December 2022 - Linux-stable-mirror

[PATCH V2 1/3] MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

by Huacai Chen

When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<980000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]--- Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/mips/kernel/proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/mips/kernel/proc.c b/arch/mips/kernel/proc.c index 4184d641f05e..33a02f3814f5 100644 --- a/arch/mips/kernel/proc.c +++ b/arch/mips/kernel/proc.c @@ -172,7 +172,7 @@ static void *c_start(struct seq_file *m, loff_t *pos) { unsigned long i = *pos; - return i < NR_CPUS ? (void *) (i + 1) : NULL; + return i < nr_cpu_ids ? (void *) (i + 1) : NULL; } static void *c_next(struct seq_file *m, void *v, loff_t *pos) -- 2.31.1

9 months

5
15
0 0

[PATCH MANUALSEL 4.19 1/2] KVM: x86: Handle SRCU initialization failure during page track init

by Sasha Levin

From: Haimin Zhang <tcs_kernel(a)tencent.com> [ Upstream commit eb7511bf9182292ef1df1082d23039e856d1ddfb ] Check the return of init_srcu_struct(), which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found by a modified syzkaller. Reported-by: TCS Robot <tcs_robot(a)tencent.com> Signed-off-by: Haimin Zhang <tcs_kernel(a)tencent.com> Message-Id: <1630636626-12262-1-git-send-email-tcs_kernel(a)tencent.com> [Move the call towards the beginning of kvm_arch_init_vm. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/x86/include/asm/kvm_page_track.h | 2 +- arch/x86/kvm/page_track.c | 4 ++-- arch/x86/kvm/x86.c | 7 ++++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h index 172f9749dbb2..5986bd4aacd6 100644 --- a/arch/x86/include/asm/kvm_page_track.h +++ b/arch/x86/include/asm/kvm_page_track.h @@ -46,7 +46,7 @@ struct kvm_page_track_notifier_node { struct kvm_page_track_notifier_node *node); }; -void kvm_page_track_init(struct kvm *kvm); +int kvm_page_track_init(struct kvm *kvm); void kvm_page_track_cleanup(struct kvm *kvm); void kvm_page_track_free_memslot(struct kvm_memory_slot *free, diff --git a/arch/x86/kvm/page_track.c b/arch/x86/kvm/page_track.c index 3052a59a3065..1f6b0d9b0c85 100644 --- a/arch/x86/kvm/page_track.c +++ b/arch/x86/kvm/page_track.c @@ -169,13 +169,13 @@ void kvm_page_track_cleanup(struct kvm *kvm) cleanup_srcu_struct(&head->track_srcu); } -void kvm_page_track_init(struct kvm *kvm) +int kvm_page_track_init(struct kvm *kvm) { struct kvm_page_track_notifier_head *head; head = &kvm->arch.track_notifier_head; - init_srcu_struct(&head->track_srcu); INIT_HLIST_HEAD(&head->track_notifier_list); + return init_srcu_struct(&head->track_srcu); } /* diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 417abc9ba1ad..70cb18f89029 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9039,9 +9039,15 @@ void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) { + int ret; + if (type) return -EINVAL; + ret = kvm_page_track_init(kvm); + if (ret) + return ret; + INIT_HLIST_HEAD(&kvm->arch.mask_notifier_list); INIT_LIST_HEAD(&kvm->arch.active_mmu_pages); INIT_LIST_HEAD(&kvm->arch.zapped_obsolete_pages); @@ -9068,7 +9074,6 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) INIT_DELAYED_WORK(&kvm->arch.kvmclock_sync_work, kvmclock_sync_fn); kvm_hv_init_vm(kvm); - kvm_page_track_init(kvm); kvm_mmu_init_vm(kvm); if (kvm_x86_ops->vm_init) -- 2.33.0

1 year, 2 months

4
4
0 0

FAILED: patch "[PATCH] ext4: fix bug_on in __es_tree_search" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d36f6ed761b53933b0b4126486c10d3da7751e7f Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Wed, 18 May 2022 20:08:16 +0800 Subject: [PATCH] ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561 ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964 ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384 ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567 ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980 ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031 ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257 v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63 v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82 vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368 dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490 ext4_quota_enable fs/ext4/super.c:6137 [inline] ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163 ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754 mount_bdev+0x2e9/0x3b0 fs/super.c:1158 mount_fs+0x4b/0x1e4 fs/super.c:1261 [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_fill_super ext4_enable_quotas ext4_quota_enable ext4_iget __ext4_iget ext4_ext_check_inode ext4_ext_check __ext4_ext_check ext4_valid_extent_entries Check for overlapping extents does't take effect dquot_enable vfs_load_quota_inode v2_check_quota_file v2_read_header ext4_quota_read ext4_bread ext4_getblk ext4_map_blocks ext4_ext_map_blocks ext4_find_extent ext4_cache_extents ext4_es_cache_extent ext4_es_cache_extent __es_tree_search ext4_es_end BUG_ON(es->es_lblk + es->es_len < es->es_lblk) The error ext4 extents is as follows: 0af3 0300 0400 0000 00000000 extent_header 00000000 0100 0000 12000000 extent1 00000000 0100 0000 18000000 extent2 02000000 0400 0000 14000000 extent3 In the ext4_valid_extent_entries function, if prev is 0, no error is returned even if lblock<=prev. This was intended to skip the check on the first extent, but in the error image above, prev=0+1-1=0 when checking the second extent, so even though lblock<=prev, the function does not return an error. As a result, bug_ON occurs in __es_tree_search and the system panics. To solve this problem, we only need to check that: 1. The lblock of the first extent is not less than 0. 2. The lblock of the next extent is not less than the next block of the previous extent. The same applies to extent_idx. Cc: stable(a)kernel.org Fixes: 5946d089379a ("ext4: check for overlapping extents in ext4_valid_extent_entries()") Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20220518120816.1541863-1-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 474479ce76e0..c148bb97b527 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -372,7 +372,7 @@ static int ext4_valid_extent_entries(struct inode *inode, { unsigned short entries; ext4_lblk_t lblock = 0; - ext4_lblk_t prev = 0; + ext4_lblk_t cur = 0; if (eh->eh_entries == 0) return 1; @@ -396,11 +396,11 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping extents */ lblock = le32_to_cpu(ext->ee_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_ext_pblock(ext); return 0; } - prev = lblock + ext4_ext_get_actual_len(ext) - 1; + cur = lblock + ext4_ext_get_actual_len(ext); ext++; entries--; } @@ -420,13 +420,13 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping index extents */ lblock = le32_to_cpu(ext_idx->ei_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_idx_pblock(ext_idx); return 0; } ext_idx++; entries--; - prev = lblock; + cur = lblock + 1; } } return 1;

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] bpf: Fix out of bounds access for ringbuf helpers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 64620e0a1e712a778095bd35cbb277dc2259281f Mon Sep 17 00:00:00 2001 From: Daniel Borkmann <daniel(a)iogearbox.net> Date: Tue, 11 Jan 2022 14:43:41 +0000 Subject: [PATCH] bpf: Fix out of bounds access for ringbuf helpers Both bpf_ringbuf_submit() and bpf_ringbuf_discard() have ARG_PTR_TO_ALLOC_MEM in their bpf_func_proto definition as their first argument. They both expect the result from a prior bpf_ringbuf_reserve() call which has a return type of RET_PTR_TO_ALLOC_MEM_OR_NULL. Meaning, after a NULL check in the code, the verifier will promote the register type in the non-NULL branch to a PTR_TO_MEM and in the NULL branch to a known zero scalar. Generally, pointer arithmetic on PTR_TO_MEM is allowed, so the latter could have an offset. The ARG_PTR_TO_ALLOC_MEM expects a PTR_TO_MEM register type. However, the non- zero result from bpf_ringbuf_reserve() must be fed into either bpf_ringbuf_submit() or bpf_ringbuf_discard() but with the original offset given it will then read out the struct bpf_ringbuf_hdr mapping. The verifier missed to enforce a zero offset, so that out of bounds access can be triggered which could be used to escalate privileges if unprivileged BPF was enabled (disabled by default in kernel). Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: <tr3e.wang(a)gmail.com> (SecCoder Security Lab) Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Acked-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e0b3f4d683eb..c72c57a6684f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5318,9 +5318,15 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, case PTR_TO_BUF: case PTR_TO_BUF | MEM_RDONLY: case PTR_TO_STACK: + /* Some of the argument types nevertheless require a + * zero register offset. + */ + if (arg_type == ARG_PTR_TO_ALLOC_MEM) + goto force_off_check; break; /* All the rest must be rejected: */ default: +force_off_check: err = __check_ptr_off_reg(env, reg, regno, type == PTR_TO_BTF_ID); if (err < 0)

1 year, 4 months

3
19
0 0

[PATCH v3 2/6] usb: dwc3: gadget: cancel requests instead of release after missed isoc

