October 2022 - Linux-stable-mirror

[RFC v5.4 0/3] mac80211 use-after-free fix

by Johannes Berg

And the same for 5.4. Again, not sure, maybe cherry-picking a bunch of changes is better. johannes

2 years, 3 months

2
5
0 0

[RFC v5.10 0/3] mac80211 use-after-free fix

by Johannes Berg

Hi, So I looked at this, and it wasn't great one way or the other... The first patch here is obvious, let's just take it and get one of the parsings out of the way. The second one removes a couple of more cases where this is done, since it only happens when the last argument is non-NULL. The third then is to avoid the UAF, and is simpler now since only a few places can even allocate it. johannes

2 years, 3 months

2
4
0 0

[PATCH 5.4 00/38] 5.4.218-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.218 release. There are 38 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Oct 2022 17:51:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.218-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.218-rc1 Cameron Gutman <aicommander(a)gmail.com> Input: xpad - fix wireless 360 controller breaking after suspend Pavel Rojtberg <rojtberg(a)gmail.com> Input: xpad - add supported devices as contributed on github Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: update hidden BSSes to avoid WARN_ON Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211_hwsim: avoid mac80211 warning on bad rate Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: avoid nontransmitted BSS list corruption Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix BSS refcounting bugs Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: ensure length byte is present before access Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211/mac80211: reject bad MBSSID elements Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() Jason A. Donenfeld <Jason(a)zx2c4.com> random: use expired timer rather than wq for mixing fast pool Jason A. Donenfeld <Jason(a)zx2c4.com> random: avoid reading two cache lines on irq randomness Jason A. Donenfeld <Jason(a)zx2c4.com> random: restore O_NONBLOCK support Frank Wunderlich <frank-w(a)public-files.de> USB: serial: qcserial: add new usb-id for Dell branded EM7455 Linus Torvalds <torvalds(a)linux-foundation.org> scsi: stex: Properly zero out the passthrough command structure Orlando Chamberlain <redecorating(a)protonmail.com> efi: Correct Macmini DMI match in uefi cert quirk Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Fix position reporting on Poulsbo Jason A. Donenfeld <Jason(a)zx2c4.com> random: clamp credited irq bits to maximum mixed Hu Weiwen <sehuww(a)mail.scut.edu.cn> ceph: don't truncate file in atomic_open Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix leak of nilfs_root in case of writer thread creation failure Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rpmsg: qcom: glink: replace strncpy() with strscpy_pad() Brian Norris <briannorris(a)chromium.org> mmc: core: Terminate infinite loop in SD-UHS voltage switch ChanWoo Lee <cw9316.lee(a)samsung.com> mmc: core: Replace with already defined values for readability Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: fix 300 bps rate for SIO Tadeusz Struk <tadeusz.struk(a)linaro.org> usb: mon: make mmapped memory read only David Gow <davidgow(a)google.com> arch: um: Mark the stack non-executable to fix a binutils warning Lukas Straub <lukasstraub2(a)web.de> um: Cleanup compiler warning in arch/x86/um/tls_32.c Lukas Straub <lukasstraub2(a)web.de> um: Cleanup syscall_handler_t cast in syscalls_32.h Haimin Zhang <tcs.kernel(a)gmail.com> net/ieee802154: fix uninit value bug in dgram_sendmsg Letu Ren <fantasquex(a)gmail.com> scsi: qedf: Fix a UAF bug in __qedf_probe() Sergei Antonov <saproj(a)gmail.com> ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer Swati Agarwal <swati.agarwal(a)xilinx.com> dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure Swati Agarwal <swati.agarwal(a)xilinx.com> dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Add SCMI PM driver remove routine Dongliang Mu <mudongliangabcd(a)gmail.com> fs: fix UAF/GPF bug in nilfs_mdt_destroy Alexey Dobriyan <adobriyan(a)gmail.com> perf tools: Fixup get_current_dir_name() compilation Steven Price <steven.price(a)arm.com> mm: pagewalk: Fix race between unmap and page walker ------------- Diffstat: .../devicetree/bindings/dma/moxa,moxart-dma.txt | 4 +- Makefile | 4 +- arch/arm/boot/dts/moxart-uc7112lx.dts | 2 +- arch/arm/boot/dts/moxart.dtsi | 4 +- arch/um/Makefile | 8 +++ arch/x86/um/shared/sysdep/syscalls_32.h | 5 +- arch/x86/um/tls_32.c | 6 -- arch/x86/um/vdso/Makefile | 2 +- drivers/char/mem.c | 4 +- drivers/char/random.c | 25 ++++--- drivers/dma/xilinx/xilinx_dma.c | 8 ++- drivers/firmware/arm_scmi/scmi_pm_domain.c | 20 ++++++ drivers/input/joystick/xpad.c | 20 +++++- drivers/mmc/core/sd.c | 3 +- drivers/net/wireless/mac80211_hwsim.c | 2 + drivers/rpmsg/qcom_glink_native.c | 2 +- drivers/rpmsg/qcom_smd.c | 4 +- drivers/scsi/qedf/qedf_main.c | 5 -- drivers/scsi/stex.c | 17 ++--- drivers/usb/mon/mon_bin.c | 5 ++ drivers/usb/serial/ftdi_sio.c | 3 +- drivers/usb/serial/qcserial.c | 1 + fs/ceph/file.c | 10 ++- fs/inode.c | 7 +- fs/nilfs2/inode.c | 2 + fs/nilfs2/segment.c | 21 +++--- include/net/ieee802154_netdev.h | 37 +++++++++++ include/scsi/scsi_cmnd.h | 2 +- mm/pagewalk.c | 13 ++-- net/ieee802154/socket.c | 42 ++++++------ net/mac80211/util.c | 2 + net/wireless/scan.c | 77 ++++++++++++++-------- security/integrity/platform_certs/load_uefi.c | 2 +- sound/pci/hda/hda_intel.c | 3 +- tools/perf/util/get_current_dir_name.c | 3 +- 35 files changed, 256 insertions(+), 119 deletions(-)

