November 2022 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.300 release. There are 88 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.300-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.300-rc1 Hawkins Jiawei <yin31149(a)gmail.com> ntfs: check overflow when iterating ATTR_RECORDs Hawkins Jiawei <yin31149(a)gmail.com> ntfs: fix out-of-bounds read in ntfs_attr_find() Hawkins Jiawei <yin31149(a)gmail.com> ntfs: fix use-after-free in ntfs_attr_find() Alexander Potapenko <glider(a)google.com> mm: fs: initialize fsdata passed to write_begin/write_end interface Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> 9p/trans_fd: always use O_NONBLOCK read/write Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Switch from strlcpy to strscpy Andrew Price <anprice(a)redhat.com> gfs2: Check sb_bsize_shift after reading superblock Dominique Martinet <asmadeus(a)codewreck.org> 9p: trans_fd/p9_conn_cancel: drop client lock earlier Cong Wang <cong.wang(a)bytedance.com> kcm: close race conditions on sk_receive_queue Baisong Zhong <zhongbaisong(a)huawei.com> bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() Eric Dumazet <edumazet(a)google.com> kcm: avoid potential race in kcm_tx_work Eric Dumazet <edumazet(a)google.com> tcp: cdg: allow tcp_cdg_release() to be called multiple times Eric Dumazet <edumazet(a)google.com> macvlan: enforce a consistent minimal mtu Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Flush DMA Rx on RLSI Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free bug of ns_writer on remount Alexander Potapenko <glider(a)google.com> misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() Xiongfeng Wang <wangxiongfeng2(a)huawei.com> mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() Yann Gautier <yann.gautier(a)foss.st.com> mmc: core: properly select voltage range without power cycle Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_lpss: Configure DMA also w/o DMA filter Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs Mikulas Patocka <mpatocka(a)redhat.com> dm ioctl: fix misbehavior if list_versions races with module loading Mitja Spes <mitja(a)lxnav.com> iio: pressure: ms5611: changed hardcoded SPI speed to value limited Yang Yingliang <yangyingliang(a)huawei.com> iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() Yang Yingliang <yangyingliang(a)huawei.com> iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() Duoming Zhou <duoming(a)zju.edu.cn> usb: chipidea: fix deadlock in ci_otg_del_timer Nicolas Dumazet <ndumazet(a)google.com> usb: add NO_LPM quirk for Realforce 87U Keyboard Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Fibocom FM160 0x0111 composition Davide Tronchin <davide.tronchin.94(a)gmail.com> USB: serial: option: add u-blox LARA-L6 modem Davide Tronchin <davide.tronchin.94(a)gmail.com> USB: serial: option: add u-blox LARA-R6 00B modem Davide Tronchin <davide.tronchin.94(a)gmail.com> USB: serial: option: remove old LARA-R6 PID Benoît Monin <benoit.monin(a)gmx.fr> USB: serial: option: add Sierra Wireless EM9191 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ring_buffer: Do not deactivate non-existant pages Xiu Jianfeng <xiujianfeng(a)huawei.com> ftrace: Fix null pointer dereference in ftrace_add_mod() Wang Wensheng <wangwensheng4(a)huawei.com> ftrace: Optimize the allocation for mcount entries Wang Wensheng <wangwensheng4(a)huawei.com> ftrace: Fix the possible incorrect kernel message Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix wrong return value checking when GETFLAGS Wei Yongjun <weiyongjun1(a)huawei.com> net/x25: Fix skb leak in x25_lapb_receive_frame() Dan Carpenter <error27(a)gmail.com> drbd: use after free in drbd_create_device() Yang Yingliang <yangyingliang(a)huawei.com> xen/pcpu: fix possible memory leak in register_pcpu() Zhengchao Shao <shaozhengchao(a)huawei.com> net: caif: fix double disconnect client in chnl_net_open() Wang ShaoBo <bobo.shaobowang(a)huawei.com> mISDN: fix misuse of put_device() in mISDN_register_device() Yang Yingliang <yangyingliang(a)huawei.com> mISDN: fix possible memory leak in mISDN_dsp_element_register() Wei Yongjun <weiyongjun1(a)huawei.com> net: bgmac: Drop free_netdev() from bgmac_enet_remove() Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Maciej W. Rozycki <macro(a)orcam.me.uk> parport_pc: Avoid FIFO port location truncation Serge Semin <Sergey.Semin(a)baikalelectronics.ru> block: sed-opal: kmalloc the cmd/resp buffers Chen Zhongjin <chenzhongjin(a)huawei.com> ASoC: soc-utils: Remove __exit for snd_soc_util_exit() Duoming Zhou <duoming(a)zju.edu.cn> tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send Tony Lindgren <tony(a)atomide.com> serial: 8250: omap: Flush PM QOS work on remove Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> serial: 8250_omap: remove wait loop from Errata i202 workaround Chen Zhongjin <chenzhongjin(a)huawei.com> ASoC: core: Fix use-after-free in snd_soc_exit() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm Nathan Huckleberry <nhuck(a)google.com> drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: cmos: fix build on non-ACPI platforms Ricardo Cañuelo <ricardo.canuelo(a)collabora.com> selftests/futex: fix build for clang Borislav Petkov <bp(a)suse.de> x86/cpu: Restore AMD's DE_CFG MSR after resume Tudor Ambarus <tudor.ambarus(a)microchip.com> dmaengine: at_hdmac: Check return code of dma_async_device_register Tudor Ambarus <tudor.ambarus(a)microchip.com> dmaengine: at_hdmac: Fix impossible condition Tudor Ambarus <tudor.ambarus(a)microchip.com> dmaengine: at_hdmac: Don't allow CPU to reorder channel enable Tudor Ambarus <tudor.ambarus(a)microchip.com> dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors Tudor Ambarus <tudor.ambarus(a)microchip.com> dmaengine: at_hdmac: Don't start transactions at tx_submit level Tudor Ambarus <tudor.ambarus(a)microchip.com> dmaengine: at_hdmac: Fix at_lli struct definition Linus Torvalds <torvalds(a)linux-foundation.org> cert host tools: Stop complaining about deprecated OpenSSL functions ZhangPeng <zhangpeng362(a)huawei.com> udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() Jorge Lopez <jorge.lopez2(a)hp.com> platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi Matthew Auld <matthew.auld(a)intel.com> drm/i915/dmabuf: fix sg_table handling in map_dma_buf Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix deadlock in nilfs_count_free_blocks() Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add quirk entry for M-Audio Micro Ye Bin <yebin10(a)huawei.com> ALSA: hda: fix potential memleak in 'add_widget_node' Ard Biesheuvel <ardb(a)kernel.org> arm64: efi: Fix handling of misaligned runtime regions and drop warning Chuang Wang <nashuiliang(a)gmail.com> net: macvlan: fix memory leaks of macvlan_common_newlink Zhengchao Shao <shaozhengchao(a)huawei.com> net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() Zhengchao Shao <shaozhengchao(a)huawei.com> ethernet: s2io: disable napi when start nic failed in s2io_card_up() Zhengchao Shao <shaozhengchao(a)huawei.com> net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() Zhengchao Shao <shaozhengchao(a)huawei.com> drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() Xin Long <lucien.xin(a)gmail.com> tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header Alexander Potapenko <glider(a)google.com> ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network Yuan Can <yuancan(a)huawei.com> drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() Zhengchao Shao <shaozhengchao(a)huawei.com> hamradio: fix issue of dev reference count leakage in bpq_device_event() Zhengchao Shao <shaozhengchao(a)huawei.com> net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() Gaosheng Cui <cuigaosheng1(a)huawei.com> capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Sean Anderson <sean.anderson(a)seco.com> net: fman: Unregister ethernet device on removal Alex Barba <alex.barba(a)broadcom.com> bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer Jiri Benc <jbenc(a)redhat.com> net: gso: fix panic on frag_list with mixed head alloc types Yang Yingliang <yangyingliang(a)huawei.com> HID: hyperv: fix possible memory leak in mousevsc_probe() ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/efi.c | 52 ++++++++++++------- arch/x86/include/asm/msr-index.h | 8 +-- arch/x86/kernel/cpu/amd.c | 10 ++-- arch/x86/kvm/svm.c | 10 ++-- arch/x86/kvm/x86.c | 2 +- arch/x86/power/cpu.c | 1 + block/sed-opal.c | 32 ++++++++++-- drivers/block/drbd/drbd_main.c | 4 +- drivers/dma/at_hdmac.c | 34 ++++++------- drivers/dma/at_hdmac_regs.h | 10 ++-- drivers/dma/mv_xor_v2.c | 1 + drivers/gpu/drm/i915/i915_gem_dmabuf.c | 4 +- drivers/gpu/drm/imx/imx-tve.c | 5 +- drivers/gpu/drm/vc4/vc4_drv.c | 7 ++- drivers/hid/hid-hyperv.c | 2 +- drivers/iio/adc/at91_adc.c | 4 +- drivers/iio/pressure/ms5611_spi.c | 2 +- drivers/iio/trigger/iio-trig-sysfs.c | 6 ++- drivers/isdn/mISDN/core.c | 2 +- drivers/isdn/mISDN/dsp_pipeline.c | 3 +- drivers/md/dm-ioctl.c | 4 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 2 + drivers/mmc/core/core.c | 8 ++- drivers/mmc/host/sdhci-pci-core.c | 2 + drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 4 +- drivers/net/ethernet/broadcom/bgmac.c | 1 - drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 1 + drivers/net/ethernet/freescale/fman/mac.c | 9 ++++ drivers/net/ethernet/marvell/mv643xx_eth.c | 1 + drivers/net/ethernet/neterion/s2io.c | 29 +++++++---- drivers/net/hamradio/bpqether.c | 2 +- drivers/net/macvlan.c | 6 ++- drivers/net/wan/lapbether.c | 2 +- drivers/parport/parport_pc.c | 2 +- drivers/pinctrl/devicetree.c | 2 + drivers/platform/x86/hp-wmi.c | 12 ++++- drivers/rtc/rtc-cmos.c | 3 ++ drivers/tty/n_gsm.c | 2 +- drivers/tty/serial/8250/8250_lpss.c | 15 ++++-- drivers/tty/serial/8250/8250_omap.c | 18 +------ drivers/tty/serial/8250/8250_port.c | 7 ++- drivers/usb/chipidea/otg_fsm.c | 2 + drivers/usb/core/quirks.c | 3 ++ drivers/usb/serial/option.c | 19 ++++++- drivers/xen/pcpu.c | 2 +- fs/btrfs/tests/btrfs-tests.c | 2 +- fs/buffer.c | 4 +- fs/cifs/ioctl.c | 4 +- fs/gfs2/ops_fstype.c | 11 ++-- fs/namei.c | 2 +- fs/nilfs2/segment.c | 15 +++--- fs/nilfs2/super.c | 2 - fs/nilfs2/the_nilfs.c | 2 - fs/ntfs/attrib.c | 28 ++++++++-- fs/ntfs/inode.c | 7 +++ fs/udf/namei.c | 2 +- include/uapi/linux/capability.h | 2 +- kernel/trace/ftrace.c | 5 +- kernel/trace/ring_buffer.c | 4 +- mm/filemap.c | 2 +- net/9p/trans_fd.c | 6 ++- net/bluetooth/l2cap_core.c | 2 +- net/bpf/test_run.c | 1 + net/caif/chnl_net.c | 3 -- net/core/skbuff.c | 36 ++++++------- net/ipv4/tcp_cdg.c | 2 + net/ipv6/addrlabel.c | 1 + net/kcm/kcmsock.c | 62 ++++------------------- net/tipc/netlink_compat.c | 2 +- net/x25/x25_dev.c | 2 +- scripts/extract-cert.c | 7 +++ scripts/sign-file.c | 7 +++ sound/hda/hdac_sysfs.c | 4 +- sound/soc/soc-core.c | 17 ++++++- sound/soc/soc-utils.c | 2 +- sound/usb/midi.c | 4 +- sound/usb/quirks-table.h | 4 ++ tools/testing/selftests/futex/functional/Makefile | 6 +-- 80 files changed, 379 insertions(+), 244 deletions(-)