by Dan Vacura

From: Jeff Vanhoof <qjv001(a)motorola.com> arm-smmu related crashes seen after a Missed ISOC interrupt when no_interrupt=1 is used. This can happen if the hardware is still using the data associated with a TRB after the usb_request's ->complete call has been made. Instead of immediately releasing a request when a Missed ISOC interrupt has occurred, this change will add logic to cancel the request instead where it will eventually be released when the END_TRANSFER command has completed. This logic is similar to some of the cleanup done in dwc3_gadget_ep_dequeue. Fixes: 6d8a019614f3 ("usb: dwc3: gadget: check for Missed Isoc from event status") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jeff Vanhoof <qjv001(a)motorola.com> Co-developed-by: Dan Vacura <w36195(a)motorola.com> Signed-off-by: Dan Vacura <w36195(a)motorola.com> --- V1 -> V3: - no change, new patch in series drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 38 ++++++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 8f9959ba9fd4..9b005d912241 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -943,6 +943,7 @@ struct dwc3_request { #define DWC3_REQUEST_STATUS_DEQUEUED 3 #define DWC3_REQUEST_STATUS_STALLED 4 #define DWC3_REQUEST_STATUS_COMPLETED 5 +#define DWC3_REQUEST_STATUS_MISSED_ISOC 6 #define DWC3_REQUEST_STATUS_UNKNOWN -1 u8 epnum; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 079cd333632e..411532c5c378 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2021,6 +2021,9 @@ static void dwc3_gadget_ep_cleanup_cancelled_requests(struct dwc3_ep *dep) case DWC3_REQUEST_STATUS_STALLED: dwc3_gadget_giveback(dep, req, -EPIPE); break; + case DWC3_REQUEST_STATUS_MISSED_ISOC: + dwc3_gadget_giveback(dep, req, -EXDEV); + break; default: dev_err(dwc->dev, "request cancelled with wrong reason:%d\n", req->status); dwc3_gadget_giveback(dep, req, -ECONNRESET); @@ -3402,21 +3405,32 @@ static bool dwc3_gadget_endpoint_trbs_complete(struct dwc3_ep *dep, struct dwc3 *dwc = dep->dwc; bool no_started_trb = true; - dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); + if (status == -EXDEV) { + struct dwc3_request *tmp; + struct dwc3_request *req; - if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) - goto out; + if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING)) + dwc3_stop_active_transfer(dep, true, true); - if (!dep->endpoint.desc) - return no_started_trb; + list_for_each_entry_safe(req, tmp, &dep->started_list, list) + dwc3_gadget_move_cancelled_request(req, + DWC3_REQUEST_STATUS_MISSED_ISOC); + } else { + dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); - if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && - list_empty(&dep->started_list) && - (list_empty(&dep->pending_list) || status == -EXDEV)) - dwc3_stop_active_transfer(dep, true, true); - else if (dwc3_gadget_ep_should_continue(dep)) - if (__dwc3_gadget_kick_transfer(dep) == 0) - no_started_trb = false; + if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) + goto out; + + if (!dep->endpoint.desc) + return no_started_trb; + + if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && + list_empty(&dep->started_list) && list_empty(&dep->pending_list)) + dwc3_stop_active_transfer(dep, true, true); + else if (dwc3_gadget_ep_should_continue(dep)) + if (__dwc3_gadget_kick_transfer(dep) == 0) + no_started_trb = false; + } out: /* -- 2.34.1

1 year, 5 months

3
12
0 0

[PATCH] ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on action required events

by Shuai Xue

There are two major types of uncorrected error (UC) : - Action Required: The error is detected and the processor already consumes the memory. OS requires to take action (for example, offline failure page/kill failure thread) to recover this uncorrectable error. - Action Optional: The error is detected out of processor execution context. Some data in the memory are corrupted. But the data have not been consumed. OS is optional to take action to recover this uncorrectable error. For X86 platforms, we can easily distinguish between these two types based on the MCA Bank. While for arm64 platform, the memory failure flags for all UCs which severity are GHES_SEV_RECOVERABLE are set as 0, a.k.a, Action Optional now. If UC is detected by a background scrubber, it is obviously an Action Optional error. For other errors, we should conservatively regard them as Action Required. cper_sec_mem_err::error_type identifies the type of error that occurred if CPER_MEM_VALID_ERROR_TYPE is set. So, set memory failure flags as 0 for Scrub Uncorrected Error (type 14). Otherwise, set memory failure flags as MF_ACTION_REQUIRED. Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> --- drivers/acpi/apei/ghes.c | 10 ++++++++-- include/linux/cper.h | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c index 80ad530583c9..6c03059cbfc6 100644 --- a/drivers/acpi/apei/ghes.c +++ b/drivers/acpi/apei/ghes.c @@ -474,8 +474,14 @@ static bool ghes_handle_memory_failure(struct acpi_hest_generic_data *gdata, if (sec_sev == GHES_SEV_CORRECTED && (gdata->flags & CPER_SEC_ERROR_THRESHOLD_EXCEEDED)) flags = MF_SOFT_OFFLINE; - if (sev == GHES_SEV_RECOVERABLE && sec_sev == GHES_SEV_RECOVERABLE) - flags = 0; + if (sev == GHES_SEV_RECOVERABLE && sec_sev == GHES_SEV_RECOVERABLE) { + if (mem_err->validation_bits & CPER_MEM_VALID_ERROR_TYPE) + flags = mem_err->error_type == CPER_MEM_SCRUB_UC ? + 0 : + MF_ACTION_REQUIRED; + else + flags = MF_ACTION_REQUIRED; + } if (flags != -1) return ghes_do_memory_failure(mem_err->physical_addr, flags); diff --git a/include/linux/cper.h b/include/linux/cper.h index eacb7dd7b3af..b77ab7636614 100644 --- a/include/linux/cper.h +++ b/include/linux/cper.h @@ -235,6 +235,9 @@ enum { #define CPER_MEM_VALID_BANK_ADDRESS 0x100000 #define CPER_MEM_VALID_CHIP_ID 0x200000 +#define CPER_MEM_SCRUB_CE 13 +#define CPER_MEM_SCRUB_UC 14 + #define CPER_MEM_EXT_ROW_MASK 0x3 #define CPER_MEM_EXT_ROW_SHIFT 16 -- 2.20.1.9.gb50a0d7

1 year, 8 months

9
45
0 0

[PATCH v4 2/6] usb: dwc3: gadget: cancel requests instead of release after missed isoc

by Dan Vacura

From: Jeff Vanhoof <qjv001(a)motorola.com> arm-smmu related crashes seen after a Missed ISOC interrupt when no_interrupt=1 is used. This can happen if the hardware is still using the data associated with a TRB after the usb_request's ->complete call has been made. Instead of immediately releasing a request when a Missed ISOC interrupt has occurred, this change will add logic to cancel the request instead where it will eventually be released when the END_TRANSFER command has completed. This logic is similar to some of the cleanup done in dwc3_gadget_ep_dequeue. Fixes: 6d8a019614f3 ("usb: dwc3: gadget: check for Missed Isoc from event status") Cc: <stable(a)vger.kernel.org> Signed-off-by: Jeff Vanhoof <qjv001(a)motorola.com> Co-developed-by: Dan Vacura <w36195(a)motorola.com> Signed-off-by: Dan Vacura <w36195(a)motorola.com> --- V1 -> V3: - no change, new patch in series V3 -> V4: - no change drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 38 ++++++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 8f9959ba9fd4..9b005d912241 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -943,6 +943,7 @@ struct dwc3_request { #define DWC3_REQUEST_STATUS_DEQUEUED 3 #define DWC3_REQUEST_STATUS_STALLED 4 #define DWC3_REQUEST_STATUS_COMPLETED 5 +#define DWC3_REQUEST_STATUS_MISSED_ISOC 6 #define DWC3_REQUEST_STATUS_UNKNOWN -1 u8 epnum; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 079cd333632e..411532c5c378 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2021,6 +2021,9 @@ static void dwc3_gadget_ep_cleanup_cancelled_requests(struct dwc3_ep *dep) case DWC3_REQUEST_STATUS_STALLED: dwc3_gadget_giveback(dep, req, -EPIPE); break; + case DWC3_REQUEST_STATUS_MISSED_ISOC: + dwc3_gadget_giveback(dep, req, -EXDEV); + break; default: dev_err(dwc->dev, "request cancelled with wrong reason:%d\n", req->status); dwc3_gadget_giveback(dep, req, -ECONNRESET); @@ -3402,21 +3405,32 @@ static bool dwc3_gadget_endpoint_trbs_complete(struct dwc3_ep *dep, struct dwc3 *dwc = dep->dwc; bool no_started_trb = true; - dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); + if (status == -EXDEV) { + struct dwc3_request *tmp; + struct dwc3_request *req; - if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) - goto out; + if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING)) + dwc3_stop_active_transfer(dep, true, true); - if (!dep->endpoint.desc) - return no_started_trb; + list_for_each_entry_safe(req, tmp, &dep->started_list, list) + dwc3_gadget_move_cancelled_request(req, + DWC3_REQUEST_STATUS_MISSED_ISOC); + } else { + dwc3_gadget_ep_cleanup_completed_requests(dep, event, status); - if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && - list_empty(&dep->started_list) && - (list_empty(&dep->pending_list) || status == -EXDEV)) - dwc3_stop_active_transfer(dep, true, true); - else if (dwc3_gadget_ep_should_continue(dep)) - if (__dwc3_gadget_kick_transfer(dep) == 0) - no_started_trb = false; + if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) + goto out; + + if (!dep->endpoint.desc) + return no_started_trb; + + if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && + list_empty(&dep->started_list) && list_empty(&dep->pending_list)) + dwc3_stop_active_transfer(dep, true, true); + else if (dwc3_gadget_ep_should_continue(dep)) + if (__dwc3_gadget_kick_transfer(dep) == 0) + no_started_trb = false; + } out: /* -- 2.34.1

1 year, 11 months

5
5
0 0

[PATCH] iio: afe: rescale: Fix logic bug

by Linus Walleij

When introducing support for processed channels I needed to invert the expression: if (!iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || !iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) dev_err(dev, "source channel does not support raw/scale\n"); To the inverse, meaning detect when we can usse raw+scale rather than when we can not. This was the result: if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) dev_info(dev, "using raw+scale source channel\n"); Ooops. Spot the error. Yep old George Boole came up and bit me. That should be an &&. The current code "mostly works" because we have not run into systems supporting only raw but not scale or only scale but not raw, and I doubt there are few using the rescaler on anything such, but let's fix the logic. Cc: Liam Beguin <liambeguin(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: 53ebee949980 ("iio: afe: iio-rescale: Support processed channels") Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/iio/afe/iio-rescale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/afe/iio-rescale.c b/drivers/iio/afe/iio-rescale.c index 7e511293d6d1..dc426e1484f0 100644 --- a/drivers/iio/afe/iio-rescale.c +++ b/drivers/iio/afe/iio-rescale.c @@ -278,7 +278,7 @@ static int rescale_configure_channel(struct device *dev, chan->ext_info = rescale->ext_info; chan->type = rescale->cfg->type; - if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) || + if (iio_channel_has_info(schan, IIO_CHAN_INFO_RAW) && iio_channel_has_info(schan, IIO_CHAN_INFO_SCALE)) { dev_info(dev, "using raw+scale source channel\n"); } else if (iio_channel_has_info(schan, IIO_CHAN_INFO_PROCESSED)) { -- 2.35.3

