40e: fix the restart auto-negotiation after FEC modified Yunjian Wang <wangyunjian(a)huawei.com> i40e: Fix use-after-free in i40e_client_subtask() Magnus Karlsson <magnus.karlsson(a)intel.com> i40e: fix broken XDP support Eric Dumazet <edumazet(a)google.com> netfilter: nftables: avoid overflows in nft_hash_buckets() David Hildenbrand <david(a)redhat.com> kernel/resource: make walk_mem_res() find all busy IORESOURCE_MEM resources David Hildenbrand <david(a)redhat.com> kernel/resource: make walk_system_ram_res() find all busy IORESOURCE_SYSTEM_RAM resources Jia-Ju Bai <baijiaju1990(a)gmail.com> kernel: kexec_file: fix error return code of kexec_calculate_store_digests() Colin Ian King <colin.king(a)canonical.com> fs/proc/generic.c: fix incorrect pde_is_permanent check Alex Elder <elder(a)linaro.org> net: ipa: fix inter-EE IRQ register definitions Odin Ugedal <odin(a)uged.al> sched/fair: Fix unfairness caused by missing load decay Quentin Perret <qperret(a)google.com> sched: Fix out-of-bound access in uclamp Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_tx_work_queue(): fix tx_skb race condition Frieder Schrempf <frieder.schrempf(a)kontron.de> can: mcp251x: fix resume from sleep before interface was brought up Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_probe(): add missing can_rx_offload_del() in error path Dan Carpenter <dan.carpenter(a)oracle.com> can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nftables: Fix a memleak from userdata error path in new objects Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check Cong Wang <cong.wang(a)bytedance.com> smc: disallow TCP_ULP in smc_setsockopt() Maciej Żenczykowski <maze(a)google.com> net: fix nla_strcmp to handle more then one trailing null character Fernando Fernandez Mancera <ffmancera(a)riseup.net> ethtool: fix missing NLM_F_MULTI flag when dumping Marco Elver <elver(a)google.com> kfence: await for allocation using wait_event Pavel Tatashin <pasha.tatashin(a)soleen.com> mm/gup: check for isolation errors Pavel Tatashin <pasha.tatashin(a)soleen.com> mm/gup: return an error on migration failure Pavel Tatashin <pasha.tatashin(a)soleen.com> mm/gup: check every subpage of a compound page during isolation Miaohe Lin <linmiaohe(a)huawei.com> ksm: fix potential missing rmap_item for stable_node Miaohe Lin <linmiaohe(a)huawei.com> mm/migrate.c: fix potential indeterminate pte entry in migrate_vma_insert_page() Miaohe Lin <linmiaohe(a)huawei.com> mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() Miaohe Lin <linmiaohe(a)huawei.com> khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() Sasha Levin <sashal(a)kernel.org> arm64: entry: always set GIC_PRIO_PSR_I_SET during entry Marc Zyngier <maz(a)kernel.org> arm64: entry: factor irq triage logic into macros Kees Cook <keescook(a)chromium.org> drm/radeon: Avoid power table parsing memory leaks Kees Cook <keescook(a)chromium.org> drm/radeon: Fix off-by-one power_state index heap overwrite Ramesh Babu B <ramesh.babu.b(a)intel.com> net: stmmac: Clear receive all(RA) bit when promiscuous mode is off Sandipan Das <sandipan(a)linux.ibm.com> powerpc/powernv/memtrace: Fix dcache flushing Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> xsk: Fix for xp_aligned_validate_desc() when len == chunk_size Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: xt_SECMARK: add new revision to fix structure layout Xin Long <lucien.xin(a)gmail.com> sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b Lv Yunlong <lyl2019(a)mail.ustc.edu.cn> ethernet:enic: Fix a use after free bug in enic_hard_start_xmit Jim Quinlan <jim2101024(a)gmail.com> PCI: brcmstb: Use reset/rearm instead of deassert/assert Jim Quinlan <jim2101024(a)gmail.com> ata: ahci_brcm: Fix use of BCM7216 reset controller Md Haris Iqbal <haris.iqbal(a)cloud.ionos.com> block/rnbd-clt: Check the return value of the function rtrs_clt_query Md Haris Iqbal <haris.iqbal(a)cloud.ionos.com> block/rnbd-clt: Change queue_depth type in rnbd_clt_session to size_t Brendan Jackman <jackmanb(a)google.com> libbpf: Fix signed overflow in ringbuf_process_ring Baptiste Lepers <baptiste.lepers(a)gmail.com> sunrpc: Fix misplaced barrier in call_decode Anup Patel <anup.patel(a)wdc.com> RISC-V: Fix error code returned by riscv_hartid_to_cpuid() Xin Long <lucien.xin(a)gmail.com> sctp: do asoc update earlier in sctp_sf_do_dupcook_a Yufeng Mo <moyufeng(a)huawei.com> net: hns3: disable phy loopback setting in hclge_mac_start_phy Peng Li <lipeng321(a)huawei.com> net: hns3: use netif_tx_disable to stop the transmit queue Hao Chen <chenhao288(a)hisilicon.com> net: hns3: fix for vxlan gpe tx checksum bug Mark Rutland <mark.rutland(a)arm.com> arm64: stacktrace: restore terminal records Jian Shen <shenjian15(a)huawei.com> net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() Yufeng Mo <moyufeng(a)huawei.com> net: hns3: initialize the message content in hclge_get_link_mode() Yufeng Mo <moyufeng(a)huawei.com> net: hns3: fix incorrect configuration for igu_egu_hw_err Nobuhiro Iwamatsu <nobuhiro1.iwamatsu(a)toshiba.co.jp> rtc: ds1307: Fix wday settings for rx8130 Can Guo <cang(a)codeaurora.org> scsi: ufs: core: Narrow down fast path in system suspend path Can Guo <cang(a)codeaurora.org> scsi: ufs: core: Cancel rpm_dev_flush_recheck_work during system suspend Can Guo <cang(a)codeaurora.org> scsi: ufs: core: Do not put UFS power into LPM if link is broken Anastasia Kovaleva <a.kovaleva(a)yadro.com> scsi: qla2xxx: Prevent PRLI in target mode Jeff Layton <jlayton(a)kernel.org> ceph: fix inode leak on getattr error in __fh_to_dentry Claire Chang <tientzu(a)chromium.org> swiotlb: Fix the type of index Nathan Chancellor <nathan(a)kernel.org> riscv: Select HAVE_DYNAMIC_FTRACE when -fpatchable-function-entry is available Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: rpcrdma_mr_pop() already does list_del_init() Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix cwnd update ordering Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Avoid Receive Queue wrapping Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel: Fix duty cycle