2 years, 1 month

4
91
0 0

[PATCH v4 1/3] drm/i915/migrate: Account for the reserved_space

by Matthew Auld

From: Chris Wilson <chris.p.wilson(a)intel.com> If the ring is nearly full when calling into emit_pte(), we might incorrectly trample the reserved_space when constructing the packet to emit the PTEs. This then triggers the GEM_BUG_ON(rq->reserved_space > ring->space) when later submitting the request, since the request itself doesn't have enough space left in the ring to emit things like workarounds, breadcrumbs etc. Testcase: igt@i915_selftests@live_emit_pte_full_ring Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/7535 Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/6889 Fixes: cf586021642d ("drm/i915/gt: Pipelined page migration") Signed-off-by: Chris Wilson <chris.p.wilson(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Andrzej Hajda <andrzej.hajda(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: <stable(a)vger.kernel.org> # v5.15+ Tested-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> --- drivers/gpu/drm/i915/gt/intel_migrate.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_migrate.c b/drivers/gpu/drm/i915/gt/intel_migrate.c index b405a04135ca..48c3b5168558 100644 --- a/drivers/gpu/drm/i915/gt/intel_migrate.c +++ b/drivers/gpu/drm/i915/gt/intel_migrate.c @@ -342,6 +342,16 @@ static int emit_no_arbitration(struct i915_request *rq) return 0; } +static int max_pte_pkt_size(struct i915_request *rq, int pkt) +{ + struct intel_ring *ring = rq->ring; + + pkt = min_t(int, pkt, (ring->space - rq->reserved_space) / sizeof(u32) + 5); + pkt = min_t(int, pkt, (ring->size - ring->emit) / sizeof(u32) + 5); + + return pkt; +} + static int emit_pte(struct i915_request *rq, struct sgt_dma *it, enum i915_cache_level cache_level, @@ -388,8 +398,7 @@ static int emit_pte(struct i915_request *rq, return PTR_ERR(cs); /* Pack as many PTE updates as possible into a single MI command */ - pkt = min_t(int, dword_length, ring->space / sizeof(u32) + 5); - pkt = min_t(int, pkt, (ring->size - ring->emit) / sizeof(u32) + 5); + pkt = max_pte_pkt_size(rq, dword_length); hdr = cs; *cs++ = MI_STORE_DATA_IMM | REG_BIT(21); /* as qword elements */ @@ -422,8 +431,7 @@ static int emit_pte(struct i915_request *rq, } } - pkt = min_t(int, dword_rem, ring->space / sizeof(u32) + 5); - pkt = min_t(int, pkt, (ring->size - ring->emit) / sizeof(u32) + 5); + pkt = max_pte_pkt_size(rq, dword_rem); hdr = cs; *cs++ = MI_STORE_DATA_IMM | REG_BIT(21); -- 2.38.1