1 year, 12 months

6
17
0 0

[PATCH 5.17 000/298] 5.17.15-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.17.15 release. There are 298 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.17.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.17.15-rc1 Damien Le Moal <damien.lemoal(a)opensource.wdc.com> zonefs: fix handling of explicit_open option on mount Johan Hovold <johan+linaro(a)kernel.org> PCI: qcom: Fix pipe clock imbalance Christoph Hellwig <hch(a)lst.de> block, loop: support partitions without scanning Davide Caratti <dcaratti(a)redhat.com> net/sched: act_police: more accurate MTU policing Pascal Hambourg <pascal(a)plouf.fr.eu.org> md/raid0: Ignore RAID0 layout if the second zone has only one device Jason A. Donenfeld <Jason(a)zx2c4.com> random: account for arch randomness in bits Jason A. Donenfeld <Jason(a)zx2c4.com> random: mark bootloader randomness code as __init Jason A. Donenfeld <Jason(a)zx2c4.com> random: avoid checking crng_ready() twice in random_init() KuoHsiang Chou <kuohsiang_chou(a)aspeedtech.com> drm/ast: Create threshold values for AST2600 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/32: Fix overread/overwrite of thread_struct via ptrace Jason Wang <jasowang(a)redhat.com> virtio-rng: make device ready before making request Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update VCN codec support for Yellow Carp Mohammad Zafar Ziya <Mohammadzafar.ziya(a)amd.com> drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit Brian Norris <briannorris(a)chromium.org> drm/atomic: Force bridge self-refresh-exit on CRTC switch Brian Norris <briannorris(a)chromium.org> drm/bridge: analogix_dp: Support PSR-exit to disable transition Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK Matthew Wilcox (Oracle) <willy(a)infradead.org> mm/huge_memory: Fix xarray node memory leak Peter Zijlstra <peterz(a)infradead.org> cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE Xie Yongji <xieyongji(a)bytedance.com> vduse: Fix NULL pointer dereference on sysfs access Mathias Nyman <mathias.nyman(a)linux.intel.com> Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Olivier Matz <olivier.matz(a)6wind.com> ixgbe: fix unexpected VLAN Rx in promisc mode on VF Olivier Matz <olivier.matz(a)6wind.com> ixgbe: fix bcast packets Rx on VF after promisc removal Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Martin Faltesek <mfaltesek(a)google.com> nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Jchao Sun <sunjunchao2870(a)gmail.com> writeback: Fix inode->i_io_list not be protected by inode->i_lock error Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix misuse of the cached connection on tuple changes Tan Tee Min <tee.min.tan(a)linux.intel.com> net: phy: dp83867: retrigger SGMII AN when link change Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Fix CQE recovery reset success Sergey Shtylyov <s.shtylyov(a)omp.ru> ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Tyler Erickson <tyler.erickson(a)seagate.com> libata: fix translation of concurrent positioning ranges Tyler Erickson <tyler.erickson(a)seagate.com> libata: fix reading concurrent positioning ranges log David Safford <david.safford(a)gmail.com> KEYS: trusted: tpm2: Fix migratable logic Tyler Erickson <tyler.erickson(a)seagate.com> scsi: sd: Fix interpretation of VPD B9h length Shyam Prasad N <sprasad(a)microsoft.com> cifs: populate empty hostnames for extra channels Paulo Alcantara <pc(a)cjr.nz> cifs: fix reconnect on smb3 mount types Shyam Prasad N <sprasad(a)microsoft.com> cifs: return errors during session setup during reconnects Jeremy Soller <jeremy(a)system76.com> ALSA: hda/realtek: Add quirk for HP Dev One Cameron Berkenpas <cam(a)neo-zeon.de> ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 huangwenhui <huangwenhuia(a)uniontech.com> ALSA: hda/conexant - Fix loopback issue with CX20632 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Set up (implicit) sync for Saffire 6 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Skip generic sync EP parse for secondary EP Bedant Patnaik <bedant.patnaik(a)gmail.com> platform/x86: hp-wmi: Use zero insize parameter only when supported Jorge Lopez <jorge.lopez2(a)hp.com> platform/x86: hp-wmi: Fix hp_wmi_read_int() reporting error (0x05) Kuan-Ying Lee <Kuan-Ying.Lee(a)mediatek.com> scripts/gdb: change kernel config dumping method Jiasheng Jiang <jiasheng(a)iscas.ac.cn> platform/x86: barco-p50-gpio: Add check for platform_driver_register Xie Yongji <xieyongji(a)bytedance.com> vringh: Fix loop descriptors check in the indirect cases Kees Cook <keescook(a)chromium.org> nodemask: Fix return values to be unsigned Yury Norov <yury.norov(a)gmail.com> drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate Steve French <stfrench(a)microsoft.com> cifs: version operations for smb20 unneeded when legacy support disabled Christian Borntraeger <borntraeger(a)linux.ibm.com> s390/gmap: voluntarily schedule during key setting Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Add control of subdevice voltage regulators" Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend" Yu Kuai <yukuai3(a)huawei.com> nbd: fix io hung while disconnecting device Yu Kuai <yukuai3(a)huawei.com> nbd: fix race between nbd_alloc_config() and module removal Yu Kuai <yukuai3(a)huawei.com> nbd: call genl_unregister_family() first in nbd_cleanup() Peter Zijlstra <peterz(a)infradead.org> jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds Peter Zijlstra <peterz(a)infradead.org> x86/cpu: Elide KCSAN for cpu_has() and friends Masahiro Yamada <masahiroy(a)kernel.org> modpost: fix undefined behavior of is_arm_mapping_symbol() Johannes Berg <johannes.berg(a)intel.com> um: line: Use separate IRQs per line Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fix missing thermal throttler status Gong Yuanjun <ruc_gongyuanjun(a)163.com> drm/amd/pm: fix a potential gpu_metrics_table memory leak Gong Yuanjun <ruc_gongyuanjun(a)163.com> drm/radeon: fix a possible null pointer dereference David Galiffi <David.Galiffi(a)amd.com> drm/amd/display: Check if modulo is 0 before dividing. Daniel Borkmann <daniel(a)iogearbox.net> net, neigh: Set lower cap for neigh_managed_work rearming Xiubo Li <xiubli(a)redhat.com> ceph: flush the mdlog for filesystem sync Venky Shankar <vshankar(a)redhat.com> ceph: allow ceph.dir.rctime xattr to be updatable Michal Kubecek <mkubecek(a)suse.cz> Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM Hannes Reinecke <hare(a)suse.de> scsi: myrb: Fix up null pointer access on myrb_cleanup() Guoqing Jiang <guoqing.jiang(a)cloud.ionos.com> md: protect md_unregister_thread from reentrancy Hyunchul Lee <hyc.lee(a)gmail.com> ksmbd: smbd: fix connection dropped issue Liu Xinpeng <liuxp11(a)chinatelecom.cn> watchdog: wdat_wdt: Stop watchdog when rebooting the system Hao Luo <haoluo(a)google.com> kernfs: Separate kernfs_pr_cont_buf and rename_lock. John Ogness <john.ogness(a)linutronix.de> serial: msm_serial: disable interrupts in __msm_console_write() Wang Cheng <wanngchenng(a)gmail.com> staging: rtl8712: fix uninit-value in r871xu_drv_init() Wang Cheng <wanngchenng(a)gmail.com> staging: rtl8712: fix uninit-value in usb_read8() and friends Andre Przywara <andre.przywara(a)arm.com> clocksource/drivers/sp804: Avoid error on multiple instances bumwoo lee <bw365.lee(a)samsung.com> extcon: Modify extcon device to be created after driver data is set Dan Carpenter <dan.carpenter(a)oracle.com> extcon: Fix extcon_get_extcon_dev() error handling Shuah Khan <skhan(a)linuxfoundation.org> misc: rtsx: set NULL intfdata when probe fails Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> soundwire: qcom: adjust autoenumeration timeout Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: host: Stop setting the ACPI companion Marek Szyprowski <m.szyprowski(a)samsung.com> usb: dwc2: gadget: don't reset gadget's driver->bus Changbin Du <changbin.du(a)intel.com> sysrq: do not omit current cpu when showing backtrace of all active CPUs Hangyu Hua <hbh25y(a)gmail.com> char: xillybus: fix a refcount leak in cleanup_dev() Evan Green <evgreen(a)chromium.org> USB: hcd-pci: Fully suspend across freeze/thaw cycle Duoming Zhou <duoming(a)zju.edu.cn> drivers: usb: host: Fix deadlock in oxu_bus_suspend() Duoming Zhou <duoming(a)zju.edu.cn> drivers: tty: serial: Fix deadlock in sa1100_set_termios() Zhen Ni <nizhen(a)uniontech.com> USB: host: isp116x: check return value after calling platform_get_resource() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use different lane for second DisplayPort tunnel Huang Guobin <huangguobin4(a)huawei.com> tty: Fix a possible resource leak in icom_probe Zheyu Ma <zheyuma97(a)gmail.com> tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Kees Cook <keescook(a)chromium.org> lkdtm/usercopy: Expand size of "out of frame" object Miquel Raynal <miquel.raynal(a)bootlin.com> iio: st_sensors: Add a local lock for protecting odr Xiaoke Wang <xkernel.wang(a)foxmail.com> staging: rtl8712: fix a potential memory leak in r871xu_drv_init() Xiaoke Wang <xkernel.wang(a)foxmail.com> iio: dummy: iio_simple_dummy: check the return value of kstrdup() David Howells <dhowells(a)redhat.com> iov_iter: Fix iter_xarray_get_pages{,_alloc}() Etienne van der Linde <etienne.vanderlinde(a)corigine.com> nfp: flower: restructure flow-key for gre+vlan combination Linus Torvalds <torvalds(a)linux-foundation.org> drm: imx: fix compiler warning with gcc-12 Muchun Song <songmuchun(a)bytedance.com> tcp: use alloc_large_system_hash() to allocate