2 years, 3 months

8
45
0 0

[PATCH 5.10 00/54] 5.10.148-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.148 release. There are 54 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Oct 2022 17:51:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.148-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.148-rc1 Shunsuke Mie <mie(a)igel.co.jp> misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic Shunsuke Mie <mie(a)igel.co.jp> misc: pci_endpoint_test: Aggregate params checking for xfer Cameron Gutman <aicommander(a)gmail.com> Input: xpad - fix wireless 360 controller breaking after suspend Pavel Rojtberg <rojtberg(a)gmail.com> Input: xpad - add supported devices as contributed on github Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: update hidden BSSes to avoid WARN_ON Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix crash in beacon protection for P2P-device Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211_hwsim: avoid mac80211 warning on bad rate Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: avoid nontransmitted BSS list corruption Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix BSS refcounting bugs Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: ensure length byte is present before access Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211/mac80211: reject bad MBSSID elements Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() Jason A. Donenfeld <Jason(a)zx2c4.com> random: use expired timer rather than wq for mixing fast pool Jason A. Donenfeld <Jason(a)zx2c4.com> random: avoid reading two cache lines on irq randomness Frank Wunderlich <frank-w(a)public-files.de> USB: serial: qcserial: add new usb-id for Dell branded EM7455 Linus Torvalds <torvalds(a)linux-foundation.org> scsi: stex: Properly zero out the passthrough command structure Orlando Chamberlain <redecorating(a)protonmail.com> efi: Correct Macmini DMI match in uefi cert quirk Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Fix position reporting on Poulsbo Jason A. Donenfeld <Jason(a)zx2c4.com> random: clamp credited irq bits to maximum mixed Jason A. Donenfeld <Jason(a)zx2c4.com> random: restore O_NONBLOCK support Sasha Levin <sashal(a)kernel.org> Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rpmsg: qcom: glink: replace strncpy() with strscpy_pad() Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: fix 300 bps rate for SIO Tadeusz Struk <tadeusz.struk(a)linaro.org> usb: mon: make mmapped memory read only Brian Norris <briannorris(a)chromium.org> mmc: core: Terminate infinite loop in SD-UHS voltage switch ChanWoo Lee <cw9316.lee(a)samsung.com> mmc: core: Replace with already defined values for readability zhikzhai <zhikai.zhai(a)amd.com> drm/amd/display: skip audio setup when audio stream is enabled Hugo Hu <hugo.hu(a)amd.com> drm/amd/display: update gamut remap if plane has changed Jianglei Nie <niejianglei2021(a)163.com> net: atlantic: fix potential memory leak in aq_ndev_close() David Gow <davidgow(a)google.com> arch: um: Mark the stack non-executable to fix a binutils warning Lukas Straub <lukasstraub2(a)web.de> um: Cleanup compiler warning in arch/x86/um/tls_32.c Lukas Straub <lukasstraub2(a)web.de> um: Cleanup syscall_handler_t cast in syscalls_32.h Jaroslav Kysela <perex(a)perex.cz> ALSA: hda/hdmi: Fix the converter reuse for the silent stream Haimin Zhang <tcs.kernel(a)gmail.com> net/ieee802154: fix uninit value bug in dgram_sendmsg Letu Ren <fantasquex(a)gmail.com> scsi: qedf: Fix a UAF bug in __qedf_probe() Sergei Antonov <saproj(a)gmail.com> ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer Swati Agarwal <swati.agarwal(a)xilinx.com> dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure Swati Agarwal <swati.agarwal(a)xilinx.com> dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property Swati Agarwal <swati.agarwal(a)xilinx.com> dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Add SCMI PM driver remove routine Nick Desaulniers <ndesaulniers(a)google.com> compiler_attributes.h: move __compiletime_{error|warning} Dongliang Mu <mudongliangabcd(a)gmail.com> fs: fix UAF/GPF bug in nilfs_mdt_destroy Yang Shi <shy828301(a)gmail.com> powerpc/64s/radix: don't need to broadcast IPI for radix pmd collapse flush Yang Shi <shy828301(a)gmail.com> mm: gup: fix the fast GUP race against THP collapse Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC Jalal Mostafa <jalal.a.mostapha(a)gmail.com> xsk: Inherit need_wakeup flag for shared sockets Alexey Dobriyan <adobriyan(a)gmail.com> perf tools: Fixup get_current_dir_name() compilation Shuah Khan <skhan(a)linuxfoundation.org> docs: update mediator information in CoC docs Sami Tolvanen <samitolvanen(a)google.com> Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 Hu Weiwen <sehuww(a)mail.scut.edu.cn> ceph: don't truncate file in atomic_open Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix leak of nilfs_root in case of writer thread creation failure Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free bug of struct nilfs_root Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() ------------- Diffstat: .../devicetree/bindings/dma/moxa,moxart-dma.txt | 4 +- .../process/code-of-conduct-interpretation.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/moxart-uc7112lx.dts | 2 +- arch/arm/boot/dts/moxart.dtsi | 4 +- arch/powerpc/mm/book3s64/radix_pgtable.c | 9 - arch/um/Makefile | 8 + arch/x86/um/shared/sysdep/syscalls_32.h | 5 +- arch/x86/um/tls_32.c | 6 - arch/x86/um/vdso/Makefile | 2 +- drivers/char/mem.c | 4 +- drivers/char/random.c | 25 ++- drivers/clk/ti/clk-44xx.c | 210 ++++++++++----------- drivers/clk/ti/clk-54xx.c | 160 ++++++++-------- drivers/clk/ti/clkctrl.c | 4 + drivers/dma/xilinx/xilinx_dma.c | 21 ++- drivers/firmware/arm_scmi/scmi_pm_domain.c | 20 ++ .../amd/display/dc/dce110/dce110_hw_sequencer.c | 6 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 1 + drivers/input/joystick/xpad.c | 20 +- drivers/misc/pci_endpoint_test.c | 34 +++- drivers/mmc/core/sd.c | 3 +- drivers/net/ethernet/aquantia/atlantic/aq_main.c | 3 - drivers/net/wireless/mac80211_hwsim.c | 2 + drivers/rpmsg/qcom_glink_native.c | 2 +- drivers/rpmsg/qcom_smd.c | 4 +- drivers/scsi/qedf/qedf_main.c | 5 - drivers/scsi/stex.c | 17 +- drivers/usb/mon/mon_bin.c | 5 + drivers/usb/serial/ftdi_sio.c | 3 +- drivers/usb/serial/qcserial.c | 1 + fs/ceph/file.c | 10 +- fs/inode.c | 7 +- fs/nilfs2/inode.c | 19 +- fs/nilfs2/segment.c | 21 ++- include/linux/compiler-gcc.h | 3 - include/linux/compiler_attributes.h | 24 +++ include/linux/compiler_types.h | 6 - include/net/ieee802154_netdev.h | 37 ++++ include/net/xsk_buff_pool.h | 2 +- include/scsi/scsi_cmnd.h | 2 +- mm/gup.c | 34 +++- mm/khugepaged.c | 10 +- net/ieee802154/socket.c | 42 +++-- net/mac80211/rx.c | 12 +- net/mac80211/util.c | 2 + net/wireless/scan.c | 77 +++++--- net/xdp/xsk.c | 4 +- net/xdp/xsk_buff_pool.c | 5 +- scripts/Makefile.extrawarn | 1 + security/integrity/platform_certs/load_uefi.c | 2 +- sound/core/oss/pcm_oss.c | 5 +- sound/pci/hda/hda_intel.c | 3 +- sound/pci/hda/patch_hdmi.c | 1 + tools/perf/util/get_current_dir_name.c | 3 +- 55 files changed, 570 insertions(+), 358 deletions(-)