2 years, 1 month

1
0
0 0

[tip: perf/core] perf/x86/intel/uncore: Clear attr_update properly

by tip-bot2 for Alexander Antonov

The following commit has been merged into the perf/core branch of tip: Commit-ID: 6532783310e2b2f50dc13f46c49aa6546cb6e7a3 Gitweb: https://git.kernel.org/tip/6532783310e2b2f50dc13f46c49aa6546cb6e7a3 Author: Alexander Antonov <alexander.antonov(a)linux.intel.com> AuthorDate: Thu, 17 Nov 2022 12:28:25 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Thu, 24 Nov 2022 11:09:20 +01:00 perf/x86/intel/uncore: Clear attr_update properly Current clear_attr_update procedure in pmu_set_mapping() sets attr_update field in NULL that is not correct because intel_uncore_type pmu types can contain several groups in attr_update field. For example, SPR platform already has uncore_alias_group to update and then UPI topology group will be added in next patches. Fix current behavior and clear attr_update group related to mapping only. Fixes: bb42b3d39781 ("perf/x86/intel/uncore: Expose an Uncore unit to IIO PMON mapping") Signed-off-by: Alexander Antonov <alexander.antonov(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20221117122833.3103580-4-alexander.antonov@linux.… --- arch/x86/events/intel/uncore_snbep.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index d3323f1..0d06b56 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -3872,6 +3872,21 @@ static const struct attribute_group *skx_iio_attr_update[] = { NULL, }; +static void pmu_clear_mapping_attr(const struct attribute_group **groups, + struct attribute_group *ag) +{ + int i; + + for (i = 0; groups[i]; i++) { + if (groups[i] == ag) { + for (i++; groups[i]; i++) + groups[i - 1] = groups[i]; + groups[i - 1] = NULL; + break; + } + } +} + static int pmu_set_mapping(struct intel_uncore_type *type, struct attribute_group *ag, ssize_t (*show)(struct device*, struct device_attribute*, char*), @@ -3926,7 +3941,7 @@ clear_attrs: clear_topology: pmu_free_topology(type); clear_attr_update: - type->attr_update = NULL; + pmu_clear_mapping_attr(type->attr_update, ag); return ret; }

2 years, 1 month

1
0
0 0

[tip: perf/core] perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D

by tip-bot2 for Alexander Antonov

The following commit has been merged into the perf/core branch of tip: Commit-ID: efe062705d149b20a15498cb999a9edbb8241e6f Gitweb: https://git.kernel.org/tip/efe062705d149b20a15498cb999a9edbb8241e6f Author: Alexander Antonov <alexander.antonov(a)linux.intel.com> AuthorDate: Thu, 17 Nov 2022 12:28:26 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Thu, 24 Nov 2022 11:09:21 +01:00 perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D Current implementation of I/O stacks to PMU mapping doesn't support ICX-D. Detect ICX-D system to disable mapping. Fixes: 10337e95e04c ("perf/x86/intel/uncore: Enable I/O stacks to IIO PMON mapping on ICX") Signed-off-by: Alexander Antonov <alexander.antonov(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20221117122833.3103580-5-alexander.antonov@linux.… --- arch/x86/events/intel/uncore.h | 1 + arch/x86/events/intel/uncore_snbep.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/arch/x86/events/intel/uncore.h b/arch/x86/events/intel/uncore.h index ef14149..fac3612 100644 --- a/arch/x86/events/intel/uncore.h +++ b/arch/x86/events/intel/uncore.h @@ -2,6 +2,7 @@ #include <linux/slab.h> #include <linux/pci.h> #include <asm/apicdef.h> +#include <asm/intel-family.h> #include <linux/io-64-nonatomic-lo-hi.h> #include <linux/perf_event.h> diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index 0d06b56..e14b963 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -5226,6 +5226,11 @@ static int icx_iio_get_topology(struct intel_uncore_type *type) static int icx_iio_set_mapping(struct intel_uncore_type *type) { + /* Detect ICX-D system. This case is not supported */ + if (boot_cpu_data.x86_model == INTEL_FAM6_ICELAKE_D) { + pmu_clear_mapping_attr(type->attr_update, &icx_iio_mapping_group); + return -EPERM; + } return pmu_iio_set_mapping(type, &icx_iio_mapping_group); }