table_perturb Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete Miaoqian Lin <linmq006(a)gmail.com> net: altera: Fix refcount leak in altera_tse_mdio_create Willem de Bruijn <willemb(a)google.com> ip_gre: test csum_start instead of transport header Mark Bloch <mbloch(a)nvidia.com> net/mlx5: fs, fail conflicting actions Feras Daoud <ferasda(a)nvidia.com> net/mlx5: Rearm the FW tracer after each tracer event Saeed Mahameed <saeedm(a)nvidia.com> net/mlx5: Fix mlx5_get_next_dev() peer device matching Mark Bloch <mbloch(a)nvidia.com> net/mlx5: Lag, filter non compatible devices Masahiro Yamada <masahiroy(a)kernel.org> net: ipv6: unexport __init-annotated seg6_hmac_init() Masahiro Yamada <masahiroy(a)kernel.org> net: xfrm: unexport __init-annotated xfrm4_protocol_init() Masahiro Yamada <masahiroy(a)kernel.org> net: mdio: unexport __init-annotated mdio_bus_init() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: Fix handling of invalid descriptors in XSK TX batching API Magnus Karlsson <magnus.karlsson(a)intel.com> i40e: xsk: Move tmp desc array from driver to pool Gal Pressman <gal(a)nvidia.com> net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Miaoqian Lin <linmq006(a)gmail.com> net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Eric Dumazet <edumazet(a)google.com> bpf, arm64: Clear prog->jited_len along prog->jited Jan Beulich <jbeulich(a)suse.com> x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix a data-race in unix_dgram_peer_wake_me(). Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> stmmac: intel: Fix an error handling path in intel_eth_pci_probe() Masahiro Yamada <masahiroy(a)kernel.org> xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Miaoqian Lin <linmq006(a)gmail.com> net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register Taehee Yoo <ap420073(a)gmail.com> amt: fix wrong type string definition Taehee Yoo <ap420073(a)gmail.com> amt: fix possible null-ptr-deref in amt_rcv() Taehee Yoo <ap420073(a)gmail.com> amt: fix wrong usage of pskb_may_pull() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: bail out early if hardware offload is not supported Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: memleak flow rule from commit path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release new hooks on unsupported flowtable flags Miaoqian Lin <linmq006(a)gmail.com> ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: always initialize flowtable hook list in transaction Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Trap RDMA segment overflows Michael Ellerman <mpe(a)ellerman.id.au> powerpc/kasan: Force thread size increase with KASAN Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: delete flowtable hooks via transaction list Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path Florian Westphal <fw(a)strlen.de> netfilter: nat: really support inet nat without l3 address Steven Price <steven.price(a)arm.com> drm/panfrost: Job should reference MMU not file_priv Marek Vasut <marex(a)denx.de> drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid Kinglong Mee <kinglongmee(a)gmail.com> xprtrdma: treat all calls not a bcall when bc_serv is NULL Chao Yu <chao(a)kernel.org> f2fs: fix to tag gcing flag on page during file defragment Daniel Bristot de Oliveira <bristot(a)kernel.org> rtla/Makefile: Properly handle dependencies Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: fix undefined reference to `mach_get_rtc_pll' Liao Chang <liaochang1(a)huawei.com> RISC-V: use memcpy for kexec_file mode Yang Yingliang <yangyingliang(a)huawei.com> video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Saurabh Sengar <ssengar(a)linux.microsoft.com> video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1 Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't hold the layoutget locks across multiple RPC calls Radhey Shyam Pandey <radhey.shyam.pandey(a)xilinx.com> dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: fix undefined reference to `_init_sp' Greg Ungerer <gerg(a)linux-m68k.org> m68knommu: set ZERO_PAGE() to the allocated zeroed page Lucas Tanure <tanureal(a)opensource.cirrus.com> i2c: cadence: Increase timeout per message if necessary Dongliang Mu <mudongliangabcd(a)gmail.com> f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Yang Yingliang <yangyingliang(a)huawei.com> iommu/arm-smmu-v3: check return value after calling platform_get_resource() Yang Yingliang <yangyingliang(a)huawei.com> iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> tracing: Avoid adding tracer option before update_tracer_options Jun Miao <jun.miao(a)intel.com> tracing: Fix sleeping function called from invalid context on RT kernel Jeff Xie <xiehuan09(a)gmail.com> tracing: Make tp_printk work on syscall tracepoints Masami Hiramatsu <mhiramat(a)kernel.org> bootconfig: Make the bootconfig.o as a normal object file Gong Yuanjun <ruc_gongyuanjun(a)163.com> mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: set DMA_INTERRUPT cap bit Linus Torvalds <torvalds(a)linux-foundation.org> bluetooth: don't use bitmaps for random flag accesses Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP Leo Yan <leo.yan(a)linaro.org> perf c2c: Fix sorting in percent_rmt_hitm_cmp() Zhengjun Xing <zhengjun.xing(a)linux.intel.com> perf record: Support sample-read topdown metric group for hybrid platforms Kan Liang <kan.liang(a)linux.intel.com> perf parse-events: Move slots event for the hybrid platform too Kan Liang <kan.liang(a)linux.intel.com> perf evsel: Fixes topdown events in a weak group for the hybrid platform Saravana Kannan <saravanak(a)google.com> driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Hoang Le <hoang.h.le(a)dektech.com.au> tipc: check attribute length for bearer name Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix ax25 session cleanup problems Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: sd: Fix potential NULL pointer dereference Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() David Howells <dhowells(a)redhat.com> afs: Fix infinite loop found by xfstest generic/676 Haibo Chen <haibo.chen(a)nxp.com> gpio: pca953x: use the correct register address to do regcache sync Fabien Parent <fparent(a)baylibre.com> regulator: mt6315-regulator: fix invalid allowed mode Alexander Gordeev <agordeev(a)linux.ibm.com> s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag Ziyang Xuan <william.xuanziyang(a)huawei.com> macsec: fix UAF bug for real_dev Dan Carpenter <dan.carpenter(a)oracle.com> octeontx2-af: fix error code in is_valid_offset() Jason Wang <jasowang(a)redhat.com> vdpa: ifcvf: set pci driver data in probe Eric Dumazet <edumazet(a)google.com> tcp: tcp_rtx_synack() can be called from process context Guoju Fang <gjfang(a)linux.alibaba.com> net: sched: add barrier to fix packet stuck problem for lockless qdisc Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Update netdev features after changing XDP state Changcheng Liu <jerrliu(a)nvidia.com> net/mlx5: correct ECE offset in query qp output Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition Paul Blakey <paulb(a)nvidia.com> net/mlx5: CT: Fix header-rewrite re-use for tupels Maor Dickman <maord(a)nvidia.com> net/mlx5e: TC NIC mode, fix tc chains miss table Leon Romanovsky <leon(a)kernel.org> net/mlx5: Don't use already freed action pointer Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> virtio: pci: Fix an error handling path in vp_modern_probe() Eli Cohen <elic(a)nvidia.com> vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit Haisu Wang <haisuwang(a)tencent.com> blk-mq: do not update io_ticks with passthrough requests Jens Axboe <axboe(a)kernel.dk> block: make bioset_exit() fully resilient against being called twice Íñigo Huguet <ihuguet(a)redhat.com> sfc: fix wrong tx channel offset with efx_separate_tx_channels Martin Habets <habetsm.xilinx(a)gmail.com> sfc: fix considering that all channels have TX queues Christoph Hellwig <hch(a)lst.de> block: use bio_queue_enter instead of blk_queue_enter in bio_poll Yu Xiao <yu.xiao(a)corigine.com> nfp: only report pause frame configuration for physical device Eric Dumazet <edumazet(a)google.com> tcp: add accessors to read/set tp->snd_cwnd Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: read-only pages should not be writable Yu Kuai <yukuai3(a)huawei.com> nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed Christoph Hellwig <hch(a)lst.de> block: take destination bvec offsets into account in bio_copy_data_iter Menglong Dong <imagedong(a)tencent.com> bpf: Fix probe read error in ___bpf_prog_run() Song Liu <song(a)kernel.org> selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: fix selftest after random: Urandom_read tracepoint removal Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: ubi_create_volume: Fix use-after-free when volume creation failed Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty Baokun Li <libaokun1(a)huawei.com> jffs2: fix memory leak in jffs2_do_fill_super Genjian Zhang <zhanggenjian123(a)gmail.com> ep93xx: clock: Do not return the address of the freed memory Alexander Lobakin <alexandr.lobakin(a)intel.com> modpost: fix removing numeric suffixes Miaoqian Lin <linmq006(a)gmail.com> net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Miaoqian Lin <linmq006(a)gmail.com> net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks Dan Carpenter <dan.carpenter(a)oracle.com> net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Vincent Ray <vray(a)kalrayinc.com> net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Michael Walle <michael(a)walle.cc> net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE Dan Carpenter <dan.carpenter(a)oracle.com> drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() Eddie James <eajames(a)linux.ibm.com> spi: fsi: Fix spurious timeout liuyacan <liuyacan(a)corp.netease.com> net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable Taehee Yoo <ap420073(a)gmail.com> amt: fix possible memory leak in amt_rcv() Taehee Yoo <ap420073(a)gmail.com> amt: fix return value of amt_update_handler() Jann Horn <jannh(a)google.com> s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Ming Lei <ming.lei(a)redhat.com> blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx Miaoqian Lin <linmq006(a)gmail.com> watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Miaoqian Lin <linmq006(a)gmail.com> watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking Zhang Wensheng <zhangwensheng5(a)huawei.com> driver core: fix deadlock in __device_attach Schspa Shi <schspa(a)gmail.com> driver: base: fix UAF when driver_attach failed Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix warnings for unbind for serial Miaoqian Lin <linmq006(a)gmail.com> firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: stm32-usart: Correct CSIZE, bits, and parity Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: sifive: Sanitize CSIZE and c_iflag Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: sh-sci: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: txx9: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: rda-uart: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: digicolor-usart: Don't allow CS5-6 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: uartlite: Fix BRKINT clearing YueHaibing <yuehaibing(a)huawei.com> serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 John Ogness <john.ogness(a)linutronix.de> serial: meson: acquire port->lock in startup() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> staging: r8188eu: add check for kzalloc Miaoqian Lin <linmq006(a)gmail.com> rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe Yang Yingliang <yangyingliang(a)huawei.com> rtc: mt6397: check return value after calling platform_get_resource() Howard Chiu <howard_chiu(a)aspeedtech.com> ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 Samuel Holland <samuel(a)sholland.org> clocksource/drivers/riscv: Events are stopped during CPU suspend Miaoqian Lin <linmq006(a)gmail.com> soc: rockchip: Fix refcount leak in rockchip_grf_init Nícolas F. R. A. Prado <nfraprado(a)collabora.com> dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x Li Jun <jun.li(a)nxp.com> extcon: ptn5150: Add queue work sync before driver release Xin Xiong <xiongx18(a)fudan.edu.cn> ksmbd: fix reference count leak in smb_check_perm_dacl() Guilherme G. Piccoli <gpiccoli(a)igalia.com> coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: intel: prevent pm_runtime resume prior to system suspend Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix reset control imbalance Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix Runtime PM usage Biju Das <biju.das.jz(a)bp.renesas.com> watchdog: rzg2l_wdt: Fix 32bit overflow issue Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> export: fix string handling of namespace in EXPORT_SYMBOL_NS Maciej W. Rozycki <macro(a)orcam.me.uk> serial: sifive: Report actual baud base rather than fixed 115200 Linus Walleij <linus.walleij(a)linaro.org> power: supply: ab8500_fg: Allocate wq in probe Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk Johan Hovold <johan+linaro(a)kernel.org> phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Guilherme G. Piccoli <gpiccoli(a)igalia.com> misc/pvpanic: Convert regular spinlock into trylock on panic path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Cixi Geng <cixi.geng1(a)unisoc.com> iio: adc: sc27xx: Fine tune the scale calibration values Cixi Geng <cixi.geng1(a)unisoc.com> iio: adc: sc27xx: fix read big scale voltage not right Miaoqian Lin <linmq006(a)gmail.com> iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout Miaoqian Lin <linmq006(a)gmail.com> iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl Hangyu Hua <hbh25y(a)gmail.com> rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() Hangyu Hua <hbh25y(a)gmail.com> rpmsg: virtio: Fix possible double free in rpmsg_probe() Bjorn Andersson <bjorn.andersson(a)linaro.org> usb: typec: mux: Check dev_set_name() return value Xiaomeng Tong <xiam0nd.tong(a)gmail.com> firmware: stratix10-svc: fix a missing check on list iterator Xiaomeng Tong <xiam0nd.tong(a)gmail.com> misc: fastrpc: fix an incorrect NULL check on list iterator SeongJae Park <sj(a)kernel.org> scripts/get_abi: Fix wrong script file name in the help message Zheng Yongjun <zhengyongjun3(a)huawei.com> usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: raspberrypi-poe: Fix endianness in firmware struct Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: lp3943: Fix duty calculation in case period was clamped Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Miaoqian Lin <linmq006(a)gmail.com> usb: musb: Fix missing of_node_put() in omap2430_probe Lin Ma <linma(a)zju.edu.cn> USB: storage: karma: fix rio_karma_init return Niels Dossche <dossche.niels(a)gmail.com> usb: usbip: add missing device lock on tweak configuration cmd Hangyu Hua <hbh25y(a)gmail.com> usb: usbip: fix a refcount leak in stub_probe() Samuel Holland <samuel(a)sholland.org> phy: rockchip-inno-usb2: Fix muxed interrupt support Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Ignore create mem entry for resource table Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Miaoqian Lin <linmq006(a)gmail.com> serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe Daniel Gibson <daniel(a)gibson.sh> tty: n_tty: Restore EOF push handling behavior Miaoqian Lin <linmq006(a)gmail.com> tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Wang Weiyang <wangweiyang2(a)huawei.com> tty: goldfish: Use tty_port_destroy() to destroy port Christophe Leroy <christophe.leroy(a)csgroup.eu> lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP Jiasheng Jiang <jiasheng(a)iscas.ac.cn> lkdtm/bugs: Check for the NULL pointer after calling kmalloc Alexandru Tachici <alexandru.tachici(a)analog.com> iio: adc: ad7124: Remove shift from scan_type Jakob Koschel <jakobkoschel(a)gmail.com> staging: greybus: codecs: fix type confusion of list iterator variable Randy Dunlap <rdunlap(a)infradead.org> pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards ------------- Diffstat: Documentation/ABI/testing/sysfs-ata | 11 +- .../bindings/regulator/mt6315-regulator.yaml | 4 +- .../devicetree/bindings/remoteproc/mtk,scp.yaml | 44 ++-- Documentation/tools/rtla/Makefile | 14 +- Makefile | 4 +- arch/arm/boot/dts/aspeed-ast2600-evb.dts | 4 +- arch/arm/mach-ep93xx/clock.c | 10 +- arch/arm64/net/bpf_jit_comp.c | 1 + arch/m68k/Kconfig.machine | 1 + arch/m68k/include/asm/pgtable_no.h | 3 +- arch/m68k/kernel/setup_mm.c | 7 - arch/m68k/kernel/setup_no.c | 1 - arch/m68k/kernel/time.c | 9 + arch/mips/kernel/mips-cpc.c | 1 + arch/powerpc/Kconfig | 2 - arch/powerpc/include/asm/thread_info.h | 10 +- arch/powerpc/kernel/ptrace/ptrace-fpu.c | 20 +- arch/powerpc/kernel/ptrace/ptrace.c | 3 + arch/riscv/kernel/efi.c | 2 +- arch/riscv/kernel/machine_kexec.c | 4 +- arch/s390/crypto/aes_s390.c | 4 +- arch/s390/kernel/entry.S | 6 +- arch/s390/mm/gmap.c | 14 ++ arch/um/drivers/chan_kern.c | 10 +- arch/um/drivers/line.c | 22 +- arch/um/drivers/line.h | 4 +- arch/um/drivers/ssl.c | 2 - arch/um/drivers/stdio_console.c | 2 - arch/um/include/asm/irq.h | 22 +- arch/x86/include/asm/cpufeature.h | 2 +- arch/x86/include/asm/uaccess.h | 2 +- block/bio.c | 9 +- block/blk-core.c | 2 +- block/blk-mq.c | 10 +- block/genhd.c | 2 + drivers/ata/libata-core.c | 21 +- drivers/ata/libata-scsi.c | 2 +- drivers/ata/libata-transport.c | 2 +- drivers/ata/pata_octeon_cf.c | 3 + drivers/base/bus.c | 4 +- drivers/base/dd.c | 10 +- drivers/block/loop.c | 8 +- drivers/block/nbd.c | 55 +++-- drivers/bus/ti-sysc.c | 4 +- drivers/char/hw_random/virtio-rng.c | 2 + drivers/char/random.c | 15 +- drivers/char/xillybus/xillyusb.c | 1 + drivers/clocksource/timer-oxnas-rps.c | 2 +- drivers/clocksource/timer-riscv.c | 2 +- drivers/clocksource/timer-sp804.c | 10 +- drivers/dma/idxd/dma.c | 1 + drivers/dma/xilinx/zynqmp_dma.c | 5 +- drivers/extcon/extcon-axp288.c | 4 +- drivers/extcon/extcon-ptn5150.c | 11 + drivers/extcon/extcon.c | 33 +-- drivers/firmware/dmi-sysfs.c | 2 +- drivers/firmware/stratix10-svc.c | 12 +- drivers/gpio/gpio-pca953x.c | 19 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 1 + drivers/gpu/drm/amd/amdgpu/nv.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 3 + drivers/gpu/drm/ast/ast_mode.c | 5 +- drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 42 +++- drivers/gpu/drm/bridge/ti-sn65dsi83.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 16 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 2 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 9 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 5 +- drivers/gpu/drm/panfrost/panfrost_job.c | 6 +- drivers/gpu/drm/panfrost/panfrost_job.h | 2 +- drivers/gpu/drm/radeon/radeon_connectors.c | 4 + drivers/hwtracing/coresight/coresight-cpu-debug.c | 7 +- drivers/i2c/busses/i2c-cadence.c | 12 +- drivers/idle/intel_idle.c | 32 ++- drivers/iio/adc/ad7124.c | 1 - drivers/iio/adc/sc27xx_adc.c | 20 +- drivers/iio/adc/stmpe-adc.c | 8 +- drivers/iio/common/st_sensors/st_sensors_core.c | 24 +- drivers/iio/dummy/iio_simple_dummy.c | 20 +- drivers/iio/proximity/vl53l0x-i2c.c | 7 +- drivers/input/mouse/bcm5974.c | 7 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu.c | 5 +- drivers/md/md.c | 15 +- drivers/md/raid0.c | 31 +-- drivers/misc/cardreader/rtsx_usb.c | 1 + drivers/misc/fastrpc.c | 9 +- drivers/misc/lkdtm/bugs.c | 10 +- drivers/misc/lkdtm/lkdtm.h | 8 +- drivers/misc/lkdtm/usercopy.c | 17 +- drivers/misc/pvpanic/pvpanic.c | 10 +- drivers/mmc/core/block.c | 3 +- drivers/mtd/ubi/fastmap-wl.c | 69 ++++-- drivers/mtd/ubi/fastmap.c | 11 - drivers/mtd/ubi/ubi.h | 4 +- drivers/mtd/ubi/vmt.c | 1 - drivers/mtd/ubi/wl.c | 19 +- drivers/net/amt.c | 59 +++-- drivers/net/dsa/lantiq_gswip.