2 years, 3 months

11
64
0 0

+ gcov-support-gcc-121-and-newer-compilers.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: gcov: support GCC 12.1 and newer compilers has been added to the -mm mm-hotfixes-unstable branch. Its filename is gcov-support-gcc-121-and-newer-compilers.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Martin Liska <mliska(a)suse.cz> Subject: gcov: support GCC 12.1 and newer compilers Date: Thu, 13 Oct 2022 09:40:59 +0200 Starting with GCC 12.1, there are 2 significant changes to the .gcda file format that needs to be supported: a) [gcov: Use system IO buffering] (23eb66d1d46a34cb28c4acbdf8a1deb80a7c5a05) changed that all sizes in the format are in bytes and not in words (4B) b) [gcov: make profile merging smarter] (72e0c742bd01f8e7e6dcca64042b9ad7e75979de) add a new checksum to the file header. Tested with GCC 7.5, 10.4, 12.2 and the current master. Link: https://lkml.kernel.org/r/624bda92-f307-30e9-9aaa-8cc678b2dfb2@suse.cz Signed-off-by: Martin Liska <mliska(a)suse.cz> Tested-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reviewed-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/gcov/gcc_4_7.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) --- a/kernel/gcov/gcc_4_7.c~gcov-support-gcc-121-and-newer-compilers +++ a/kernel/gcov/gcc_4_7.c @@ -30,6 +30,13 @@ #define GCOV_TAG_FUNCTION_LENGTH 3 +/* Since GCC 12.1 sizes are in BYTES and not in WORDS (4B). */ +#if (__GNUC__ >= 12) +#define GCOV_UNIT_SIZE 4 +#else +#define GCOV_UNIT_SIZE 1 +#endif + static struct gcov_info *gcov_info_head; /** @@ -383,12 +390,18 @@ size_t convert_to_gcda(char *buffer, str pos += store_gcov_u32(buffer, pos, info->version); pos += store_gcov_u32(buffer, pos, info->stamp); +#if (__GNUC__ >= 12) + /* Use zero as checksum of the compilation unit. */ + pos += store_gcov_u32(buffer, pos, 0); +#endif + for (fi_idx = 0; fi_idx < info->n_functions; fi_idx++) { fi_ptr = info->functions[fi_idx]; /* Function record. */ pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION); - pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION_LENGTH); + pos += store_gcov_u32(buffer, pos, + GCOV_TAG_FUNCTION_LENGTH * GCOV_UNIT_SIZE); pos += store_gcov_u32(buffer, pos, fi_ptr->ident); pos += store_gcov_u32(buffer, pos, fi_ptr->lineno_checksum); pos += store_gcov_u32(buffer, pos, fi_ptr->cfg_checksum); @@ -402,7 +415,8 @@ size_t convert_to_gcda(char *buffer, str /* Counter record. */ pos += store_gcov_u32(buffer, pos, GCOV_TAG_FOR_COUNTER(ct_idx)); - pos += store_gcov_u32(buffer, pos, ci_ptr->num * 2); + pos += store_gcov_u32(buffer, pos, + ci_ptr->num * 2 * GCOV_UNIT_SIZE); for (cv_idx = 0; cv_idx < ci_ptr->num; cv_idx++) { pos += store_gcov_u64(buffer, pos, _ Patches currently in -mm which might be from mliska(a)suse.cz are gcov-support-gcc-121-and-newer-compilers.patch