2 years, 1 month

1
0
0 0

[PATCH 5.15 000/181] 5.15.80-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.80 release. There are 181 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.80-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.80-rc1 Hawkins Jiawei <yin31149(a)gmail.com> ntfs: check overflow when iterating ATTR_RECORDs Hawkins Jiawei <yin31149(a)gmail.com> ntfs: fix out-of-bounds read in ntfs_attr_find() Hawkins Jiawei <yin31149(a)gmail.com> ntfs: fix use-after-free in ntfs_attr_find() Dominique Martinet <asmadeus(a)codewreck.org> net/9p: use a dedicated spinlock for trans_fd Alexander Potapenko <glider(a)google.com> mm: fs: initialize fsdata passed to write_begin/write_end interface Hawkins Jiawei <yin31149(a)gmail.com> wifi: wext: use flex array destination for memcpy() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> 9p/trans_fd: always use O_NONBLOCK read/write Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Switch from strlcpy to strscpy Andrew Price <anprice(a)redhat.com> gfs2: Check sb_bsize_shift after reading superblock Dominique Martinet <asmadeus(a)codewreck.org> 9p: trans_fd/p9_conn_cancel: drop client lock earlier Cong Wang <cong.wang(a)bytedance.com> kcm: close race conditions on sk_receive_queue Eric Dumazet <edumazet(a)google.com> kcm: avoid potential race in kcm_tx_work Eric Dumazet <edumazet(a)google.com> tcp: cdg: allow tcp_cdg_release() to be called multiple times Eric Dumazet <edumazet(a)google.com> macvlan: enforce a consistent minimal mtu Chen Jun <chenjun102(a)huawei.com> Input: i8042 - fix leaking of platform device on module removal Li Huafei <lihuafei1(a)huawei.com> kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case Yuan Can <yuancan(a)huawei.com> scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() Yang Yingliang <yangyingliang(a)huawei.com> scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() Hangbin Liu <liuhangbin(a)gmail.com> net: use struct_group to copy ip/ipv6 header addresses Aashish Sharma <shraash(a)google.com> tracing: Fix warning on variable 'struct trace_array' Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Include dropped pages in counting dirty patches Marco Elver <elver(a)google.com> perf: Improve missing SIGTRAP checking Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake Keith Busch <kbusch(a)kernel.org> nvme: ensure subsystem reset is single threaded Keith Busch <kbusch(a)kernel.org> nvme: restrict management ioctls to admin Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix sampling using single range output Alexander Potapenko <glider(a)google.com> misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() Shuah Khan <skhan(a)linuxfoundation.org> docs: update mediator contact information in CoC doc Xiongfeng Wang <wangxiongfeng2(a)huawei.com> mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() Chevron Li <chevron.li(a)bayhubtech.com> mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout Yann Gautier <yann.gautier(a)foss.st.com> mmc: core: properly select voltage range without power cycle Brian Norris <briannorris(a)chromium.org> firmware: coreboot: Register bus in module init Tina Zhang <tina.zhang(a)intel.com> iommu/vt-d: Set SRE bit only when hardware has SRS cap Tina Zhang <tina.zhang(a)intel.com> iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries Benjamin Block <bblock(a)linux.ibm.com> scsi: zfcp: Fix double free of FSF request when qdio send fails Aminuddin Jamaluddin <aminuddin.jamaluddin(a)intel.com> net: phy: marvell: add sleep time after enabling the loopback bit Alban Crequy <albancrequy(a)linux.microsoft.com> maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Input: iforce - invert valid length check when fetching device IDs Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_lpss: Configure DMA also w/o DMA filter Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Flush DMA Rx on RLSI Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs Mikulas Patocka <mpatocka(a)redhat.com> dm ioctl: fix misbehavior if list_versions races with module loading Mitja Spes <mitja(a)lxnav.com> iio: pressure: ms5611: changed hardcoded SPI speed to value limited Saravanan Sekar <sravanhome(a)gmail.com> iio: adc: mp2629: fix potential array out of bound access Saravanan Sekar <sravanhome(a)gmail.com> iio: adc: mp2629: fix wrong comparison of channel Yang Yingliang <yangyingliang(a)huawei.com> iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() Yang Yingliang <yangyingliang(a)huawei.com> iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() Rajat Khandelwal <rajat.khandelwal(a)linux.intel.com> usb: typec: mux: Enter safe mode only when pins need to be reconfigured Li Jun <jun.li(a)nxp.com> usb: cdns3: host: fix endless superspeed hub port reset Duoming Zhou <duoming(a)zju.edu.cn> usb: chipidea: fix deadlock in ci_otg_del_timer Nicolas Dumazet <ndumazet(a)google.com> usb: add NO_LPM quirk for Realforce 87U Keyboard Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Fibocom FM160 0x0111 composition Davide Tronchin <davide.tronchin.94(a)gmail.com> USB: serial: option: add u-blox LARA-L6 modem Davide Tronchin <davide.tronchin.94(a)gmail.com> USB: serial: option: add u-blox LARA-R6 00B modem Davide Tronchin <davide.tronchin.94(a)gmail.com> USB: serial: option: remove old LARA-R6 PID Benoît Monin <benoit.monin(a)gmx.fr> USB: serial: option: add Sierra Wireless EM9191 Linus Walleij <linus.walleij(a)linaro.org> USB: bcma: Make GPIO explicitly optional Mushahid Hussain <mushi.shar(a)gmail.com> speakup: fix a segfault caused by switching consoles Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> slimbus: stream: correct presence rate frequencies Zheng Bin <zhengbin13(a)huawei.com> slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m Johan Hovold <johan+linaro(a)kernel.org> Revert "usb: dwc3: disable USB core PHY management" Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Emil Flink <emil.flink(a)gmail.com> ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Add HUBP surface flip interrupt handler Shang XiaoJing <shangxiaojing(a)huawei.com> tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() Shang XiaoJing <shangxiaojing(a)huawei.com> tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix race where eprobes can be called before the event Shang XiaoJing <shangxiaojing(a)huawei.com> tracing: Fix wild-memory-access in register_synth_event() Shang XiaoJing <shangxiaojing(a)huawei.com> tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/ring-buffer: Have polling block on watermark Wang Yufen <wangyufen(a)huawei.com> tracing: Fix memory leak in tracing_read_pipe() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ring_buffer: Do not deactivate non-existant pages Xiu Jianfeng <xiujianfeng(a)huawei.com> ftrace: Fix null pointer dereference in ftrace_add_mod() Wang Wensheng <wangwensheng4(a)huawei.com> ftrace: Optimize the allocation for mcount entries Wang Wensheng <wangwensheng4(a)huawei.com> ftrace: Fix the possible incorrect kernel message Anastasia Belova <abelova(a)astralinux.ru> cifs: add check for returning value of SMB2_set_info_init Yuan Can <yuancan(a)huawei.com> net: thunderbolt: Fix error handling in tbnet_init() Shang XiaoJing <shangxiaojing(a)huawei.com> net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix wrong return value checking when GETFLAGS Wei Yongjun <weiyongjun1(a)huawei.com> net/x25: Fix skb leak in