calculation in .get_state() Yunjian Wang <wangyunjian(a)huawei.com> SUNRPC: Fix null pointer dereference in svc_rqst_free() Dan Carpenter <dan.carpenter(a)oracle.com> SUNRPC: fix ternary sign expansion bug in tracing Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: fix cdev setup and free device lifetime issues Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: fix group conf_dev lifetime Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: fix engine conf_dev lifetime Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: fix wq conf_dev 'struct device' lifetime Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: use ida for device instance enumeration Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: removal of pcim managed mmio mapping Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: cleanup pci interrupt vector allocation management Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: fix dma device lifetime Colin Ian King <colin.king(a)canonical.com> dmaengine: idxd: Fix potential null dereference on pointer status Michael Walle <michael(a)walle.cc> rtc: fsl-ftm-alarm: add MODULE_TABLE() J. Bruce Fields <bfields(a)redhat.com> nfsd: ensure new clients break delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.x: Don't return NFS4ERR_NOMATCHING_LAYOUT if we're unmounting Guangqing Zhu <zhuguangqing83(a)gmail.com> thermal/drivers/tsens: Fix missing put_device error Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv42: Copy offload should update the file size when appropriate Chris Dion <Christopher.Dion(a)dell.com> SUNRPC: Handle major timeout in xprt_adjust_timeout() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove trace_xprt_transmit_queued Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Move fault injection call sites Olga Kornievskaia <kolga(a)netapp.com> NFSv4.2 fix handling of sr_eof in SEEK's reply Nikola Livic <nlivic(a)gmail.com> pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() Suman Anna <s-anna(a)ti.com> remoteproc: pru: Fix and cleanup firmware interrupt mapping logic Suman Anna <s-anna(a)ti.com> remoteproc: pru: Fix wrong success return value for fw events Suman Anna <s-anna(a)ti.com> remoteproc: pru: Fixup interrupt-parent logic for fw events Yang Yingliang <yangyingliang(a)huawei.com> PCI: endpoint: Fix missing destroy_workqueue() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Deal correctly with attribute generation counter overflow Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.2: Always flush out writes in nfs42_proc_fallocate() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix attribute bitmask in _nfs42_proc_fallocate() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: nfs4_bitmask_adjust() must not change the server global bitmasks Jia-Ju Bai <baijiaju1990(a)gmail.com> rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid accessing invalid fio in f2fs_allocate_data_block() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Only change the cookie verifier if the directory page cache is empty Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix handling of cookie verifier in uncached_readdir() Nagendra S Tomar <natomar(a)microsoft.com> nfs: Subsequent READDIR calls should carry non-zero cookieverifier Yi Zhuang <zhuangyi1(a)huawei.com> f2fs: Fix a hungtask problem in atomic write Chao Yu <chao(a)kernel.org> f2fs: fix to restrict mount condition on readonly block device Yang Yingliang <yangyingliang(a)huawei.com> fs: 9p: fix v9fs_file_open writeback fid error check Chao Yu <chao(a)kernel.org> f2fs: fix to cover __allocate_new_section() with curseg_lock Chao Yu <chao(a)kernel.org> f2fs: fix to avoid touching checkpointed data in get_victim() Shradha Todi <shradha.t(a)samsung.com> PCI: endpoint: Fix NULL pointer dereference for ->get_features() Chao Yu <chao(a)kernel.org> f2fs: fix to update last i_size if fallocate partially succeeds Chao Yu <chao(a)kernel.org> f2fs: fix to align to section for fallocate() on pinned file Zhen Lei <thunder.leizhen(a)huawei.com> ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> PCI: Release OF node in pci_scan_device()'s error path Wei Yongjun <weiyongjun1(a)huawei.com> PCI: brcmstb: Fix error return code in brcm_pcie_probe() Pali Rohár <pali(a)kernel.org> PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() Bjorn Andersson <bjorn.andersson(a)linaro.org> remoteproc: qcom_q6v5_mss: Validate p_filesz in ELF loader Arnd Bergmann <arnd(a)arndb.de> rtc: tps65910: include linux/property.h Colin Ian King <colin.king(a)canonical.com> f2fs: fix a redundant call to f2fs_balance_fs if an error occurs Chao Yu <chao(a)kernel.org> f2fs: fix panic during f2fs_resize_fs() Chao Yu <chao(a)kernel.org> f2fs: fix to allow migrating fully valid segment Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> PCI/RCEC: Fix RCiEP device to RCEC association Jia-Ju Bai <baijiaju1990(a)gmail.com> thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() Arnd Bergmann <arnd(a)arndb.de> leds: lgm: fix gpiolib dependency David Ward <david.ward(a)gatech.edu> ASoC: rt286: Make RT286_SET_GPIO_* readable and writable Petr Mladek <pmladek(a)suse.com> watchdog: cleanup handling of false positives Petr Mladek <pmladek(a)suse.com> watchdog: fix barriers when printing backtraces from all CPUs Petr Mladek <pmladek(a)suse.com> watchdog/softlockup: remove logic that tried to prevent repeated reports Petr Mladek <pmladek(a)suse.com> watchdog/softlockup: report the overall time of softlockups Petr Mladek <pmladek(a)suse.com> watchdog: explicitly update timestamp when reporting softlockup Petr Mladek <pmladek(a)suse.com> watchdog: rename __touch_watchdog() to a better descriptive name Sergei Trofimovich <slyfox(a)gentoo.org> ia64: module: fix symbolizer crash on fdescr Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Add PCI IDs for Hyper-V VF devices. Masahiro Yamada <masahiroy(a)kernel.org> kbuild: generate Module.symvers only when vmlinux exists Petr Machata <petrm(a)nvidia.com> selftests: mlxsw: Fix mausezahn invocation in ERSPAN scale test Petr Machata <petrm(a)nvidia.com> selftests: mlxsw: Increase the tolerance of backlog buildup Felix Fietkau <nbd(a)nbd.name> net: ethernet: mtk_eth_soc: fix RX VLAN offload Stefan Assmann <sassmann(a)kpanic.de> iavf: remove duplicate free resources calls Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/iommu: Annotate nested lock for lockdep Lee Gibson <leegib(a)gmail.com> qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth Gustavo A. R. Silva <gustavoars(a)kernel.org> wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Gustavo A. R. Silva <gustavoars(a)kernel.org> wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Sean Christopherson <seanjc(a)google.com> crypto: ccp: Free SEV device if SEV init fails Felix Fietkau <nbd(a)nbd.name> mt76: mt7615: fix entering driver-own state on mt7663 Jinzhou Su <Jinzhou.Su(a)amd.com> drm/amdgpu: Add mem sync flag for IB allocated by SA Dingchen (David) Zhang <dingchen.zhang(a)amd.com> drm/amd/display: add handling for hdcp2 rx id list validation Robin Singh <robin.singh(a)amd.com> drm/amd/display: fixed divide by zero kernel crash during dsc enablement Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Stop calling printk in rtas_stop_self() Yaqi Chen <chendotjs(a)gmail.com> samples/bpf: Fix broken tracex1 due to kprobe argument change Du Cheng <ducheng2(a)gmail.com> net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule Gustavo A. R. Silva <gustavoars(a)kernel.org> ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() David Ward <david.ward(a)gatech.edu> ASoC: rt286: Generalize support for ALC3263 codec Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: properly drop the connection in case of invalid CSA IE David Mosberger-Tang <davidm(a)egauge.net> wilc1000: Bring MAC address setting in line with typical Linux behavior Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc/smp: Set numa node before updating mask Cédric Le Goater <clg(a)kaod.org> powerpc/xive: Use the "ibm, chip-id" property only under PowerNV Gustavo A. R. Silva <gustavoars(a)kernel.org> flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target() Gustavo A. R. Silva <gustavoars(a)kernel.org> sctp: Fix out-of-bounds warning in sctp_process_asconf_param() Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: i801: Add support for Intel Alder Lake PCH-M Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume Vamshi Krishna Gopal <vamshi.krishna.gopal(a)intel.com> ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 Mihai Moldovan <ionic(a)ionic.de> kconfig: nconf: stop endless search loops Yonghong Song <yhs(a)fb.com> selftests: Set CC to clang in lib.mk if LLVM is set Anthony Wang <anthony1.wang(a)amd.com> drm/amd/display: Force vsync flip when reconfiguring MPCC Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> iommu/amd: Remove performance counter pre-initialization test Paul Menzel <pmenzel(a)molgen.mpg.de> Revert "iommu/amd: Fix performance counter initialization" Florian Fainelli <f.fainelli(a)gmail.com> net: bridge: propagate error code and extack from br_mc_disabled_update Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() Vaibhav Jain <vaibhav(a)linux.ibm.com> powerpc/mm: Add cond_resched() while removing hpte mappings Johannes Berg <johannes.berg(a)intel.com> iwlwifi: trans/pcie: defer transport initialisation Mordechay Goodstein <mordechay.goodstein(a)intel.com> iwlwifi: queue: avoid memory leak in reset flow Johannes Berg <johannes.berg(a)intel.com> iwlwifi: pcie: make cfg vs. trans_cfg more robust Miklos Szeredi <mszeredi(a)redhat.com> cuse: prevent clone Miklos Szeredi <mszeredi(a)redhat.com> virtiofs: fix userns Vivek Goyal <vgoyal(a)redhat.com> fuse: invalidate attrs when page writeback completes Ye Weihua <yeweihua4(a)huawei.com> i2c: imx: Fix PM reference leak in i2c_imx_reg_slave() Ryder Lee <ryder.lee(a)mediatek.com> mt76: mt7915: add wifi subsystem reset Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7921: fix key set/delete issue Shayne Chen <shayne.chen(a)mediatek.com> mt76: mt7915: fix txpower init for TSSI off chips Felix Fietkau <nbd(a)nbd.name> mt76: mt7915: fix key set/delete issue Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: connac: always check return value from mt76_connac_mcu_alloc_wtbl_req David Bauer <mail(a)david-bauer.net> mt76: mt76x0: disable GTK offloading Sander Vanheule <sander(a)svanheule.net> mt76: mt7615: support loading EEPROM for MT7613BE Felix Fietkau <nbd(a)nbd.name> mt76: mt7615: fix key set/delete issues Po-Hao Huang <phhuang(a)realtek.com> rtw88: 8822c: add LC calibration for RTL8822C Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> pinctrl: samsung: use 'int' for register masks in Exynos Heiner Kallweit <hkallweit1(a)gmail.com> net: fec: use mac-managed PHY PM Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: make PHY PM ops a no-op if MAC driver manages PHY PM Gyeongtaek Lee <gt82.lee(a)samsung.com> ASoC: soc-compress: lock pcm_mutex to resolve lockdep error Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: clear the beacon's CRC after channel switch Johan Almbladh <johan.almbladh(a)anyfinetworks.com> mac80211: Set priority and queue mapping for injected frames Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> IB/hfi1: Correct oversized ring allocation Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: Do not scan for graph if none is present Tiezhu Yang <yangtiezhu(a)loongson.cn> MIPS: Loongson64: Use _CACHE_UNCACHED instead of _CACHE_UNCACHED_ACCELERATED Daniel Winkler <danielwinkler(a)google.com> Bluetooth: Do not set cur_adv_instance in adv param MGMT request Bence Csókás <bence98(a)sch.bme.hu> i2c: Add I2C_AQ_NO_REP_START adapter quirk Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: launch mptcp_connect with timeout Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 mark-yw.chen <mark-yw.chen(a)mediatek.com> Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip. Paul M Stillwell Jr <paul.m.stillwell.jr(a)intel.com> ice: handle increasing Tx or Rx ring sizes Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet Xiang Chen <chenxiang66(a)hisilicon.com> iommu/arm-smmu-v3: Add a check to