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 1 + drivers/net/dsa/mv88e6xxx/serdes.c | 27 +-- drivers/net/ethernet/altera/altera_tse_main.c | 6 +- drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c | 1 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 11 - drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 - drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 + drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 72 ++++-- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 4 + drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 1 + .../ethernet/mellanox/mlx5/core/en/reporter_rx.c | 6 + drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/en/trap.c | 1 + .../net/ethernet/mellanox/mlx5/core/en/xsk/pool.c | 1 + .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 29 ++- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 38 ++- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 37 ++- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 12 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 + .../ethernet/mellanox/mlx5/core/steering/fs_dr.c | 9 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 9 +- .../net/ethernet/netronome/nfp/flower/conntrack.c | 32 +-- drivers/net/ethernet/netronome/nfp/flower/match.c | 16 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 4 +- drivers/net/ethernet/sfc/efx_channels.c | 6 +- drivers/net/ethernet/sfc/net_driver.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 3 +- drivers/net/macsec.c | 7 + drivers/net/phy/dp83867.c | 29 +++ drivers/net/phy/mdio_bus.c | 1 - drivers/nfc/st21nfca/se.c | 53 +++-- drivers/pci/controller/dwc/pcie-qcom.c | 6 - drivers/pci/controller/pcie-brcmstb.c | 257 +++------------------ drivers/pcmcia/Kconfig | 2 +- drivers/phy/qualcomm/phy-qcom-qmp.c | 2 +- drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 +- drivers/platform/x86/barco-p50-gpio.c | 5 +- drivers/platform/x86/hp-wmi.c | 23 +- drivers/power/supply/ab8500_fg.c | 19 +- drivers/power/supply/axp288_charger.c | 17 +- drivers/power/supply/axp288_fuel_gauge.c | 1 - drivers/power/supply/charger-manager.c | 7 +- drivers/power/supply/max8997_charger.c | 8 +- drivers/pwm/pwm-lp3943.c | 1 + drivers/pwm/pwm-raspberrypi-poe.c | 2 +- drivers/remoteproc/imx_rproc.c | 3 + drivers/rpmsg/qcom_smd.c | 4 +- drivers/rpmsg/virtio_rpmsg_bus.c | 9 +- drivers/rtc/rtc-ftrtc010.c | 34 ++- drivers/rtc/rtc-mt6397.c | 2 + drivers/scsi/myrb.c | 11 +- drivers/scsi/sd.c | 3 +- drivers/soc/rockchip/grf.c | 2 + drivers/soundwire/intel.c | 3 + drivers/soundwire/qcom.c | 2 +- drivers/spi/spi-fsi.c | 12 +- drivers/staging/fieldbus/anybuss/host.c | 2 +- drivers/staging/greybus/audio_codec.c | 4 +- drivers/staging/r8188eu/core/rtw_xmit.c | 13 +- drivers/staging/r8188eu/include/rtw_xmit.h | 2 +- drivers/staging/rtl8192e/rtllib_softmac.c | 2 +- .../staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +- drivers/staging/rtl8712/os_intfs.c | 1 - drivers/staging/rtl8712/usb_intf.c | 12 +- drivers/staging/rtl8712/usb_ops.c | 27 ++- drivers/staging/rtl8723bs/core/rtw_mlme.c | 12 +- drivers/thunderbolt/tb.c | 19 +- drivers/thunderbolt/test.c | 16 +- drivers/thunderbolt/tunnel.c | 11 +- drivers/thunderbolt/tunnel.h | 4 +- drivers/tty/goldfish.c | 2 + drivers/tty/n_tty.c | 38 ++- drivers/tty/serial/8250/8250_aspeed_vuart.c | 2 + drivers/tty/serial/8250/8250_fintek.c | 8 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 2 +- drivers/tty/serial/digicolor-usart.c | 2 + drivers/tty/serial/fsl_lpuart.c | 24 +- drivers/tty/serial/icom.c | 2 +- drivers/tty/serial/meson_uart.c | 13 ++ drivers/tty/serial/msm_serial.c | 5 + drivers/tty/serial/owl-uart.c | 1 + drivers/tty/serial/rda-uart.c | 2 + drivers/tty/serial/sa1100.c | 4 +- drivers/tty/serial/serial_txx9.c | 2 + drivers/tty/serial/sh-sci.c | 6 +- drivers/tty/serial/sifive.c | 8 +- drivers/tty/serial/st-asc.c | 4 + drivers/tty/serial/stm32-usart.c | 15 +- drivers/tty/serial/uartlite.c | 3 +- drivers/tty/synclink_gt.c | 2 + drivers/tty/sysrq.c | 13 +- drivers/usb/core/hcd-pci.c | 4 +- drivers/usb/dwc2/gadget.c | 1 - drivers/usb/dwc3/drd.c | 9 +- drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/dwc3/gadget.c | 20 +- drivers/usb/dwc3/host.c | 2 - drivers/usb/host/isp116x-hcd.c | 6 +- drivers/usb/host/oxu210hp-hcd.c | 2 + drivers/usb/musb/omap2430.c | 1 + drivers/usb/phy/phy-omap-otg.c | 4 +- drivers/usb/storage/karma.c | 15 +- drivers/usb/typec/mux.c | 14 +- drivers/usb/typec/tcpm/fusb302.c | 4 +- drivers/usb/usbip/stub_dev.c | 2 +- drivers/usb/usbip/stub_rx.c | 2 + drivers/vdpa/ifcvf/ifcvf_main.c | 3 +- drivers/vdpa/vdpa.c | 13 +- drivers/vdpa/vdpa_user/vduse_dev.c | 7 +- drivers/vhost/vringh.c | 10 +- drivers/video/fbdev/hyperv_fb.c | 19 +- drivers/video/fbdev/pxa3xx-gcu.c | 12 +- drivers/virtio/virtio_pci_modern_dev.c | 1 + drivers/watchdog/rti_wdt.c | 2 +- drivers/watchdog/rzg2l_wdt.c | 46 ++-- drivers/watchdog/ts4800_wdt.c | 5 +- drivers/watchdog/wdat_wdt.c | 1 + drivers/xen/xlate_mmu.c | 1 - fs/afs/dir.c | 5 +- fs/ceph/mds_client.c | 33 ++- fs/ceph/xattr.c | 10 +- fs/cifs/cifsfs.c | 2 +- fs/cifs/cifsfs.h | 2 +- fs/cifs/cifsglob.h | 4 +- fs/cifs/connect.c | 4 + fs/cifs/misc.c | 27 ++- fs/cifs/sess.c | 5 +- fs/cifs/smb2ops.c | 7 +- fs/cifs/smb2pdu.c | 3 + fs/f2fs/checkpoint.c | 4 +- fs/f2fs/file.c | 1 + fs/fs-writeback.c | 37 ++- fs/inode.c | 2 +- fs/jffs2/fs.c | 1 + fs/kernfs/dir.c | 31 ++- fs/ksmbd/smbacl.c | 1 + fs/ksmbd/transport_rdma.c | 1 + fs/nfs/nfs4proc.c | 4 + fs/zonefs/super.c | 11 +- include/linux/export.h | 7 +- include/linux/extcon.h | 2 +- include/linux/genhd.h | 1 + include/linux/iio/common/st_sensors.h | 3 + include/linux/jump_label.h | 4 +- include/linux/mlx5/mlx5_ifc.h | 5 +- include/linux/nodemask.h | 38 +-- include/linux/random.h | 2 +- include/linux/xarray.h | 1 + include/net/ax25.h | 1 + include/net/bluetooth/hci_core.h | 17 +- include/net/flow_offload.h | 1 + include/net/netfilter/nf_tables.h | 1 - include/net/netfilter/nf_tables_offload.h | 2 +- include/net/sch_generic.h | 42 ++-- include/net/tcp.h | 19 +- include/net/xdp_sock_drv.h | 5 +- include/net/xsk_buff_pool.h | 1 + include/trace/events/tcp.h | 2 +- kernel/bpf/core.c | 14 +- kernel/trace/trace.c | 13 +- kernel/trace/trace_syscalls.c | 35 +-- lib/Makefile | 2 +- lib/iov_iter.c | 20 +- lib/nodemask.c | 4 +- lib/xarray.c | 5 +- mm/huge_memory.c | 3 +- net/ax25/af_ax25.c | 27 ++- net/ax25/ax25_dev.c | 1 + net/ax25/ax25_subr.c | 2 +- net/bluetooth/hci_core.c | 4 +- net/bluetooth/hci_request.c | 2 +- net/bluetooth/hci_sync.c | 62 +++-- net/bluetooth/mgmt.c | 45 ++-- net/core/filter.c | 2 +- net/core/flow_offload.c | 6 + net/core/neighbour.c | 2 +- net/ipv4/inet_hashtables.c | 10 +- net/ipv4/ip_gre.c | 11 +- net/ipv4/tcp.c | 8 +- net/ipv4/tcp_bbr.c | 20 +- net/ipv4/tcp_bic.c | 14 +- net/ipv4/tcp_cdg.c | 30 +-- net/ipv4/tcp_cong.c | 18 +- net/ipv4/tcp_cubic.c | 22 +- net/ipv4/tcp_dctcp.c | 11 +- net/ipv4/tcp_highspeed.c | 18 +- net/ipv4/tcp_htcp.c | 10 +- net/ipv4/tcp_hybla.c | 18 +- net/ipv4/tcp_illinois.c | 12 +- net/ipv4/tcp_input.c | 36 +-- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_lp.c | 6 +- net/ipv4/tcp_metrics.c | 12 +- net/ipv4/tcp_nv.c | 24 +- net/ipv4/tcp_output.c | 34 +-- net/ipv4/tcp_rate.c | 2 +- net/ipv4/tcp_scalable.c | 4 +- net/ipv4/tcp_vegas.c | 21 +- net/ipv4/tcp_veno.c | 24 +- net/ipv4/tcp_westwood.c | 3 +- net/ipv4/tcp_yeah.c | 30 +-- net/ipv4/xfrm4_protocol.c | 1 - net/ipv6/seg6_hmac.c | 1 - net/ipv6/tcp_ipv6.c | 2 +- net/key/af_key.c | 10 +- net/netfilter/nf_tables_api.c | 54 ++--- net/netfilter/nf_tables_offload.c | 23 +- net/netfilter/nft_nat.c | 3 +- net/openvswitch/actions.c | 6 + net/openvswitch/conntrack.c | 4 +- net/sched/act_police.c | 16 +- net/smc/af_smc.c | 1 + net/smc/smc_cdc.c | 2 +- net/sunrpc/xdr.c | 6 +- net/sunrpc/xprtrdma/rpc_rdma.c | 5 + net/sunrpc/xprtrdma/svc_rdma_rw.c | 4 +- net/tipc/bearer.c | 3 +- net/unix/af_unix.c | 2 +- net/xdp/xsk.c | 16 +- net/xdp/xsk_buff_pool.c | 7 + net/xdp/xsk_queue.h | 14 +- scripts/gdb/linux/config.py | 6 +- scripts/get_abi.pl | 4 +- scripts/mod/modpost.c | 5 +- security/keys/trusted-keys/trusted_tpm2.c | 4 +- sound/pci/hda/patch_conexant.c | 7 + sound/pci/hda/patch_realtek.c | 2 + sound/soc/codecs/rt5640.c | 11 +- sound/soc/codecs/rt5640.h | 2 + sound/soc/fsl/fsl_sai.h | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 + sound/usb/pcm.c | 5 +- sound/usb/quirks-table.h | 7 +- tools/perf/arch/x86/util/evlist.c | 5 +- tools/perf/arch/x86/util/evsel.c | 24 +- tools/perf/arch/x86/util/evsel.h | 7 + tools/perf/arch/x86/util/topdown.c | 46 ++-- tools/perf/arch/x86/util/topdown.h | 7 + tools/perf/builtin-c2c.c | 4 +- .../selftests/bpf/progs/test_stacktrace_build_id.c | 12 +- .../testing/selftests/net/forwarding/tc_police.sh | 52 +++++ tools/testing/selftests/netfilter/nft_nat.sh | 43 ++++ tools/tracing/rtla/Makefile | 35 +++ 356 files changed, 2368 insertions(+), 1550 deletions(-)