x25_lapb_receive_frame() Liu Jian <liujian56(a)huawei.com> net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() Anastasia Belova <abelova(a)astralinux.ru> cifs: add check for returning value of SMB2_close_init Maximilian Luz <luzmaximilian(a)gmail.com> platform/surface: aggregator: Do not check for repeated unsequenced packets Roger Pau Monné <roger.pau(a)citrix.com> platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized Dan Carpenter <error27(a)gmail.com> drbd: use after free in drbd_create_device() Ido Schimmel <idosch(a)nvidia.com> bridge: switchdev: Fix memory leaks when changing VLAN protocol Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process Yuan Can <yuancan(a)huawei.com> net: ena: Fix error handling in ena_init() Yuan Can <yuancan(a)huawei.com> net: ionic: Fix error handling in ionic_init_module() Yang Yingliang <yangyingliang(a)huawei.com> xen/pcpu: fix possible memory leak in register_pcpu() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims Wei Yongjun <weiyongjun1(a)huawei.com> net: mhi: Fix memory leak in mhi_net_dellink() Gaosheng Cui <cuigaosheng1(a)huawei.com> bnxt_en: Remove debugfs when pci_register_driver failed Zhengchao Shao <shaozhengchao(a)huawei.com> net: caif: fix double disconnect client in chnl_net_open() Chuang Wang <nashuiliang(a)gmail.com> net: macvlan: Use built-in RCU list checking Wang ShaoBo <bobo.shaobowang(a)huawei.com> mISDN: fix misuse of put_device() in mISDN_register_device() Zhengchao Shao <shaozhengchao(a)huawei.com> net: liquidio: release resources when liquidio driver open failed Xiaolei Wang <xiaolei.wang(a)windriver.com> soc: imx8m: Enable OCOTP clock before reading the register Mohd Faizal Abdul Rahim <faizal.abdul.rahim(a)intel.com> net: stmmac: ensure tx function is not running in stmmac_xdp_release() Yuan Can <yuancan(a)huawei.com> net: hinic: Fix error handling in hinic_module_init() Yang Yingliang <yangyingliang(a)huawei.com> mISDN: fix possible memory leak in mISDN_dsp_element_register() Wei Yongjun <weiyongjun1(a)huawei.com> net: bgmac: Drop free_netdev() from bgmac_enet_remove() Xu Kuohai <xukuohai(a)huawei.com> bpf: Initialize same number of free nodes for each pcpu_freelist Liao Chang <liaochang1(a)huawei.com> MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed Rongwei Zhang <pudh4418(a)gmail.com> MIPS: fix duplicate definitions for exported symbols Jaco Coetzee <jaco.coetzee(a)corigine.com> nfp: change eeprom length to max length enumerators Yang Yingliang <yangyingliang(a)huawei.com> ata: libata-transport: fix error handling in ata_tdev_add() Yang Yingliang <yangyingliang(a)huawei.com> ata: libata-transport: fix error handling in ata_tlink_add() Yang Yingliang <yangyingliang(a)huawei.com> ata: libata-transport: fix error handling in ata_tport_add() Yang Yingliang <yangyingliang(a)huawei.com> ata: libata-transport: fix double ata_host_put() in ata_tport_add() Marek Vasut <marex(a)denx.de> arm64: dts: imx8mn: Fix NAND controller size-cells Marek Vasut <marex(a)denx.de> arm64: dts: imx8mm: Fix NAND controller size-cells Marek Vasut <marex(a)denx.de> ARM: dts: imx7: Fix NAND controller size-cells Shang XiaoJing <shangxiaojing(a)huawei.com> drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() Shang XiaoJing <shangxiaojing(a)huawei.com> drm/drv: Fix potential memory leak in drm_dev_init() Aishwarya Kothari <aishwarya.kothari(a)toradex.com> drm/panel: simple: set bpc field for logic technologies displays Gaosheng Cui <cuigaosheng1(a)huawei.com> drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Maciej W. Rozycki <macro(a)orcam.me.uk> parport_pc: Avoid FIFO port location truncation Yang Yingliang <yangyingliang(a)huawei.com> siox: fix possible memory leak in siox_device_add() D Scott Phillips <scott(a)os.amperecomputing.com> arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro Wang Yufen <wangyufen(a)huawei.com> bpf: Fix memory leaks in __check_func_call Serge Semin <Sergey.Semin(a)baikalelectronics.ru> block: sed-opal: kmalloc the cmd/resp buffers Yang Yingliang <yangyingliang(a)huawei.com> scsi: scsi_transport_sas: Fix error handling in sas_phy_add() Quentin Schulz <quentin.schulz(a)theobroma-systems.com> pinctrl: rockchip: list all pins in a possible mux route for PX30 Chen Zhongjin <chenzhongjin(a)huawei.com> ASoC: soc-utils: Remove __exit for snd_soc_util_exit() Baisong Zhong <zhongbaisong(a)huawei.com> bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() Duoming Zhou <duoming(a)zju.edu.cn> tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send Shawn Guo <shawn.guo(a)linaro.org> serial: imx: Add missing .thaw_noirq hook Tony Lindgren <tony(a)atomide.com> serial: 8250: omap: Flush PM QOS work on remove Tony Lindgren <tony(a)atomide.com> serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> serial: 8250_omap: remove wait loop from Errata i202 workaround Tony Lindgren <tony(a)atomide.com> serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: at91: pm: avoid soft resetting AC DLL Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Fix set_tdm_slot in case of single slot Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2770: Fix set_tdm_slot in case of single slot Chen Zhongjin <chenzhongjin(a)huawei.com> ASoC: core: Fix use-after-free in snd_soc_exit() Mihai Sain <mihai.sain(a)microchip.com> ARM: dts: at91: sama7g5: fix signal name of pin PB2 Marek Vasut <marex(a)denx.de> spi: stm32: Print summary 'callbacks suppressed' message Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed James Houghton <jthoughton(a)google.com> hugetlbfs: don't delete error page from pagecache Like Xu <likexu(a)tencent.com> KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet Mika Westerberg <mika.westerberg(a)linux.intel.com> spi: intel: Use correct mask for flash and protected regions Mika Westerberg <mika.westerberg(a)linux.intel.com> mtd: spi-nor: intel-spi: Disable write protection only if asked Colin Ian King <colin.i.king(a)gmail.com> ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" Tony Luck <tony.luck(a)intel.com> x86/cpu: Add several Intel server CPU model numbers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm Filipe Manana <fdmanana(a)suse.com> btrfs: remove pointless and double ulist frees in error paths of qgroup tests Nathan Huckleberry <nhuck(a)google.com> drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid Nam Cao <namcaov(a)gmail.com> i2c: i801: add lis3lv02d's I2C address for Vostro 5568 Thierry Reding <treding(a)nvidia.com> i2c: tegra: Allocate DMA memory for DMA engine Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Cleanup the core driver removal callback Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Benjamin Coddington <bcodding(a)redhat.com> NFSv4: Retry LOCK on OLD_STATEID during delegation return Qu Wenruo <wqu(a)suse.com> btrfs: raid56: properly handle the error when unable to find the missing stripe Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Add EFA 0xefa2 PCI ID Hans de Goede <hdegoede(a)redhat.com> ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Remove wrong pipe control lock Shuming Fan <shumingf(a)realtek.com> ASoC: rt1308-sdw: add the default value of some registers Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: cmos: fix build on non-ACPI platforms Ricardo Cañuelo <ricardo.canuelo(a)collabora.com> selftests/intel_pstate: fix build for ARCH=x86_64 Ricardo Cañuelo <ricardo.canuelo(a)collabora.com> selftests/futex: fix build for clang Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 Siarhei Volkau <lis8215(a)gmail.com> ASoC: codecs: jz4725b: fix capture selector naming Siarhei Volkau <lis8215(a)gmail.com> ASoC: codecs: jz4725b: use right control for Capture Volume Siarhei Volkau <lis8215(a)gmail.com> ASoC: codecs: jz4725b: fix reported volume for Master ctl Siarhei Volkau <lis8215(a)gmail.com> ASoC: codecs: jz4725b: add missed Line In power control bit Mauro Lima <mauro.lima(a)eclypsium.com> spi: intel: Fix the offset to get the 64K erase opcode Xiaolei Wang <xiaolei.wang(a)windriver.com> ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK Derek Fang <derek.fang(a)realtek.com> ASoC: rt1019: Fix the TDM settings Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" Yang Shi <shy828301(a)gmail.com> mm: shmem: don't truncate page if memory failure happens Yang Shi <shy828301(a)gmail.com> mm: hwpoison: handle non-anonymous THP correctly Yang Shi <shy828301(a)gmail.com> mm: hwpoison: refactor refcount check handling ------------- Diffstat: .../process/code-of-conduct-interpretation.