avoid invalid iotlb sync Marc Kleine-Budde <mkl(a)pengutronix.de> can: dev: can_free_echo_skb(): don't crash the kernel if can_priv::echo_skb is accessed out of bounds Eric Dumazet <edumazet(a)google.com> ip6_vti: proper dev_{hold|put} in ndo_[un]init methods Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: add handling for xmit skb with recursive fraglist Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: remediate a potential overflow risk of bd_num_list Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Statically initialise first emergency context Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms Russell Currey <ruscur(a)russell.cc> selftests/powerpc: Fix L1D flushing tests for Power10 Archie Pusaka <apusaka(a)chromium.org> Bluetooth: check for zapped sk before connecting Nikolay Aleksandrov <nikolay(a)nvidia.com> net: bridge: when suppression is enabled exclude RARP packets Vladimir Oltean <vladimir.oltean(a)nxp.com> net/sched: cls_flower: use ntohs for struct flow_dissector_key_ports Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: initialize skb_queue_head at l2cap_chan_create() Archie Pusaka <apusaka(a)chromium.org> Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: enable to deliver MIDI messages for multiple ports Tong Zhang <ztong0001(a)gmail.com> ALSA: rme9652: don't disable if not enabled Tong Zhang <ztong0001(a)gmail.com> ALSA: hdspm: don't disable if not enabled Tong Zhang <ztong0001(a)gmail.com> ALSA: hdsp: don't disable if not enabled Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: bail out early when RDWR parameters are wrong Ayush Garg <ayush.garg(a)samsung.com> Bluetooth: Fix incorrect status handling in LE PHY UPDATE event Mikhail Durnev <mikhail_durnev(a)mentor.com> ASoC: rsnd: core: Check convert rate in rsnd_hw_params Jonathan McDowell <noodles(a)earth.li> net: stmmac: Set FIFO sizes for ipq806x Maxim Mikityanskiy <maximmi(a)mellanox.com> net/mlx5e: Use net_prefetchw instead of prefetchw in MPWQE TX datapath Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF Hoang Le <hoang.h.le(a)dektech.com.au> tipc: convert dest node's address to network order Alexander Aring <aahringo(a)redhat.com> fs: dlm: add shutdown hook Alexander Aring <aahringo(a)redhat.com> fs: dlm: flush swork on shutdown Alexander Aring <aahringo(a)redhat.com> fs: dlm: check on minimum msglen size Alexander Aring <aahringo(a)redhat.com> fs: dlm: change allocation limits Alexander Aring <aahringo(a)redhat.com> fs: dlm: add check if dlm is currently running Alexander Aring <aahringo(a)redhat.com> fs: dlm: add errno handling to check callback Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix mark setting deadlock Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix debugfs dump Nicolas MURE <nicolas.mure2019(a)gmail.com> ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table Pradeep Kumar Chitrapu <pradeepc(a)codeaurora.org> ath11k: fix thermal temperature read David Matlack <dmatlack(a)google.com> kvm: Cap halt polling at kvm->max_halt_poll_ns Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Use HWP if enabled by platform firmware Tony Lindgren <tony(a)atomide.com> PM: runtime: Fix unpaired parent child_count for force_resume Sumeet Pawnikar <sumeet.r.pawnikar(a)intel.com> ACPI: PM: Add ACPI ID of Alder Lake Fan Lai Jiangshan <laijs(a)linux.alibaba.com> KVM/VMX: Invoke NMI non-IST entry instead of IST entry Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Make sure GHCB is mapped before updating Anand Jain <anand.jain(a)oracle.com> btrfs: fix unmountable seed device after fstrim Jarkko Sakkinen <jarkko(a)kernel.org> tpm, tpm_tis: Reserve locality in tpm_tis_resume() Jarkko Sakkinen <jarkko(a)kernel.org> tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() Zhen Lei <thunder.leizhen(a)huawei.com> tpm: fix error return code in tpm2_get_cc_attrs_tbl() Colin Ian King <colin.king(a)canonical.com> KEYS: trusted: Fix memory leak on object td ------------- Diffstat: .gitignore | 1 + .../devicetree/bindings/media/renesas,vin.yaml | 46 +- .../devicetree/bindings/pci/rcar-pci-host.yaml | 12 +- .../devicetree/bindings/phy/qcom,qmp-phy.yaml | 2 + .../bindings/phy/qcom,qmp-usb3-dp-phy.yaml | 2 - Documentation/devicetree/bindings/serial/8250.yaml | 5 - .../bindings/thermal/rcar-gen3-thermal.yaml | 43 +- Documentation/dontdiff | 1 + Makefile | 6 +- arch/arc/include/asm/page.h | 12 + arch/arc/include/asm/pgtable.h | 12 +- arch/arc/include/uapi/asm/page.h | 1 - arch/arc/kernel/entry.S | 4 +- arch/arc/mm/init.c | 11 +- arch/arc/mm/ioremap.c | 5 +- arch/arc/mm/tlb.c | 2 +- arch/arm/boot/dts/dra7-l4.dtsi | 4 +- arch/arm/boot/dts/dra7.dtsi | 20 + arch/arm/kernel/hw_breakpoint.c | 2 +- .../boot/dts/renesas/r8a779a0-falcon-cpu.dtsi | 8 + arch/arm64/boot/dts/renesas/r8a779a0-falcon.dts | 5 - arch/arm64/include/asm/daifflags.h | 3 + arch/arm64/kernel/entry-common.c | 17 - arch/arm64/kernel/entry.S | 91 ++-- arch/arm64/kernel/stacktrace.c | 10 +- arch/arm64/mm/flush.c | 4 +- arch/arm64/mm/proc.S | 12 + arch/ia64/include/asm/module.h | 6 +- arch/ia64/kernel/module.c | 29 +- arch/mips/include/asm/div64.h | 55 ++- arch/mips/kernel/cpu-probe.c | 3 - arch/powerpc/include/asm/interrupt.h | 7 + arch/powerpc/kernel/head_32.h | 6 +- arch/powerpc/kernel/iommu.c | 4 +- arch/powerpc/kernel/setup_32.c | 2 +- arch/powerpc/kernel/smp.c | 6 +- arch/powerpc/lib/feature-fixups.c | 35 +- arch/powerpc/mm/book3s64/hash_utils.c | 13 +- arch/powerpc/platforms/powernv/memtrace.c | 4 +- arch/powerpc/platforms/pseries/hotplug-cpu.c | 3 - arch/powerpc/sysdev/xive/common.c | 9 +- arch/powerpc/sysdev/xive/native.c | 6 + arch/powerpc/sysdev/xive/xive-internal.h | 1 + arch/riscv/Kconfig | 2 +- arch/riscv/kernel/smp.c | 2 +- arch/sh/kernel/traps.c | 1 - arch/x86/include/asm/idtentry.h | 15 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/processor.h | 2 + arch/x86/kernel/cpu/amd.c | 16 + arch/x86/kernel/nmi.c | 10 + arch/x86/kernel/smpboot.c | 2 +- arch/x86/kvm/cpuid.c | 3 +- arch/x86/kvm/emulate.c | 2 +- arch/x86/kvm/kvm_emulate.h | 1 + arch/x86/kvm/lapic.c | 2 +- arch/x86/kvm/svm/sev.c | 8 +- arch/x86/kvm/svm/svm.c | 11 +- arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/vmx/nested.c | 29 +- arch/x86/kvm/vmx/vmx.c | 57 ++- arch/x86/kvm/x86.c | 42 +- block/bfq-iosched.c | 3 +- block/blk-iocost.c | 14 +- block/blk-mq-sched.c | 8 +- block/blk-mq.c | 11 +- block/kyber-iosched.c | 5 +- block/mq-deadline.c | 3 +- drivers/acpi/device_pm.c | 1 + drivers/acpi/scan.c | 1 + drivers/ata/ahci_brcm.c | 46 +- drivers/base/power/runtime.c | 10 +- drivers/block/nbd.c | 3 +- drivers/block/rnbd/rnbd-clt.c | 12 +- drivers/block/rnbd/rnbd-clt.h | 2 +- drivers/bluetooth/btusb.c | 4 +- drivers/char/tpm/tpm2-cmd.c | 1 + drivers/char/tpm/tpm_tis_core.c | 22 +- drivers/clk/samsung/clk-exynos7.c | 7 +- drivers/clocksource/timer-ti-dm-systimer.c | 144 +++++- drivers/cpufreq/acpi-cpufreq.c | 6 +- drivers/cpufreq/intel_pstate.c | 14 +- drivers/crypto/ccp/sev-dev.c | 4 +- drivers/dma/idxd/cdev.c | 129 ++---- drivers/dma/idxd/device.c | 25 +- drivers/dma/idxd/dma.c | 77 +++- drivers/dma/idxd/idxd.h | 89 +++- drivers/dma/idxd/init.c | 349 ++++++++++----- drivers/dma/idxd/irq.c | 10 +- drivers/dma/idxd/sysfs.c | 324 ++++++-------- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 2 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc.c | 4 + drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubp.c | 15 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 59 +-- drivers/gpu/drm/i915/display/intel_overlay.c | 2 +- drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 1 - drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 4 +- drivers/gpu/drm/i915/i915_active.c | 3 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 9 +- drivers/gpu/drm/msm/dp/dp_audio.c | 1 + drivers/gpu/drm/msm/dp/dp_display.c | 26 +- drivers/gpu/drm/msm/dp/dp_display.h | 1 + drivers/gpu/drm/radeon/radeon.h | 1 + drivers/gpu/drm/radeon/radeon_atombios.c | 26 +- drivers/gpu/drm/radeon/radeon_pm.c | 8 + drivers/gpu/drm/radeon/si_dpm.c | 3 + drivers/hwmon/ltc2992.c | 8 +- drivers/hwmon/occ/common.c | 5 +- drivers/hwmon/occ/common.h | 2 +- drivers/hwtracing/coresight/coresight-platform.c | 6 + drivers/i2c/busses/i2c-i801.c | 4 + drivers/i2c/busses/i2c-imx.c | 2 +- drivers/i2c/busses/i2c-mt65xx.c | 9 +- drivers/i2c/i2c-dev.c | 9 +- drivers/iio/accel/Kconfig | 1 - drivers/iio/common/hid-sensors/Kconfig | 1 + drivers/iio/gyro/Kconfig | 1 - drivers/iio/gyro/mpu3050-core.c | 13 +- drivers/iio/humidity/Kconfig | 1 - drivers/iio/industrialio-core.c | 9 +- drivers/iio/light/Kconfig | 2 - drivers/iio/light/gp2ap002.c | 5 +- drivers/iio/light/tsl2583.c | 8 + drivers/iio/magnetometer/Kconfig | 1 - drivers/iio/orientation/Kconfig | 2 - drivers/iio/pressure/Kconfig | 1 - drivers/iio/proximity/pulsedlight-lidar-lite-v2.c | 1 + drivers/iio/temperature/Kconfig | 1 - drivers/infiniband/hw/hfi1/ipoib.h | 3 +- drivers/infiniband/hw/hfi1/ipoib_tx.c | 14 +- drivers/iommu/amd/init.c | 49 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 3 + drivers/leds/blink/Kconfig | 1 + drivers/net/can/dev/skb.c | 6 +- drivers/net/can/m_can/m_can.c | 3 +- drivers/net/can/spi/mcp251x.c | 35 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19 +- drivers/net/ethernet/cisco/enic/enic_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 3 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 127 ++++-- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_err.c | 3 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_err.h | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 27 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 2 + drivers/net/ethernet/intel/i40e/i40e.h | 1 - drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 1 + drivers/net/ethernet/intel/i40e/i40e_common.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 42 -- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_type.h | 7 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 2 - drivers/net/ethernet/intel/ice/ice_lib.c | 123 ++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 2 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 2 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 1 + drivers/net/ipa/gsi.c | 4 +- drivers/net/ipa/gsi_reg.h | 18 +- drivers/net/phy/phy_device.c | 6 + drivers/net/wireless/ath/ath11k/wmi.c | 53 +-- drivers/net/wireless/intel/iwlwifi/iwl-trans.c | 91 ++-- drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 1 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 39 +- .../net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 4 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 30 +- drivers/net/wireless/intel/iwlwifi/queue/tx.h | 3 +- drivers/net/wireless/mediatek/mt76/mt76.h | 1 + drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c | 1 + drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 97 ++-- drivers/net/wireless/mediatek/mt76/mt7615/main.c | 18 +- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 15 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 3 + drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 4 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 19 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 58 ++- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 25 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 27 +- drivers/net/wireless/mediatek/mt76/mt7915/regs.h | 13 + drivers/net/wireless/mediatek/mt76/mt7921/main.c | 25 +- drivers/net/wireless/microchip/wilc1000/netdev.c | 25 +- drivers/net/wireless/quantenna/qtnfmac/event.c | 6 +- drivers/net/wireless/realtek/rtw88/main.h | 2 + drivers/net/wireless/realtek/rtw88/phy.c | 14 + drivers/net/wireless/realtek/rtw88/phy.h | 1 + drivers/net/wireless/realtek/rtw88/reg.h | 5 + drivers/net/wireless/realtek/rtw88/rtw8822c.c | 27 +- drivers/net/wireless/wl3501.h | 47 +- drivers/net/wireless/wl3501_cs.c | 54 +-- drivers/nvme/host/core.c | 3 +- drivers/nvme/target/io-cmd-bdev.c | 2 +- drivers/nvme/target/nvmet.h | 6 + drivers/nvme/target/passthru.c | 2 +- drivers/nvme/target/rdma.c | 4 +- drivers/pci/controller/pcie-brcmstb.c | 20 +- drivers/pci/controller/pcie-iproc-msi.