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing: Disable interrupt or preemption before acquiring" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: c0a581d7126c ("tracing: Disable interrupt or preemption before acquiring arch_spinlock_t") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c0a581d7126c0bbc96163276f585fd7b4e4d8d0e Mon Sep 17 00:00:00 2001 From: Waiman Long <longman(a)redhat.com> Date: Thu, 22 Sep 2022 10:56:22 -0400 Subject: [PATCH] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t It was found that some tracing functions in kernel/trace/trace.c acquire an arch_spinlock_t with preemption and irqs enabled. An example is the tracing_saved_cmdlines_size_read() function which intermittently causes a "BUG: using smp_processor_id() in preemptible" warning when the LTP read_all_proc test is run. That can be problematic in case preemption happens after acquiring the lock. Add the necessary preemption or interrupt disabling code in the appropriate places before acquiring an arch_spinlock_t. The convention here is to disable preemption for trace_cmdline_lock and interupt for max_lock. Link: https://lkml.kernel.org/r/20220922145622.1744826-1-longman@redhat.com Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Will Deacon <will(a)kernel.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: a35873a0993b ("tracing: Add conditional snapshot") Fixes: 939c7a4f04fc ("tracing: Introduce saved_cmdlines_size file") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Waiman Long <longman(a)redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index d3005279165d..aed7ea6e6045 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1193,12 +1193,14 @@ void *tracing_cond_snapshot_data(struct trace_array *tr) { void *cond_data = NULL; + local_irq_disable(); arch_spin_lock(&tr->max_lock); if (tr->cond_snapshot) cond_data = tr->cond_snapshot->cond_data; arch_spin_unlock(&tr->max_lock); + local_irq_enable(); return cond_data; } @@ -1334,9 +1336,11 @@ int tracing_snapshot_cond_enable(struct trace_array *tr, void *cond_data, goto fail_unlock; } + local_irq_disable(); arch_spin_lock(&tr->max_lock); tr->cond_snapshot = cond_snapshot; arch_spin_unlock(&tr->max_lock); + local_irq_enable(); mutex_unlock(&trace_types_lock); @@ -1363,6 +1367,7 @@ int tracing_snapshot_cond_disable(struct trace_array *tr) { int ret = 0; + local_irq_disable(); arch_spin_lock(&tr->max_lock); if (!tr->cond_snapshot) @@ -1373,6 +1378,7 @@ int tracing_snapshot_cond_disable(struct trace_array *tr) } arch_spin_unlock(&tr->max_lock); + local_irq_enable(); return ret; } @@ -2200,6 +2206,11 @@ static size_t tgid_map_max; #define SAVED_CMDLINES_DEFAULT 128 #define NO_CMDLINE_MAP UINT_MAX +/* + * Preemption must be disabled before acquiring trace_cmdline_lock. + * The various trace_arrays' max_lock must be acquired in a context + * where interrupt is disabled. + */ static arch_spinlock_t trace_cmdline_lock = __ARCH_SPIN_LOCK_UNLOCKED; struct saved_cmdlines_buffer { unsigned map_pid_to_cmdline[PID_MAX_DEFAULT+1]; @@ -2412,7 +2423,11 @@ static int trace_save_cmdline(struct task_struct *tsk) * the lock, but we also don't want to spin * nor do we want to disable interrupts, * so if we miss here, then better luck next time. + * + * This is called within the scheduler and wake up, so interrupts + * had better been disabled and run queue lock been held. */ + lockdep_assert_preemption_disabled(); if (!arch_spin_trylock(&trace_cmdline_lock)) return 0; @@ -5890,9 +5905,11 @@ tracing_saved_cmdlines_size_read(struct file *filp, char __user *ubuf, char buf[64]; int r; + preempt_disable(); arch_spin_lock(&trace_cmdline_lock); r = scnprintf(buf, sizeof(buf), "%u\n", savedcmd->cmdline_num); arch_spin_unlock(&trace_cmdline_lock); + preempt_enable(); return simple_read_from_buffer(ubuf, cnt, ppos, buf, r); } @@ -5917,10 +5934,12 @@ static int tracing_resize_saved_cmdlines(unsigned int val) return -ENOMEM; } + preempt_disable(); arch_spin_lock(&trace_cmdline_lock); savedcmd_temp = savedcmd; savedcmd = s; arch_spin_unlock(&trace_cmdline_lock); + preempt_enable(); free_saved_cmdlines_buffer(savedcmd_temp); return 0; @@ -6373,10 +6392,12 @@ int tracing_set_tracer(struct trace_array *tr, const char *buf) #ifdef CONFIG_TRACER_SNAPSHOT if (t->use_max_tr) { + local_irq_disable(); arch_spin_lock(&tr->max_lock); if (tr->cond_snapshot) ret = -EBUSY; arch_spin_unlock(&tr->max_lock); + local_irq_enable(); if (ret) goto out; } @@ -7436,10 +7457,12 @@ tracing_snapshot_write(struct file *filp, const char __user *ubuf, size_t cnt, goto out; } + local_irq_disable(); arch_spin_lock(&tr->max_lock); if (tr->cond_snapshot) ret = -EBUSY; arch_spin_unlock(&tr->max_lock); + local_irq_enable(); if (ret) goto out;