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/imx7s.dtsi | 4 +- arch/arm/boot/dts/sama7g5-pinfunc.h | 2 +- arch/arm/mach-at91/pm_suspend.S | 7 +- arch/arm64/boot/dts/freescale/imx8mm.dtsi | 4 +- arch/arm64/boot/dts/freescale/imx8mn.dtsi | 2 +- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 13 ++- .../boot/dts/qcom/sm8150-sony-xperia-kumano.dtsi | 6 ++ .../boot/dts/qcom/sm8250-sony-xperia-edo.dtsi | 6 ++ arch/arm64/boot/dts/qcom/sm8350-hdk.dts | 12 +++ arch/arm64/include/asm/cputype.h | 2 +- arch/mips/kernel/relocate_kernel.S | 15 +-- arch/mips/loongson64/reset.c | 10 ++ arch/x86/events/intel/pt.c | 9 ++ arch/x86/include/asm/intel-family.h | 11 +- arch/x86/kvm/x86.c | 14 +-- block/sed-opal.c | 32 +++++- drivers/accessibility/speakup/main.c | 2 +- drivers/acpi/scan.c | 1 + drivers/acpi/x86/utils.c | 6 ++ drivers/ata/libata-transport.c | 19 +++- drivers/block/drbd/drbd_main.c | 4 +- drivers/firmware/arm_scmi/bus.c | 11 ++ drivers/firmware/arm_scmi/common.h | 1 + drivers/firmware/arm_scmi/driver.c | 31 +++--- drivers/firmware/google/coreboot_table.c | 37 +++++-- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 2 +- drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 1 + drivers/gpu/drm/drm_drv.c | 2 +- drivers/gpu/drm/drm_internal.h | 3 +- drivers/gpu/drm/imx/imx-tve.c | 5 +- drivers/gpu/drm/panel/panel-simple.c | 2 + drivers/gpu/drm/vc4/vc4_kms.c | 8 +- drivers/i2c/busses/i2c-i801.c | 1 + drivers/i2c/busses/i2c-tegra.c | 16 +-- drivers/iio/adc/at91_adc.c | 4 +- drivers/iio/adc/mp2629_adc.c | 5 +- drivers/iio/pressure/ms5611_spi.c | 2 +- drivers/iio/trigger/iio-trig-sysfs.c | 6 +- drivers/infiniband/hw/efa/efa_main.c | 4 +- drivers/input/joystick/iforce/iforce-main.c | 8 +- drivers/input/serio/i8042.c | 4 - drivers/iommu/intel/iommu.c | 8 +- drivers/iommu/intel/pasid.c | 5 +- drivers/isdn/mISDN/core.c | 2 +- drivers/isdn/mISDN/dsp_pipeline.c | 3 +- drivers/md/dm-ioctl.c | 4 +- drivers/mfd/lpc_ich.c | 59 ++++++++++- drivers/misc/vmw_vmci/vmci_queue_pair.c | 2 + drivers/mmc/core/core.c | 8 +- drivers/mmc/host/sdhci-pci-core.c | 2 + drivers/mmc/host/sdhci-pci-o2micro.c | 7 ++ drivers/mtd/spi-nor/controllers/intel-spi-pci.c | 29 ++++-- drivers/mtd/spi-nor/controllers/intel-spi.c | 51 +++++----- drivers/net/ethernet/amazon/ena/ena_netdev.c | 8 +- drivers/net/ethernet/atheros/ag71xx.c | 3 +- drivers/net/ethernet/broadcom/bgmac.c | 1 - drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/cavium/liquidio/lio_main.c | 34 +++++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 10 +- drivers/net/ethernet/huawei/hinic/hinic_main.c | 9 +- .../net/ethernet/microchip/sparx5/sparx5_ethtool.c | 3 + .../net/ethernet/microchip/sparx5/sparx5_main.c | 3 + .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 6 +- drivers/net/ethernet/pensando/ionic/ionic_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 + drivers/net/macvlan.c | 6 +- drivers/net/mhi_net.c | 2 + drivers/net/phy/marvell.c | 16 +-- drivers/net/thunderbolt.c | 19 +++- drivers/nvme/host/ioctl.c | 6 ++ drivers/nvme/host/nvme.h | 16 ++- drivers/parport/parport_pc.c | 2 +- drivers/pinctrl/devicetree.c | 2 + drivers/pinctrl/pinctrl-rockchip.c | 40 ++++++++ .../platform/surface/aggregator/ssh_packet_layer.c | 24 ++++- drivers/platform/x86/intel/pmc/pltdrv.c | 9 ++ drivers/rtc/rtc-cmos.c | 3 + drivers/s390/scsi/zfcp_fsf.c | 2 +- drivers/scsi/scsi_debug.c | 6 +- drivers/scsi/scsi_transport_sas.c | 13 ++- drivers/siox/siox-core.c | 2 + drivers/slimbus/Kconfig | 2 +- drivers/slimbus/stream.c | 8 +- drivers/soc/imx/soc-imx8m.c | 11 ++ drivers/spi/spi-stm32.c | 1 + drivers/target/loopback/tcm_loop.c | 3 +- drivers/tty/n_gsm.c | 2 +- drivers/tty/serial/8250/8250_lpss.c | 18 +++- drivers/tty/serial/8250/8250_omap.c | 45 +++++---- drivers/tty/serial/8250/8250_port.c | 7 +- drivers/tty/serial/imx.c | 1 + drivers/usb/cdns3/host.c | 56 +++++------ drivers/usb/chipidea/otg_fsm.c | 2 + drivers/usb/core/quirks.c | 3 + drivers/usb/dwc3/host.c | 10 -- drivers/usb/host/bcma-hcd.c | 10 +- drivers/usb/serial/option.c | 19 +++- drivers/usb/typec/mux/intel_pmc_mux.c | 15 ++- drivers/xen/pcpu.c | 2 +- fs/btrfs/raid56.c | 6 +- fs/btrfs/tests/qgroup-tests.c | 16 +-- fs/buffer.c | 4 +- fs/cifs/ioctl.c | 4 +- fs/cifs/smb2ops.c | 4 + fs/gfs2/ops_fstype.c | 17 ++-- fs/hugetlbfs/inode.c | 13 ++- fs/namei.c | 2 +- fs/nfs/nfs4proc.c | 6 +- fs/ntfs/attrib.c | 28 +++++- fs/ntfs/inode.c | 7 ++ include/linux/platform_data/x86/intel-spi.h | 6 +- include/linux/ring_buffer.h | 2 +- include/linux/trace.h | 4 +- include/linux/wireless.h | 10 +- include/net/ip.h | 2 +- include/net/ipv6.h | 2 +- include/soc/at91/sama7-ddr.h | 5 +- include/uapi/linux/ip.h | 6 +- include/uapi/linux/ipv6.h | 6 +- kernel/bpf/percpu_freelist.c | 23 ++--- kernel/bpf/verifier.c | 14 ++- kernel/events/core.c | 25 +++-- kernel/kprobes.c | 8 +- kernel/trace/ftrace.c | 5 +- kernel/trace/kprobe_event_gen_test.c | 48 ++++++--- kernel/trace/ring_buffer.c | 71 +++++++++---- kernel/trace/synth_event_gen_test.c | 16 ++- kernel/trace/trace.c | 3 +- kernel/trace/trace_eprobe.c | 3 + kernel/trace/trace_events_synth.c | 5 +- mm/filemap.c | 2 +- mm/hugetlb.c | 4 + mm/maccess.c | 2 +- mm/memory-failure.c | 111 ++++++++++++++------- mm/shmem.c | 51 ++++++++-- mm/userfaultfd.c | 5 + net/9p/trans_fd.c | 45 ++++++--- net/bluetooth/l2cap_core.c | 2 +- net/bpf/test_run.c | 1 + net/bridge/br_vlan.c | 17 +++- net/caif/chnl_net.c | 3 - net/dsa/dsa_priv.h | 1 + net/dsa/master.c | 3 +- net/dsa/port.c | 16 +++ net/ipv4/tcp_cdg.c | 2 + net/kcm/kcmsock.c | 62 ++---------- net/wireless/wext-core.c | 17 ++-- net/x25/x25_dev.c | 2 +- sound/pci/hda/patch_realtek.c | 2 + sound/soc/codecs/jz4725b.c | 34 ++++--- sound/soc/codecs/mt6660.c | 8 +- sound/soc/codecs/rt1019.c | 20 ++-- sound/soc/codecs/rt1019.h | 6 ++ sound/soc/codecs/rt1308-sdw.h | 2 + sound/soc/codecs/tas2764.c | 19 ++-- sound/soc/codecs/tas2770.c | 20 ++-- sound/soc/codecs/wm5102.c | 6 +- sound/soc/codecs/wm5110.c | 6 +- sound/soc/codecs/wm8962.c | 54 +++++++++- sound/soc/codecs/wm8997.c | 6 +- sound/soc/intel/boards/sof_sdw.c | 11 ++ sound/soc/soc-core.c | 17 +++- sound/soc/soc-utils.c | 2 +- sound/usb/midi.c | 4 +- tools/testing/selftests/futex/functional/Makefile | 6 +- tools/testing/selftests/intel_pstate/Makefile | 6 +- 168 files changed, 1335 insertions(+), 612 deletions(-)