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 20 +- drivers/pci/pcie/rcec.c | 2 +- drivers/pci/probe.c | 1 + drivers/pinctrl/samsung/pinctrl-exynos.c | 10 +- drivers/pwm/pwm-atmel.c | 2 +- drivers/remoteproc/pru_rproc.c | 41 +- drivers/remoteproc/qcom_q6v5_mss.c | 18 + drivers/rpmsg/qcom_glink_native.c | 1 + drivers/rtc/rtc-ds1307.c | 12 +- drivers/rtc/rtc-fsl-ftm-alarm.c | 1 + drivers/rtc/rtc-tps65910.c | 1 + drivers/scsi/qla2xxx/qla_init.c | 3 + drivers/scsi/ufs/ufshcd.c | 7 +- drivers/soc/mediatek/mt8173-pm-domains.h | 10 + drivers/soc/mediatek/mt8183-pm-domains.h | 15 + drivers/soc/mediatek/mt8192-pm-domains.h | 21 + drivers/soc/mediatek/mtk-pm-domains.c | 6 +- drivers/soc/mediatek/mtk-pm-domains.h | 2 + drivers/staging/media/rkvdec/rkvdec.c | 2 +- drivers/thermal/qcom/tsens.c | 6 +- drivers/thermal/thermal_of.c | 7 +- drivers/usb/class/cdc-wdm.c | 30 +- drivers/usb/core/hub.c | 6 +- drivers/usb/dwc2/core.h | 2 + drivers/usb/dwc2/gadget.c | 3 +- drivers/usb/dwc3/dwc3-imx8mp.c | 1 + drivers/usb/dwc3/dwc3-omap.c | 5 + drivers/usb/dwc3/dwc3-pci.c | 1 + drivers/usb/dwc3/gadget.c | 11 +- drivers/usb/host/fotg210-hcd.c | 4 +- drivers/usb/host/xhci-ext-caps.h | 5 +- drivers/usb/host/xhci-pci.c | 8 +- drivers/usb/host/xhci-ring.c | 16 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/musb/mediatek.c | 2 +- drivers/usb/typec/tcpm/tcpm.c | 22 +- drivers/usb/typec/ucsi/ucsi.c | 46 +- drivers/usb/typec/ucsi/ucsi.h | 6 +- drivers/xen/gntdev.c | 4 +- drivers/xen/unpopulated-alloc.c | 4 +- fs/9p/vfs_file.c | 4 +- fs/btrfs/ctree.h | 2 +- fs/btrfs/extent-tree.c | 6 +- fs/btrfs/file.c | 35 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/ordered-data.c | 2 +- fs/btrfs/qgroup.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/tree-log.c | 3 +- fs/btrfs/zoned.c | 5 + fs/ceph/export.c | 4 +- fs/dax.c | 35 +- fs/debugfs/inode.c | 2 +- fs/dlm/config.c | 86 ++-- fs/dlm/config.h | 1 - fs/dlm/debug_fs.c | 1 + fs/dlm/lockspace.c | 20 +- fs/dlm/lowcomms.c | 104 +++-- fs/dlm/lowcomms.h | 5 + fs/dlm/midcomms.c | 7 +- fs/ext4/fast_commit.c | 2 +- fs/f2fs/compress.c | 55 +-- fs/f2fs/data.c | 6 +- fs/f2fs/f2fs.h | 7 +- fs/f2fs/file.c | 42 +- fs/f2fs/gc.c | 62 ++- fs/f2fs/inline.c | 3 +- fs/f2fs/segment.c | 86 ++-- fs/f2fs/segment.h | 14 +- fs/f2fs/super.c | 18 +- fs/fuse/cuse.c | 2 + fs/fuse/file.c | 9 + fs/fuse/virtio_fs.c | 3 +- fs/hfsplus/extents.c | 7 +- fs/hugetlbfs/inode.c | 5 + fs/jbd2/recovery.c | 5 +- fs/nfs/callback_proc.c | 17 +- fs/nfs/dir.c | 22 +- fs/nfs/flexfilelayout/flexfilelayout.c | 2 +- fs/nfs/inode.c | 8 +- fs/nfs/nfs42proc.c | 72 ++- fs/nfs/nfs4proc.c | 56 ++- fs/nfsd/nfs4state.c | 24 +- fs/proc/generic.c | 2 +- fs/squashfs/file.c | 6 +- include/linux/cpuhotplug.h | 1 + include/linux/elevator.h | 2 +- include/linux/i2c.h | 2 + include/linux/mm.h | 32 ++ include/linux/mm_types.h | 4 +- include/linux/nfs_xdr.h | 11 +- include/linux/phy.h | 2 + include/linux/pm.h | 1 + include/net/page_pool.h | 12 +- include/trace/events/sunrpc.h | 1 - include/uapi/linux/netfilter/xt_SECMARK.h | 6 + kernel/dma/swiotlb.c | 3 +- kernel/kexec_file.c | 4 +- kernel/resource.c | 4 +- kernel/sched/core.c | 2 +- kernel/sched/fair.c | 14 +- kernel/time/alarmtimer.c | 2 +- kernel/watchdog.c | 88 ++-- lib/Kconfig.kfence | 1 + lib/kobject_uevent.c | 9 +- lib/nlattr.c | 2 +- lib/test_kasan.c | 29 +- mm/gup.c | 94 ++-- mm/hugetlb.c | 12 +- mm/kfence/core.c | 45 +- mm/khugepaged.c | 18 +- mm/ksm.c | 1 + mm/migrate.c | 7 + mm/shmem.c | 34 +- net/bluetooth/hci_event.c | 2 +- net/bluetooth/l2cap_core.c | 4 + net/bluetooth/l2cap_sock.c | 8 + net/bluetooth/mgmt.c | 1 - net/bridge/br_arp_nd_proxy.c | 4 +- net/bridge/br_multicast.c | 28 +- net/bridge/br_netlink.c | 4 +- net/bridge/br_private.h | 3 +- net/bridge/br_sysfs_br.c | 8 +- net/core/flow_dissector.c | 6 +- net/core/page_pool.c | 12 +- net/ethtool/ioctl.c | 2 +- net/ethtool/netlink.c | 3 +- net/ipv6/ip6_vti.c | 2 +- net/mac80211/mlme.c | 12 +- net/mac80211/tx.c | 20 +- net/mptcp/subflow.c | 3 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nfnetlink_osf.c | 2 + net/netfilter/nft_set_hash.c | 10 +- net/netfilter/xt_SECMARK.c | 88 +++- net/sched/cls_flower.c | 36 +- net/sched/sch_taprio.c | 6 + net/sctp/sm_make_chunk.c | 2 +- net/sctp/sm_statefuns.c | 28 +- net/smc/af_smc.c | 4 +- net/sunrpc/clnt.c | 12 +- net/sunrpc/svc.c | 3 +- net/sunrpc/svcsock.c | 2 +- net/sunrpc/xprt.c | 12 +- net/sunrpc/xprtrdma/frwr_ops.c | 2 +- net/sunrpc/xprtrdma/rpc_rdma.c | 3 +- net/sunrpc/xprtrdma/transport.c | 6 +- net/sunrpc/xprtrdma/verbs.c | 10 +- net/sunrpc/xprtrdma/xprt_rdma.h | 2 +- net/tipc/netlink_compat.c | 2 +- net/xdp/xsk_queue.h | 7 +- samples/bpf/tracex1_kern.c | 4 +- scripts/Makefile.modpost | 15 +- scripts/kconfig/nconf.c | 2 +- scripts/mod/modpost.c | 15 +- security/keys/trusted-keys/trusted_tpm1.c | 8 +- sound/firewire/bebob/bebob_stream.c | 12 +- sound/pci/hda/ideapad_s740_helper.c | 492 +++++++++++++++++++++ sound/pci/hda/patch_hdmi.c | 29 +- sound/pci/hda/patch_realtek.c | 11 + sound/pci/rme9652/hdsp.c | 3 +- sound/pci/rme9652/hdspm.c | 3 +- sound/pci/rme9652/rme9652.c | 3 +- sound/soc/codecs/rt286.c | 23 +- sound/soc/codecs/rt5670.c | 12 + sound/soc/intel/boards/bytcr_rt5640.c | 20 + sound/soc/intel/boards/sof_sdw.c | 11 + sound/soc/sh/rcar/core.c | 69 ++- sound/soc/sh/rcar/ssi.c | 16 +- sound/soc/soc-compress.c | 4 + sound/usb/quirks-table.h | 63 +++ tools/lib/bpf/ringbuf.c | 30 +- tools/perf/Makefile.config | 1 + tools/perf/util/Build | 7 + .../drivers/net/mlxsw/mirror_gre_scale.sh | 3 +- .../selftests/drivers/net/mlxsw/sch_red_core.sh | 4 +- tools/testing/selftests/lib.mk | 4 + .../testing/selftests/net/forwarding/mirror_lib.sh | 19 +- tools/testing/selftests/net/mptcp/diag.sh | 55 ++- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 15 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 22 +- tools/testing/selftests/net/mptcp/simult_flows.sh | 13 +- .../selftests/powerpc/security/entry_flush.c | 2 +- .../selftests/powerpc/security/flush_utils.h | 4 + .../testing/selftests/powerpc/security/rfi_flush.c | 2 +- virt/kvm/kvm_main.c | 7 +- 394 files changed, 4512 insertions(+), 2167 deletions(-)