2 years, 3 months

3
4
0 0

FAILED: patch "[PATCH] drm/amd/display: explicitly disable psr_feature_enable" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: 6094b9136ca9 ("drm/amd/display: explicitly disable psr_feature_enable appropriately") cd9a0d026baa ("drm/amd/display: parse and check PSR SU caps") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6094b9136ca9038b61e9c4b5d25cd5512ce50b34 Mon Sep 17 00:00:00 2001 From: Shirish S <shirish.s(a)amd.com> Date: Fri, 7 Oct 2022 20:31:49 +0530 Subject: [PATCH] drm/amd/display: explicitly disable psr_feature_enable appropriately [Why] If psr_feature_enable is set to true by default, it continues to be enabled for non capable links. [How] explicitly disable the feature on links that are not capable of the same. Fixes: 8c322309e48e9 ("drm/amd/display: Enable PSR") Signed-off-by: Shirish S <shirish.s(a)amd.com> Reviewed-by: Leo Li <sunpeng.li(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 5.15+ diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c index 8ca10ab3dfc1..26291db0a3cf 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c @@ -60,11 +60,15 @@ static bool link_supports_psrsu(struct dc_link *link) */ void amdgpu_dm_set_psr_caps(struct dc_link *link) { - if (!(link->connector_signal & SIGNAL_TYPE_EDP)) + if (!(link->connector_signal & SIGNAL_TYPE_EDP)) { + link->psr_settings.psr_feature_enabled = false; return; + } - if (link->type == dc_connection_none) + if (link->type == dc_connection_none) { + link->psr_settings.psr_feature_enabled = false; return; + } if (link->dpcd_caps.psr_info.psr_version == 0) { link->psr_settings.psr_version = DC_PSR_VERSION_UNSUPPORTED;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] media: cedrus: Fix endless loop in cedrus_h265_skip_bits()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: 91db7a3fc7fe ("media: cedrus: Fix endless loop in cedrus_h265_skip_bits()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91db7a3fc7fe670cf1770a398a43bb4a1f776bf1 Mon Sep 17 00:00:00 2001 From: Dmitry Osipenko <dmitry.osipenko(a)collabora.com> Date: Thu, 18 Aug 2022 22:33:08 +0200 Subject: [PATCH] media: cedrus: Fix endless loop in cedrus_h265_skip_bits() The busy status bit may never de-assert if number of programmed skip bits is incorrect, resulting in a kernel hang because the bit is polled endlessly in the code. Fix it by adding timeout for the bit-polling. This problem is reproducible by setting the data_bit_offset field of the HEVC slice params to a wrong value by userspace. Cc: stable(a)vger.kernel.org Fixes: 7678c5462680 (media: cedrus: Fix decoding for some HEVC videos) Reported-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Dmitry Osipenko <dmitry.osipenko(a)collabora.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> diff --git a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c index f703c585d91c..4952fc17f3e6 100644 --- a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c +++ b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c @@ -234,8 +234,9 @@ static void cedrus_h265_skip_bits(struct cedrus_dev *dev, int num) cedrus_write(dev, VE_DEC_H265_TRIGGER, VE_DEC_H265_TRIGGER_FLUSH_BITS | VE_DEC_H265_TRIGGER_TYPE_N_BITS(tmp)); - while (cedrus_read(dev, VE_DEC_H265_STATUS) & VE_DEC_H265_STATUS_VLD_BUSY) - udelay(1); + + if (cedrus_wait_for(dev, VE_DEC_H265_STATUS, VE_DEC_H265_STATUS_VLD_BUSY)) + dev_err_ratelimited(dev->dev, "timed out waiting to skip bits\n"); count += tmp; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix display problems after resume" failed to apply to 5.