2 years, 1 month

6
187
0 0

[PATCH 4.19 1/1] tcp/udp: Fix memory leak in ipv6_renew_options().

by Ovidiu Panait

From: Kuniyuki Iwashima <kuniyu(a)amazon.com> commit 3c52c6bb831f6335c176a0fc7214e26f43adbd11 upstream. syzbot reported a memory leak [0] related to IPV6_ADDRFORM. The scenario is that while one thread is converting an IPv6 socket into IPv4 with IPV6_ADDRFORM, another thread calls do_ipv6_setsockopt() and allocates memory to inet6_sk(sk)->XXX after conversion. Then, the converted sk with (tcp|udp)_prot never frees the IPv6 resources, which inet6_destroy_sock() should have cleaned up. setsockopt(IPV6_ADDRFORM) setsockopt(IPV6_DSTOPTS) +-----------------------+ +----------------------+ - do_ipv6_setsockopt(sk, ...) - sockopt_lock_sock(sk) - do_ipv6_setsockopt(sk, ...) - lock_sock(sk) ^._ called via tcpv6_prot - WRITE_ONCE(sk->sk_prot, &tcp_prot) before WRITE_ONCE() - xchg(&np->opt, NULL) - txopt_put(opt) - sockopt_release_sock(sk) - release_sock(sk) - sockopt_lock_sock(sk) - lock_sock(sk) - ipv6_set_opt_hdr(sk, ...) - ipv6_update_options(sk, opt) - xchg(&inet6_sk(sk)->opt, opt) ^._ opt is never freed. - sockopt_release_sock(sk) - release_sock(sk) Since IPV6_DSTOPTS allocates options under lock_sock(), we can avoid this memory leak by testing whether sk_family is changed by IPV6_ADDRFORM after acquiring the lock. This issue exists from the initial commit between IPV6_ADDRFORM and IPV6_PKTOPTIONS. [0]: BUG: memory leak unreferenced object 0xffff888009ab9f80 (size 96): comm "syz-executor583", pid 328, jiffies 4294916198 (age 13.034s) hex dump (first 32 bytes): 01 00 00 00 48 00 00 00 08 00 00 00 00 00 00 00 ....H........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000002ee98ae1>] kmalloc include/linux/slab.h:605 [inline] [<000000002ee98ae1>] sock_kmalloc+0xb3/0x100 net/core/sock.c:2566 [<0000000065d7b698>] ipv6_renew_options+0x21e/0x10b0 net/ipv6/exthdrs.c:1318 [<00000000a8c756d7>] ipv6_set_opt_hdr net/ipv6/ipv6_sockglue.c:354 [inline] [<00000000a8c756d7>] do_ipv6_setsockopt.constprop.0+0x28b7/0x4350 net/ipv6/ipv6_sockglue.c:668 [<000000002854d204>] ipv6_setsockopt+0xdf/0x190 net/ipv6/ipv6_sockglue.c:1021 [<00000000e69fdcf8>] tcp_setsockopt+0x13b/0x2620 net/ipv4/tcp.c:3789 [<0000000090da4b9b>] __sys_setsockopt+0x239/0x620 net/socket.c:2252 [<00000000b10d192f>] __do_sys_setsockopt net/socket.c:2263 [inline] [<00000000b10d192f>] __se_sys_setsockopt net/socket.c:2260 [inline] [<00000000b10d192f>] __x64_sys_setsockopt+0xbe/0x160 net/socket.c:2260 [<000000000a80d7aa>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<000000000a80d7aa>] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80 [<000000004562b5c6>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Kuniyuki Iwashima <kuniyu(a)amazon.com> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Ovidiu Panait <ovidiu.panait(a)windriver.com> --- net/ipv6/ipv6_sockglue.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 4e1da6cb9ed7..4f958d24f9e4 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -166,6 +166,12 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, rtnl_lock(); lock_sock(sk); + /* Another thread has converted the socket into IPv4 with + * IPV6_ADDRFORM concurrently. + */ + if (unlikely(sk->sk_family != AF_INET6)) + goto unlock; + switch (optname) { case IPV6_ADDRFORM: @@ -913,6 +919,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, break; } +unlock: release_sock(sk); if (needs_rtnl) rtnl_unlock(); -- 2.38.1

2 years, 1 month

1
0
0 0

Re: [PATCH 6.0 000/314] 6.0.10-rc1 review

by Ronald Warsow

Hi Greg 6.0.10-rc1 compiles, boots and runs here on x86_64 (Intel i5-11400, Fedora 37) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

2 years, 1 month

1
0
0 0

hwpoison, shmem: fix data lost issue for 5.15.y

by Naoya Horiguchi

Hi, I'd like to request the follow commits to be backported to 5.15.y. - dd0f230a0a80 ("mm: hwpoison: refactor refcount check handling") - 4966455d9100 ("mm: hwpoison: handle non-anonymous THP correctly") - a76054266661 ("mm: shmem: don't truncate page if memory failure happens") These patches fixed a data lost issue by preventing shmem pagecache from being removed by memory error. These were not tagged for stable originally, but that's revisited recently. Thanks, Naoya Horiguchi