3 years, 7 months

10
377
0 0

[PATCH v2 1/4] usb: typec: tcpm: Fix up PR_SWAP when vsafe0v is signalled

by Badhri Jagan Sridharan

During PR_SWAP, When TCPM is in PR_SWAP_SNK_SRC_SINK_OFF, vbus is expected to reach VSAFE0V when source turns off vbus. Do not move to SNK_UNATTACHED state when this happens. Fixes: 28b43d3d746b ("usb: typec: tcpm: Introduce vsafe0v for vbus") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> --- Changes since V1: - Fixed type s/of/off in commit message. - Added Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> --- drivers/usb/typec/tcpm/tcpm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index c4fdc00a3bc8..b93c4c8d7b15 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5114,6 +5114,9 @@ static void _tcpm_pd_vbus_vsafe0v(struct tcpm_port *port) tcpm_set_state(port, SNK_UNATTACHED, 0); } break; + case PR_SWAP_SNK_SRC_SINK_OFF: + /* Do nothing, vsafe0v is expected during transition */ + break; default: if (port->pwr_role == TYPEC_SINK && port->auto_vbus_discharge_enabled) tcpm_set_state(port, SNK_UNATTACHED, 0); -- 2.31.1.751.gd2f1c929bd-goog

3 years, 7 months

3
8
0 0

[PATCH v4 3/5] KVM: X86: Fix vCPU preempted state from guest's point of view

by Wanpeng Li

From: Wanpeng Li <wanpengli(a)tencent.com> Commit 66570e966dd9 (kvm: x86: only provide PV features if enabled in guest's CPUID) avoids to access pv tlb shootdown host side logic when this pv feature is not exposed to guest, however, kvm_steal_time.preempted not only leveraged by pv tlb shootdown logic but also mitigate the lock holder preemption issue. >From guest's point of view, vCPU is always preempted since we lose the reset of kvm_steal_time.preempted before vmentry if pv tlb shootdown feature is not exposed. This patch fixes it by clearing kvm_steal_time.preempted before vmentry. Fixes: 66570e966dd9 (kvm: x86: only provide PV features if enabled in guest's CPUID) Reviewed-by: Sean Christopherson <seanjc(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Wanpeng Li <wanpengli(a)tencent.com> --- v1 -> v2: * add curly braces arch/x86/kvm/x86.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index dfb7c320581f..bed7b5348c0e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3105,6 +3105,8 @@ static void record_steal_time(struct kvm_vcpu *vcpu) st->preempted & KVM_VCPU_FLUSH_TLB); if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB) kvm_vcpu_flush_tlb_guest(vcpu); + } else { + st->preempted = 0; } vcpu->arch.st.preempted = 0; -- 2.25.1

3 years, 7 months

1
0
0 0

Re: [PATCH 1/7] crypto: fix a memory leak in sm2

by Tianjia Zhang

Hi Hongbo, On 5/12/21 10:04 PM, Hongbo Li wrote: > From: Hongbo Li <herberthbli(a)tencent.com> > > SM2 module alloc ec->Q in sm2_set_pub_key(), when doing alg test in > test_akcipher_one(), it will set public key for every test vector, > and don't free ec->Q. This will cause a memory leak. > > This patch alloc ec->Q in sm2_ec_ctx_init(). > > Signed-off-by: Hongbo Li <herberthbli(a)tencent.com> > --- > crypto/sm2.c | 24 ++++++++++-------------- > 1 file changed, 10 insertions(+), 14 deletions(-) > > diff --git a/crypto/sm2.c b/crypto/sm2.c > index b21addc..db8a4a2 100644 > --- a/crypto/sm2.c > +++ b/crypto/sm2.c > @@ -79,10 +79,17 @@ static int sm2_ec_ctx_init(struct mpi_ec_ctx *ec) > goto free; > > rc = -ENOMEM; > + > + ec->Q = mpi_point_new(0); > + if (!ec->Q) > + goto free; > + > /* mpi_ec_setup_elliptic_curve */ > ec->G = mpi_point_new(0); > - if (!ec->G) > + if (!ec->G) { > + mpi_point_release(ec->Q); > goto free; > + } > > mpi_set(ec->G->x, x); > mpi_set(ec->G->y, y); > @@ -91,6 +98,7 @@ static int sm2_ec_ctx_init(struct mpi_ec_ctx *ec) > rc = -EINVAL; > ec->n = mpi_scanval(ecp->n); > if (!ec->n) { > + mpi_point_release(ec->Q); > mpi_point_release(ec->G); > goto free; > } > @@ -386,27 +394,15 @@ static int sm2_set_pub_key(struct crypto_akcipher *tfm, > MPI a; > int rc; > > - ec->Q = mpi_point_new(0); > - if (!ec->Q) > - return -ENOMEM; > - > /* include the uncompressed flag '0x04' */ > - rc = -ENOMEM; > a = mpi_read_raw_data(key, keylen); > if (!a) > - goto error; > + return -ENOMEM; > > mpi_normalize(a); > rc = sm2_ecc_os2ec(ec->Q, a); > mpi_free(a); > - if (rc) > - goto error; > - > - return 0; > > -error: > - mpi_point_release(ec->Q); > - ec->Q = NULL; > return rc; > } > > Thanks a lot for fixing this issue. Reviewed-by: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> Also added: Cc: stable(a)vger.kernel.org # v5.10+ Best regards, Tianjia

3 years, 7 months

2
1
0 0

[PATCH] platform/chrome: cros_ec_proto: Send command again when timeout occurs

by Patryk Duda

Sometimes kernel is trying to probe Fingerprint MCU (FPMCU) when it hasn't initialized SPI yet. This can happen because FPMCU is restarted during system boot and kernel can send message in short window eg. between sysjump to RW and SPI initialization. Cc: <stable(a)vger.kernel.org> # 4.4+ Signed-off-by: Patryk Duda <pdk(a)semihalf.com> --- Fingerprint MCU is rebooted during system startup by AP firmware (coreboot). During cold boot kernel can query FPMCU in a window just after jump to RW section of firmware but before SPI is initialized. The window was shortened to <1ms, but it can't be eliminated completly. Communication with FPMCU (and all devices based on EC) is bi-directional. When kernel sends message, EC will send EC_SPI* status codes. When EC is not able to process command one of bytes will be eg. EC_SPI_NOT_READY. This mechanism won't work when SPI is not initailized on EC side. In fact, buffer is filled with 0xFF bytes, so from kernel perspective device is not responding. To avoid this problem, we can query device once again. We are already waiting EC_MSG_DEADLINE_MS for response, so we can send command immediately. Best regards, Patryk drivers/platform/chrome/cros_ec_proto.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/platform/chrome/cros_ec_proto.c b/drivers/platform/chrome/cros_ec_proto.c index aa7f7aa77297..3384631d21e2 100644 --- a/drivers/platform/chrome/cros_ec_proto.c +++ b/drivers/platform/chrome/cros_ec_proto.c @@ -279,6 +279,18 @@ static int cros_ec_host_command_proto_query(struct cros_ec_device *ec_dev, msg->insize = sizeof(struct ec_response_get_protocol_info); ret = send_command(ec_dev, msg); + /* + * Send command once again when timeout occurred. + * Fingerprint MCU (FPMCU) is restarted during system boot which + * introduces small window in which FPMCU won't respond for any + * messages sent by kernel. There is no need to wait before next + * attempt because we waited at least EC_MSG_DEADLINE_MS. + */ + if (ret == -ETIMEDOUT) { + dev_warn(ec_dev->dev, + "Timeout to get response from EC. Retrying.\n"); + ret = send_command(ec_dev, msg); + } if (ret < 0) { dev_dbg(ec_dev->dev, -- 2.31.1.751.gd2f1c929bd-goog