2 years

6
311
0 0

[PATCH 2/3] acpi/processor: sanitize _PDC buffer bits when running as Xen dom0

by Roger Pau Monne

The Processor _PDC buffer bits notify ACPI of the OS capabilities, and so ACPI can adjust the return of other Processor methods taking the OS capabilities into account. When Linux is running as a Xen dom0, it's the hypervisor the entity in charge of processor power management, and hence Xen needs to make sure the capabilities reported in the _PDC buffer match the capabilities of the driver in Xen. Introduce a small helper to sanitize the buffer when running as Xen dom0. Signed-off-by: Roger Pau Monné <roger.pau(a)citrix.com> Cc: stable(a)vger.kernel.org --- arch/x86/include/asm/xen/hypervisor.h | 2 ++ arch/x86/xen/enlighten.c | 17 +++++++++++++++++ drivers/acpi/processor_pdc.c | 8 ++++++++ 3 files changed, 27 insertions(+) diff --git a/arch/x86/include/asm/xen/hypervisor.h b/arch/x86/include/asm/xen/hypervisor.h index b9f512138043..b4ed90ef5e68 100644 --- a/arch/x86/include/asm/xen/hypervisor.h +++ b/arch/x86/include/asm/xen/hypervisor.h @@ -63,12 +63,14 @@ void __init mem_map_via_hcall(struct boot_params *boot_params_p); #ifdef CONFIG_XEN_DOM0 bool __init xen_processor_present(uint32_t acpi_id); +void xen_sanitize_pdc(uint32_t *buf); #else static inline bool xen_processor_present(uint32_t acpi_id) { BUG(); return false; } +static inline void xen_sanitize_pdc(uint32_t *buf) { BUG(); } #endif #endif /* _ASM_X86_XEN_HYPERVISOR_H */ diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c index d4c44361a26c..394dd6675113 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -372,4 +372,21 @@ bool __init xen_processor_present(uint32_t acpi_id) return false; } + +void xen_sanitize_pdc(uint32_t *buf) +{ + struct xen_platform_op op = { + .cmd = XENPF_set_processor_pminfo, + .interface_version = XENPF_INTERFACE_VERSION, + .u.set_pminfo.id = -1, + .u.set_pminfo.type = XEN_PM_PDC, + }; + int ret; + + set_xen_guest_handle(op.u.set_pminfo.pdc, buf); + ret = HYPERVISOR_platform_op(&op); + if (ret) + pr_info("sanitize of _PDC buffer bits from Xen failed: %d\n", + ret); +} #endif diff --git a/drivers/acpi/processor_pdc.c b/drivers/acpi/processor_pdc.c index 18fb04523f93..58f4c208517a 100644 --- a/drivers/acpi/processor_pdc.c +++ b/drivers/acpi/processor_pdc.c @@ -137,6 +137,14 @@ acpi_processor_eval_pdc(acpi_handle handle, struct acpi_object_list *pdc_in) buffer[2] &= ~(ACPI_PDC_C_C2C3_FFH | ACPI_PDC_C_C1_FFH); } + if (xen_initial_domain()) + /* + * When Linux is running as Xen dom0 it's the hypervisor the + * entity in charge of the processor power management, and so + * Xen needs to check the OS capabilities reported in the _PDC + * buffer matches what the hypervisor driver supports. + */ + xen_sanitize_pdc((uint32_t *)pdc_in->pointer->buffer.pointer); status = acpi_evaluate_object(handle, "_PDC", pdc_in, NULL); if (ACPI_FAILURE(status)) -- 2.37.3

2 years, 2 months

4
5
0 0

[PATCH v5 0/2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> Changelog: v4: - Replace sg_init_table()/sg_set_buf() with sg_init_one() (suggested by Eric) v3: v2: - Add patch by Herbert to take only the needed bytes for a MPI from the scatterlist - Use only one scatterlist for signature and digest (suggested by Eric) - Rename key variable to buf (suggested by Eric) - Rename key_max_len variable to buf_len - Use size_t for the buf_len variable instead of u32 v1: - Unconditionally copy the signature and digest to the buffer to keep the code simple (suggested by Eric) Herbert Xu (1): lib/mpi: Fix buffer overrun when SG is too long Roberto Sassu (1): KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() crypto/asymmetric_keys/public_key.c | 38 ++++++++++++++++------------- lib/mpi/mpicoder.c | 3 ++- 2 files changed, 23 insertions(+), 18 deletions(-) -- 2.25.1

2 years, 3 months

8
24
0 0

[PATCH 1/1] net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero

by Lee Jones

Currently, due to the sequential use of min_t() and clamp_t() macros, in cdc_ncm_check_tx_max(), if dwNtbOutMaxSize is not set, the logic sets tx_max to 0. This is then used to allocate the data area of the SKB requested later in cdc_ncm_fill_tx_frame(). This does not cause an issue presently because when memory is allocated during initialisation phase of SKB creation, more memory (512b) is allocated than is required for the SKB headers alone (320b), leaving some space (512b - 320b = 192b) for CDC data (172b). However, if more elements (for example 3 x u64 = [24b]) were added to one of the SKB header structs, say 'struct skb_shared_info', increasing its original size (320b [320b aligned]) to something larger (344b [384b aligned]), then suddenly the CDC data (172b) no longer fits in the spare SKB data area (512b - 384b = 128b). Consequently the SKB bounds checking semantics fails and panics: skbuff: skb_over_panic: text:ffffffff830a5b5f len:184 put:172 \ head:ffff888119227c00 data:ffff888119227c00 tail:0xb8 end:0x80 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:110! RIP: 0010:skb_panic+0x14f/0x160 net/core/skbuff.c:106 <snip> Call Trace: <IRQ> skb_over_panic+0x2c/0x30 net/core/skbuff.c:115 skb_put+0x205/0x210 net/core/skbuff.c:1877 skb_put_zero include/linux/skbuff.h:2270 [inline] cdc_ncm_ndp16 drivers/net/usb/cdc_ncm.c:1116 [inline] cdc_ncm_fill_tx_frame+0x127f/0x3d50 drivers/net/usb/cdc_ncm.c:1293 cdc_ncm_tx_fixup+0x98/0xf0 drivers/net/usb/cdc_ncm.c:1514 By overriding the max value with the default CDC_NCM_NTB_MAX_SIZE_TX when not offered through the system provided params, we ensure enough data space is allocated to handle the CDC data, meaning no crash will occur. Cc: stable(a)vger.kernel.org Cc: Oliver Neukum <oliver(a)neukum.org> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: linux-usb(a)vger.kernel.org Cc: netdev(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Fixes: 289507d3364f9 ("net: cdc_ncm: use sysfs for rx/tx aggregation tuning") Signed-off-by: Lee Jones <lee.jones(a)linaro.org> --- drivers/net/usb/cdc_ncm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c index 24753a4da7e60..e303b522efb50 100644 --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -181,6 +181,8 @@ static u32 cdc_ncm_check_tx_max(struct usbnet *dev, u32 new_tx) min = ctx->max_datagram_size + ctx->max_ndp_size + sizeof(struct usb_cdc_ncm_nth32); max = min_t(u32, CDC_NCM_NTB_MAX_SIZE_TX, le32_to_cpu(ctx->ncm_parm.dwNtbOutMaxSize)); + if (max == 0) + max = CDC_NCM_NTB_MAX_SIZE_TX; /* dwNtbOutMaxSize not set */ /* some devices set dwNtbOutMaxSize too low for the above default */ min = min(min, max); -- 2.34.0.384.gca35af8252-goog

2 years, 3 months

6
13
0 0

[PATCH 0/9] KVM backports to 5.10

by Rishabh Bhatnagar

This patch series backports a few VM preemption_status, steal_time and PV TLB flushing fixes to 5.10 stable kernel. Most of the changes backport cleanly except i had to work around a few becauseof missing support/APIs in 5.10 kernel. I have captured those in the changelog as well in the individual patches. Changelog - Use mark_page_dirty_in_slot api without kvm argument (KVM: x86: Fix recording of guest steal time / preempted status) - Avoid checking for xen_msr and SEV-ES conditions (KVM: x86: do not set st->preempted when going back to user space) - Use VCPU_STAT macro to expose preemption_reported and preemption_other fields (KVM: x86: do not report a vCPU as preempted outside instruction boundaries) David Woodhouse (2): KVM: x86: Fix recording of guest steal time / preempted status KVM: Fix steal time asm constraints Lai Jiangshan (1): KVM: x86: Ensure PV TLB flush tracepoint reflects KVM behavior Paolo Bonzini (5): KVM: x86: do not set st->preempted when going back to user space KVM: x86: do not report a vCPU as preempted outside instruction boundaries KVM: x86: revalidate steal time cache if MSR value changes KVM: x86: do not report preemption if the steal time cache is stale KVM: x86: move guest_pv_has out of user_access section Sean Christopherson (1): KVM: x86: Remove obsolete disabling of page faults in kvm_arch_vcpu_put() arch/x86/include/asm/kvm_host.h | 5 +- arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 164 ++++++++++++++++++++++---------- 4 files changed, 122 insertions(+), 50 deletions(-) -- 2.37.1