2 years, 1 month

5
12
0 0

Re: [PATCH 2/2] tracing: Free buffers when a used dynamic event is removed

by Masami Hiramatsu

On Wed, 23 Nov 2022 14:25:58 -0500 Steven Rostedt <rostedt(a)goodmis.org> wrote: > From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> > > After 65536 dynamic events have been added and removed, the "type" field > of the event then uses the first type number that is available (not > currently used by other events). A type number is the identifier of the > binary blobs in the tracing ring buffer (known as events) to map them to > logic that can parse the binary blob. > > The issue is that if a dynamic event (like a kprobe event) is traced and > is in the ring buffer, and then that event is removed (because it is > dynamic, which means it can be created and destroyed), if another dynamic > event is created that has the same number that new event's logic on > parsing the binary blob will be used. > > To show how this can be an issue, the following can crash the kernel: > > # cd /sys/kernel/tracing > # for i in `seq 65536`; do > echo 'p:kprobes/foo do_sys_openat2 $arg1:u32' > kprobe_events > # done > > For every iteration of the above, the writing to the kprobe_events will > remove the old event and create a new one (with the same format) and > increase the type number to the next available on until the type number > reaches over 65535 which is the max number for the 16 bit type. After it > reaches that number, the logic to allocate a new number simply looks for > the next available number. When an dynamic event is removed, that number > is then available to be reused by the next dynamic event created. That is, > once the above reaches the max number, the number assigned to the event in > that loop will remain the same. > > Now that means deleting one dynamic event and created another will reuse > the previous events type number. This is where bad things can happen. > After the above loop finishes, the kprobes/foo event which reads the > do_sys_openat2 function call's first parameter as an integer. > > # echo 1 > kprobes/foo/enable > # cat /etc/passwd > /dev/null > # cat trace > cat-2211 [005] .... 2007.849603: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 > cat-2211 [005] .... 2007.849620: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 > cat-2211 [005] .... 2007.849838: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 > cat-2211 [005] .... 2007.849880: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 > # echo 0 > kprobes/foo/enable > > Now if we delete the kprobe and create a new one that reads a string: > > # echo 'p:kprobes/foo do_sys_openat2 +0($arg2):string' > kprobe_events > > And now we can the trace: > > # cat trace > sendmail-1942 [002] ..... 530.136320: foo: (do_sys_openat2+0x0/0x240) arg1= cat-2046 [004] ..... 530.930817: foo: (do_sys_openat2+0x0/0x240) arg1="��" > cat-2046 [004] ..... 530.930961: foo: (do_sys_openat2+0x0/0x240) arg1="��" > cat-2046 [004] ..... 530.934278: foo: (do_sys_openat2+0x0/0x240) arg1="��" > cat-2046 [004] ..... 530.934563: foo: (do_sys_openat2+0x0/0x240) arg1="��" > bash-1515 [007] ..... 534.299093: foo: (do_sys_openat2+0x0/0x240) arg1="kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk��@��4Z��;Y��U Aah, right. Even if we remove one dynamic event, it was shown as unknown events. > > And dmesg has: > > ================================================================== > BUG: KASAN: use-after-free in string+0xd4/0x1c0 > Read of size 1 at addr ffff88805fdbbfa0 by task cat/2049 > > CPU: 0 PID: 2049 Comm: cat Not tainted 6.1.0-rc6-test+ #641 > Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03 07/14/2016 > Call Trace: > <TASK> > dump_stack_lvl+0x5b/0x77 > print_report+0x17f/0x47b > kasan_report+0xad/0x130 > string+0xd4/0x1c0 > vsnprintf+0x500/0x840 > seq_buf_vprintf+0x62/0xc0 > trace_seq_printf+0x10e/0x1e0 > print_type_string+0x90/0xa0 > print_kprobe_event+0x16b/0x290 > print_trace_line+0x451/0x8e0 > s_show+0x72/0x1f0 > seq_read_iter+0x58e/0x750 > seq_read+0x115/0x160 > vfs_read+0x11d/0x460 > ksys_read+0xa9/0x130 > do_syscall_64+0x3a/0x90 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > RIP: 0033:0x7fc2e972ade2 > Code: c0 e9 b2 fe ff ff 50 48 8d 3d b2 3f 0a 00 e8 05 f0 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 > RSP: 002b:00007ffc64e687c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 > RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007fc2e972ade2 > RDX: 0000000000020000 RSI: 00007fc2e980d000 RDI: 0000000000000003 > RBP: 00007fc2e980d000 R08: 00007fc2e980c010 R09: 0000000000000000 > R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000020f00 > R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000 > </TASK> > > The buggy address belongs to the physical page: > page:ffffea00017f6ec0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5fdbb > flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) > raw: 000fffffc0000000 0000000000000000 ffffea00017f6ec8 0000000000000000 > raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 > page dumped because: kasan: bad access detected > > Memory state around the buggy address: > ffff88805fdbbe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ffff88805fdbbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > >ffff88805fdbbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ^ > ffff88805fdbc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ffff88805fdbc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ================================================================== > > This was found when Zheng Yejian sent a patch to convert the even type > number assignment to use IDA, which gives the next available number, and > this bug showed up in the fuzz testing by Yujie Liu and the kernel test > robot. But after further analysis, I found that this behavior is the same > as when the event type numbers go past the 16bit max (and the above shows > that). > > As modules have a similar issue, but is dealt with by setting a > "WAS_ENABLED" flag when a module event is enabled, and when the module is > freed, if any of its events were enabled, the ring buffer that holds that > event is also cleared, to prevent reading stale events. The same can be > done for dynamic events. Indeed. If the dynamic event had not been enabled, there is no reason to clear the buffer. This looks good to me. Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Thank you! > > If any dynamic event that is being removed was enabled, then make sure the > buffers they were enabled in are now cleared. > > Link: https://lore.kernel.org/all/20221110020319.1259291-1-zhengyejian1@huawei.co… > > Cc: stable(a)vger.kernel.org > Depends-on: TBD ("tracing: Add tracing_reset_all_online_cpus_unlocked() function") > Depends-on: 5448d44c38557 ("tracing: Add unified dynamic event framework") > Depends-on: 6212dd29683ee ("tracing/kprobes: Use dyn_event framework for kprobe events") > Depends-on: 065e63f951432 ("tracing: Only have rmmod clear buffers that its events were active in") > Depends-on: 575380da8b469 ("tracing: Only clear trace buffer on module unload if event was traced") > Fixes: 77b44d1b7c283 ("tracing/kprobes: Rename Kprobe-tracer to kprobe-event") > Reported-by: Zheng Yejian <zhengyejian1(a)huawei.com> > Reported-by: Yujie Liu <yujie.liu(a)intel.com> > Reported-by: kernel test robot <yujie.liu(a)intel.com> > Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> > --- > kernel/trace/trace_dynevent.c | 2 ++ > kernel/trace/trace_events.c | 11 ++++++++++- > 2 files changed, 12 insertions(+), 1 deletion(-) > > diff --git a/kernel/trace/trace_dynevent.c b/kernel/trace/trace_dynevent.c > index 154996684fb5..4376887e0d8a 100644 > --- a/kernel/trace/trace_dynevent.c > +++ b/kernel/trace/trace_dynevent.c > @@ -118,6 +118,7 @@ int dyn_event_release(const char *raw_command, struct dyn_event_operations *type > if (ret) > break; > } > + tracing_reset_all_online_cpus(); > mutex_unlock(&event_mutex); > out: > argv_free(argv); > @@ -214,6 +215,7 @@ int dyn_events_release_all(struct dyn_event_operations *type) > break; > } > out: > + tracing_reset_all_online_cpus(); > mutex_unlock(&event_mutex); > > return ret; > diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c > index 0449e3c7d327..3bfaf560ecc4 100644 > --- a/kernel/trace/trace_events.c > +++ b/kernel/trace/trace_events.c > @@ -2947,7 +2947,10 @@ static int probe_remove_event_call(struct trace_event_call *call) > * TRACE_REG_UNREGISTER. > */ > if (file->flags & EVENT_FILE_FL_ENABLED) > - return -EBUSY; > + goto busy; > + > + if (file->flags & EVENT_FILE_FL_WAS_ENABLED) > + tr->clear_trace = true; > /* > * The do_for_each_event_file_safe() is > * a double loop. After finding the call for this > @@ -2960,6 +2963,12 @@ static int probe_remove_event_call(struct trace_event_call *call) > __trace_remove_event_call(call); > > return 0; > + busy: > + /* No need to clear the trace now */ > + list_for_each_entry(tr, &ftrace_trace_arrays, list) { > + tr->clear_trace = false; > + } > + return -EBUSY; > } > > /* Remove an event_call */ > -- > 2.35.1 > > -- Masami Hiramatsu (Google) <mhiramat(a)kernel.org>

2 years, 1 month

1
0
0 0

+ mm-khugepaged-invoke-mmu-notifiers-in-shmem-file-collapse-paths.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-khugepaged-invoke-mmu-notifiers-in-shmem-file-collapse-paths.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Date: Wed, 23 Nov 2022 17:56:52 +0100 Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs (like KVM) don't keep accessing pages which aren't mapped anymore. Secondary MMUs don't hold their own references to pages that are mirrored over, so failing to notify them can lead to page use-after-free. I'm marking this as addressing an issue introduced in commit f3f0e1d2150b ("khugepaged: add support of collapse for tmpfs/shmem pages"), but most of the security impact of this only came in commit 27e1f8273113 ("khugepaged: enable collapse pmd for pte-mapped THP"), which actually omitted flushes for the removal of present PTEs, not just for the removal of empty page tables. Link: https://lkml.kernel.org/r/20221123165652.2204925-5-jannh@google.com Fixes: f3f0e1d2150b ("khugepaged: add support of collapse for tmpfs/shmem p= ages") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/khugepaged.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/mm/khugepaged.c~mm-khugepaged-invoke-mmu-notifiers-in-shmem-file-collapse-paths +++ a/mm/khugepaged.c @@ -1421,6 +1421,7 @@ static void collapse_and_free_pmd(struct { pmd_t pmd; struct mmu_gather tlb; + struct mmu_notifier_range range; mmap_assert_write_locked(mm); if (vma->vm_file) @@ -1433,12 +1434,16 @@ static void collapse_and_free_pmd(struct lockdep_assert_held_write(&vma->anon_vma->root->rwsem); page_table_check_pte_clear_range(mm, addr, pmd); + mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm, addr, + addr + HPAGE_PMD_SIZE); + mmu_notifier_invalidate_range_start(&range); tlb_gather_mmu(&tlb, mm); pmd = READ_ONCE(*pmdp); pmd_clear(pmdp); tlb_flush_pte_range(&tlb, addr, HPAGE_PMD_SIZE); pte_free_tlb(&tlb, pmd_pgtable(pmd), addr); tlb_finish_mmu(&tlb); + mmu_notifier_invalidate_range_end(&range); mm_dec_nr_ptes(mm); } _ Patches currently in -mm which might be from jannh(a)google.com are mm-khugepaged-take-the-right-locks-for-page-table-retraction.patch mmu_gather-use-macro-arguments-more-carefully.patch mm-khugepaged-fix-gup-fast-interaction-by-freeing-ptes-via-mmu_gather.patch mm-khugepaged-invoke-mmu-notifiers-in-shmem-file-collapse-paths.patch

2 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2022