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: 6c482c62a635 ("drm/i915: Fix display problems after resume") 2ef6efa79fec ("drm/i915: Improve on suspend / resume time with VT-d enabled") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c482c62a635aa4f534d2439fbf8afa37452b986 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= <thomas.hellstrom(a)linux.intel.com> Date: Wed, 5 Oct 2022 14:11:59 +0200 Subject: [PATCH] drm/i915: Fix display problems after resume MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 39a2bd34c933 ("drm/i915: Use the vma resource as argument for gtt binding / unbinding") introduced a regression that due to the vma resource tracking of the binding state, dpt ptes were not correctly repopulated. Fix this by clearing the vma resource state before repopulating. The state will subsequently be restored by the bind_vma operation. Fixes: 39a2bd34c933 ("drm/i915: Use the vma resource as argument for gtt binding / unbinding") Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220912121957.31310-1-thomas… Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: intel-gfx(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.18+ Reported-and-tested-by: Kevin Boulain <kevinboulain(a)gmail.com> Tested-by: David de Sousa <davidesousa(a)gmail.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Reviewed-by: Andrzej Hajda <andrzej.hajda(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20221005121159.340245-1-thoma… (cherry picked from commit bc2472538c0d1cce334ffc9e97df0614cd2b1469) Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> diff --git a/drivers/gpu/drm/i915/gt/intel_ggtt.c b/drivers/gpu/drm/i915/gt/intel_ggtt.c index 30cf5c3369d9..2049a00417af 100644 --- a/drivers/gpu/drm/i915/gt/intel_ggtt.c +++ b/drivers/gpu/drm/i915/gt/intel_ggtt.c @@ -1275,10 +1275,16 @@ bool i915_ggtt_resume_vm(struct i915_address_space *vm) atomic_read(&vma->flags) & I915_VMA_BIND_MASK; GEM_BUG_ON(!was_bound); - if (!retained_ptes) + if (!retained_ptes) { + /* + * Clear the bound flags of the vma resource to allow + * ptes to be repopulated. + */ + vma->resource->bound_flags = 0; vma->ops->bind_vma(vm, NULL, vma->resource, obj ? obj->cache_level : 0, was_bound); + } if (obj) { /* only used during resume => exclusive access */ write_domain_objs |= fetch_and_zero(&obj->write_domain); obj->read_domains |= I915_GEM_DOMAIN_GTT;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/gvt: Add missing vfio_unregister_group_dev() call" failed to apply to 5.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: f423fa1bc9fe ("drm/i915/gvt: Add missing vfio_unregister_group_dev() call") a5ddd2a99a7a ("drm/i915/gvt: Use the new device life cycle helpers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f423fa1bc9fe1978e6b9f54927411b62cb43eb04 Mon Sep 17 00:00:00 2001 From: Jason Gunthorpe <jgg(a)ziepe.ca> Date: Thu, 29 Sep 2022 14:48:35 -0300 Subject: [PATCH] drm/i915/gvt: Add missing vfio_unregister_group_dev() call When converting to directly create the vfio_device the mdev driver has to put a vfio_register_emulated_iommu_dev() in the probe() and a pairing vfio_unregister_group_dev() in the remove. This was missed for gvt, add it. Cc: stable(a)vger.kernel.org Fixes: 978cf586ac35 ("drm/i915/gvt: convert to use vfio_register_emulated_iommu_dev") Reported-by: Alex Williamson <alex.williamson(a)redhat.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/0-v1-013609965fe8+9d-vfio_gvt_unregister_jgg@nvid… Signed-off-by: Alex Williamson <alex.williamson(a)redhat.com> diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c index 41bba40feef8..9003145adb5a 100644 --- a/drivers/gpu/drm/i915/gvt/kvmgt.c +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c @@ -1615,6 +1615,7 @@ static void intel_vgpu_remove(struct mdev_device *mdev) if (WARN_ON_ONCE(vgpu->attached)) return; + vfio_unregister_group_dev(&vgpu->vfio_device); vfio_put_device(&vgpu->vfio_device); }

2 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2022