3 years, 7 months

2
3
0 0

[PATCH v2] bcache: avoid oversized read request in cache missing code path

by colyli＠suse.de

From: Coly Li <colyli(a)suse.de> In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached_dev_cache_miss() will be called in cache_lookup_fn() in the following code block, [code block 1] 526 unsigned int sectors = KEY_INODE(k) == s->iop.inode 527 ? min_t(uint64_t, INT_MAX, 528 KEY_START(k) - bio->bi_iter.bi_sector) 529 : INT_MAX; 530 int ret = s->d->cache_miss(b, s, bio, sectors); Here s->d->cache_miss() is the call backfunction pointer initialized as cached_dev_cache_miss(), the last parameter 'sectors' is an important hint to calculate the size of read request to backing device of the missing cache data. Current calculation in above code block may generate oversized value of 'sectors', which consequently may trigger 2 different potential kernel panics by BUG() or BUG_ON() as listed below, 1) BUG_ON() inside bch_btree_insert_key(), [code block 2] 886 BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); 2) BUG() inside biovec_slab(), [code block 3] 51 default: 52 BUG(); 53 return NULL; All the above panics are original from cached_dev_cache_miss() by the oversized parameter 'sectors'. Inside cached_dev_cache_miss(), parameter 'sectors' is used to calculate the size of data read from backing device for the cache missing. This size is stored in s->insert_bio_sectors by the following lines of code, [code block 4] 909 s->insert_bio_sectors = min(sectors, bio_sectors(bio) + reada); Then the actual key inserting to the internal B+ tree is generated and stored in s->iop.replace_key by the following lines of code, [code block 5] 911 s->iop.replace_key = KEY(s->iop.inode, 912 bio->bi_iter.bi_sector + s->insert_bio_sectors, 913 s->insert_bio_sectors); The oversized parameter 'sectors' may trigger panic 1) by BUG_ON() from the above code block. And the bio sending to backing device for the missing data is allocated with hint from s->insert_bio_sectors by the following lines of code, [code block 6] 926 cache_bio = bio_alloc_bioset(GFP_NOWAIT, 927 DIV_ROUND_UP(s->insert_bio_sectors, PAGE_SECTORS), 928 &dc->disk.bio_split); The oversized parameter 'sectors' may trigger panic 2) by BUG() from the agove code block. Now let me explain how the panics happen with the oversized 'sectors'. In code block 5, replace_key is generated by macro KEY(). From the definition of macro KEY(), [code block 7] 71 #define KEY(inode, offset, size) \ 72 ((struct bkey) { \ 73 .high = (1ULL << 63) | ((__u64) (size) << 20) | (inode), \ 74 .low = (offset) \ 75 }) Here 'size' is 16bits width embedded in 64bits member 'high' of struct bkey. But in code block 1, if "KEY_START(k) - bio->bi_iter.bi_sector" is very probably to be larger than (1<<16) - 1, which makes the bkey size calculation in code block 5 is overflowed. In one bug report the value of parameter 'sectors' is 131072 (= 1 << 17), the overflowed 'sectors' results the overflowed s->insert_bio_sectors in code block 4, then makes size field of s->iop.replace_key to be 0 in code block 5. Then the 0- sized s->iop.replace_key is inserted into the internal B+ tree as cache missing check key (a special key to detect and avoid a racing between normal write request and cache missing read request) as, [code block 8] 915 ret = bch_btree_insert_check_key(b, &s->op, &s->iop.replace_key); Then the 0-sized s->iop.replace_key as 3rd parameter triggers the bkey size check BUG_ON() in code block 2, and causes the kernel panic 1). Another kernel panic is from code block 6, is from the oversized value s->insert_bio_sectors resulted by the oversized 'sectors'. From a bug report the result of "DIV_ROUND_UP(s->insert_bio_sectors, PAGE_SECTORS)" from code block 6 can be 344, 282, 946, 342 and many other values which larther than BIO_MAX_VECS (a.k.a 256). When calling bio_alloc_bioset() with such larger-than-256 value as the 2nd parameter, this value will eventually be sent to biovec_slab() as parameter 'nr_vecs' in following code path, bio_alloc_bioset() ==> bvec_alloc() ==> biovec_slab() Because parameter 'nr_vecs' is larger-than-256 value, the panic by BUG() in code block 3 is triggered inside biovec_slab(). >From the above analysis, we know that the 4th parameter 'sector' sent into cached_dev_cache_miss() may cause overflow in code block 5 and 6, and finally cause kernel panic in code block 2 and 3. Therefore inside cached_dev_cache_miss() before parameter 'sector' is used to calculate s->insert_bio_sectors in code block4, there should be an value overflow check on 'sector' and fix its value when necessary. - To avoid overflow in code block 5, the maximum 'sectors' value should be equal or less than (1 << KEY_SIZE_BITS) - 1. - To avoid overflow in code block 6, the maximum 'sectors' value should be euqal or less than BIO_MAX_VECS * PAGE_SECTORS. Considering the kernel page size can be variable, a reasonable maximum limitation of 'sectors' should be the smaller one of the values "(1 << KEY_SIZE_BITS) - 1" and "BIO_MAX_VECS * PAGE_SECTORS". In this patch, a local variable inside cached_dev_cache_miss() is added as, max_cache_miss_size = min_t(uint32_t, (1 << KEY_SIZE_BITS) - 1, BIO_MAX_VECS * PAGE_SECTORS); Then the following code check and fix parameter 'sectors' as, if (sectors > max_cache_miss_size) sectors = max_cache_miss_size; Now inside cached_dev_cache_miss(), the calculated 'sectors' value sent into code block 5 and 6 will not trigger neither of the above kernel panics anymore. Current problmatic code can be partially found since Linux v5.13-rc1, therefore all maintained stable kernels should try to apply this fix. Reported-by: Diego Ercolani <diego.ercolani(a)gmail.com> Reported-by: Jan Szubiak <jan.szubiak(a)linuxpolska.pl> Reported-by: Marco Rebhan <me(a)dblsaiko.net> Reported-by: Matthias Ferdinand <bcache(a)mfedv.net> Reported-by: Thorsten Knabe <linux(a)thorsten-knabe.de> Reported-by: Victor Westerhuis <victor(a)westerhu.is> Reported-by: Vojtech Pavlik <vojtech(a)suse.cz> Signed-off-by: Coly Li <colyli(a)suse.de> Cc: stable(a)vger.kernel.org Cc: Takashi Iwai <tiwai(a)suse.com> Cc: Kent Overstreet <kent.overstreet(a)gmail.com> --- Changlog v2, fix the bypass bio size calculation in v1. v1, the initial version drivers/md/bcache/request.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index 29c231758293..ba1612b00b9f 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -883,6 +883,7 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s, unsigned int reada = 0; struct cached_dev *dc = container_of(s->d, struct cached_dev, disk); struct bio *miss, *cache_bio; + unsigned int max_miss_size; s->cache_missed = 1; @@ -899,6 +900,25 @@ static int cached_dev_cache_miss(struct btree *b, struct search *s, get_capacity(bio->bi_bdev->bd_disk) - bio_end_sector(bio)); + /* + * Make sure sectors won't exceed two size limitations, + * - The bkey maximum size + * Size field in the bkey is 16 bits, the maximum permitted + * value is (1 << KEY_SIZE_BITS) - 1, in unit of sector. + * - The bio io vecs maximum number + * BIO_MAX_VECS is the maximum permitted io vecs number of a + * bio, any larger value will result a BUG() complain in bio + * layer code. When maximum size of each io vector is a page, + * BIO_MAX_VECS * PAGE_SECTORS is the maximum permitted value + * in unit of sectors. + * Then we are sure there is no overflow for key size of + * s->iop.replace_key and bio io vecs number of cache_bio. + */ + max_cache_miss_size = min_t(uint32_t, + (1 << KEY_SIZE_BITS) - 1, BIO_MAX_VECS * PAGE_SECTORS); + if (sectors > max_cache_miss_size) + sectors = max_cache_miss_size; + s->insert_bio_sectors = min(sectors, bio_sectors(bio) + reada); s->iop.replace_key = KEY(s->iop.inode, -- 2.26.2

3 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2021