2 years, 3 months

6
19
0 0

[PATCH v2 1/8] drm: Disable the cursor plane on atomic contexts with virtualized drivers

by Zack Rusin

From: Zack Rusin <zackr(a)vmware.com> Cursor planes on virtualized drivers have special meaning and require that the clients handle them in specific ways, e.g. the cursor plane should react to the mouse movement the way a mouse cursor would be expected to and the client is required to set hotspot properties on it in order for the mouse events to be routed correctly. This breaks the contract as specified by the "universal planes". Fix it by disabling the cursor planes on virtualized drivers while adding a foundation on top of which it's possible to special case mouse cursor planes for clients that want it. Disabling the cursor planes makes some kms compositors which were broken, e.g. Weston, fallback to software cursor which works fine or at least better than currently while having no effect on others, e.g. gnome-shell or kwin, which put virtualized drivers on a deny-list when running in atomic context to make them fallback to legacy kms and avoid this issue. Signed-off-by: Zack Rusin <zackr(a)vmware.com> Fixes: 681e7ec73044 ("drm: Allow userspace to ask for universal plane list (v2)") Cc: <stable(a)vger.kernel.org> # v5.4+ Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: David Airlie <airlied(a)linux.ie> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Gerd Hoffmann <kraxel(a)redhat.com> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Gurchetan Singh <gurchetansingh(a)chromium.org> Cc: Chia-I Wu <olvaffe(a)gmail.com> Cc: dri-devel(a)lists.freedesktop.org Cc: virtualization(a)lists.linux-foundation.org Cc: spice-devel(a)lists.freedesktop.org --- drivers/gpu/drm/drm_plane.c | 11 +++++++++++ drivers/gpu/drm/qxl/qxl_drv.c | 2 +- drivers/gpu/drm/vboxvideo/vbox_drv.c | 2 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 3 ++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- include/drm/drm_drv.h | 10 ++++++++++ include/drm/drm_file.h | 12 ++++++++++++ 7 files changed, 38 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c index 726f2f163c26..e1e2a65c7119 100644 --- a/drivers/gpu/drm/drm_plane.c +++ b/drivers/gpu/drm/drm_plane.c @@ -667,6 +667,17 @@ int drm_mode_getplane_res(struct drm_device *dev, void *data, !file_priv->universal_planes) continue; + /* + * Unless userspace supports virtual cursor plane + * then if we're running on virtual driver do not + * advertise cursor planes because they'll be broken + */ + if (plane->type == DRM_PLANE_TYPE_CURSOR && + drm_core_check_feature(dev, DRIVER_VIRTUAL) && + file_priv->atomic && + !file_priv->supports_virtual_cursor_plane) + continue; + if (drm_lease_held(file_priv, plane->base.id)) { if (count < plane_resp->count_planes && put_user(plane->base.id, plane_ptr + count)) diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c index 1cb6f0c224bb..0e4212e05caa 100644 --- a/drivers/gpu/drm/qxl/qxl_drv.c +++ b/drivers/gpu/drm/qxl/qxl_drv.c @@ -281,7 +281,7 @@ static const struct drm_ioctl_desc qxl_ioctls[] = { }; static struct drm_driver qxl_driver = { - .driver_features = DRIVER_GEM | DRIVER_MODESET | DRIVER_ATOMIC, + .driver_features = DRIVER_GEM | DRIVER_MODESET | DRIVER_ATOMIC | DRIVER_VIRTUAL, .dumb_create = qxl_mode_dumb_create, .dumb_map_offset = drm_gem_ttm_dumb_map_offset, diff --git a/drivers/gpu/drm/vboxvideo/vbox_drv.c b/drivers/gpu/drm/vboxvideo/vbox_drv.c index f4f2bd79a7cb..84e75bcc3384 100644 --- a/drivers/gpu/drm/vboxvideo/vbox_drv.c +++ b/drivers/gpu/drm/vboxvideo/vbox_drv.c @@ -176,7 +176,7 @@ DEFINE_DRM_GEM_FOPS(vbox_fops); static const struct drm_driver driver = { .driver_features = - DRIVER_MODESET | DRIVER_GEM | DRIVER_ATOMIC, + DRIVER_MODESET | DRIVER_GEM | DRIVER_ATOMIC | DRIVER_VIRTUAL, .lastclose = drm_fb_helper_lastclose, diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c index 5f25a8d15464..3c5bb006159a 100644 --- a/drivers/gpu/drm/virtio/virtgpu_drv.c +++ b/drivers/gpu/drm/virtio/virtgpu_drv.c @@ -198,7 +198,8 @@ MODULE_AUTHOR("Alon Levy"); DEFINE_DRM_GEM_FOPS(virtio_gpu_driver_fops); static const struct drm_driver driver = { - .driver_features = DRIVER_MODESET | DRIVER_GEM | DRIVER_RENDER | DRIVER_ATOMIC, + .driver_features = + DRIVER_MODESET | DRIVER_GEM | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_VIRTUAL, .open = virtio_gpu_driver_open, .postclose = virtio_gpu_driver_postclose, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 01a5b47e95f9..712f6ad0b014 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1581,7 +1581,7 @@ static const struct file_operations vmwgfx_driver_fops = { static const struct drm_driver driver = { .driver_features = - DRIVER_MODESET | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_GEM, + DRIVER_MODESET | DRIVER_RENDER | DRIVER_ATOMIC | DRIVER_GEM | DRIVER_VIRTUAL, .ioctls = vmw_ioctls, .num_ioctls = ARRAY_SIZE(vmw_ioctls), .master_set = vmw_master_set, diff --git a/include/drm/drm_drv.h b/include/drm/drm_drv.h index f6159acb8856..c4cd7fc350d9 100644 --- a/include/drm/drm_drv.h +++ b/include/drm/drm_drv.h @@ -94,6 +94,16 @@ enum drm_driver_feature { * synchronization of command submission. */ DRIVER_SYNCOBJ_TIMELINE = BIT(6), + /** + * @DRIVER_VIRTUAL: + * + * Driver is running on top of virtual hardware. The most significant + * implication of this is a requirement of special handling of the + * cursor plane (e.g. cursor plane has to actually track the mouse + * cursor and the clients are required to set hotspot in order for + * the cursor planes to work correctly). + */ + DRIVER_VIRTUAL = BIT(7), /* IMPORTANT: Below are all the legacy flags, add new ones above. */ diff --git a/include/drm/drm_file.h b/include/drm/drm_file.h index e0a73a1e2df7..3e5c36891161 100644 --- a/include/drm/drm_file.h +++ b/include/drm/drm_file.h @@ -223,6 +223,18 @@ struct drm_file { */ bool is_master; + /** + * @supports_virtual_cursor_plane: + * + * This client is capable of handling the cursor plane with the + * restrictions imposed on it by the virtualized drivers. + * + * The implies that the cursor plane has to behave like a cursor + * i.e. track cursor movement. It also requires setting of the + * hotspot properties by the client on the cursor plane. + */ + bool supports_virtual_cursor_plane; + /** * @master: * -- 2.34.1

2 years, 3 months

6
12
0 0

[v4 PATCH] fs/proc: task_mmu.c: don't read mapcount for migration entry

by Yang Shi

The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744 Code: e8 d3 16 d1 ff 48 c7 c6 c0 00 b6 89 48 89 ef e8 94 4e 04 00 0f 0b e8 bd 16 d1 ff 48 c7 c6 60 01 b6 89 48 89 ef e8 7e 4e 04 00 <0f> 0b e8 a7 16 d1 ff 48 c7 c6 a0 01 b6 89 4c 89 f7 e8 68 4e 04 00 RSP: 0018:ffffc90002b6f7b8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888019619d00 RSI: ffffffff81a68c12 RDI: 0000000000000003 RBP: ffffea0001bdc2c0 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff8903e29f R11: 00000000ffffffff R12: 00000000ffffffff R13: 00000000ffffea00 R14: ffffc90002b6fb30 R15: ffffea0001bd8001 FS: 00007faa2aefd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff7e663318 CR3: 0000000018c6e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> page_mapcount include/linux/mm.h:837 [inline] smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466 smaps_pte_entry fs/proc/task_mmu.c:538 [inline] smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601 walk_pmd_range mm/pagewalk.c:128 [inline] walk_pud_range mm/pagewalk.c:205 [inline] walk_p4d_range mm/pagewalk.c:240 [inline] walk_pgd_range mm/pagewalk.c:277 [inline] __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379 walk_page_vma+0x277/0x350 mm/pagewalk.c:530 smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768 smap_gather_stats fs/proc/task_mmu.c:741 [inline] show_smap+0xc6/0x440 fs/proc/task_mmu.c:822 seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272 seq_read+0x3e0/0x5b0 fs/seq_file.c:162 vfs_read+0x1b5/0x600 fs/read_write.c:479 ksys_read+0x12d/0x250 fs/read_write.c:619 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7faa2af6c969 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007faa2aefd288 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007faa2aff4418 RCX: 00007faa2af6c969 RDX: 0000000000002025 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00007faa2aff4410 R08: 00007faa2aefd700 R09: 0000000000000000 R10: 00007faa2aefd700 R11: 0000000000000246 R12: 00007faa2afc20ac R13: 00007fff7e6632bf R14: 00007faa2aefd400 R15: 0000000000022000 </TASK> Modules linked in: ---[ end trace 24ec93ff95e4ac3d ]--- RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744 Code: e8 d3 16 d1 ff 48 c7 c6 c0 00 b6 89 48 89 ef e8 94 4e 04 00 0f 0b e8 bd 16 d1 ff 48 c7 c6 60 01 b6 89 48 89 ef e8 7e 4e 04 00 <0f> 0b e8 a7 16 d1 ff 48 c7 c6 a0 01 b6 89 4c 89 f7 e8 68 4e 04 00 RSP: 0018:ffffc90002b6f7b8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888019619d00 RSI: ffffffff81a68c12 RDI: 0000000000000003 RBP: ffffea0001bdc2c0 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff8903e29f R11: 00000000ffffffff R12: 00000000ffffffff R13: 00000000ffffea00 R14: ffffc90002b6fb30 R15: ffffea0001bd8001 FS: 00007faa2aefd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff7e663318 CR3: 0000000018c6e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 The reproducer was trying to reading /proc/$PID/smaps when calling MADV_FREE at the mean time. MADV_FREE may split THPs if it is called for partial THP. It may trigger the below race: CPU A CPU B ----- ----- smaps walk: MADV_FREE: page_mapcount() PageCompound() split_huge_page() page = compound_head(page) PageDoubleMap(page) When calling PageDoubleMap() this page is not a tail page of THP anymore so the BUG is triggered. This could be fixed by elevated refcount of the page before calling mapcount, but it prevents from counting migration entries, and it seems overkilling because the race just could happen when PMD is split so all PTE entries of tail pages are actually migration entries, and smaps_account() does treat migration entries as mapcount == 1 as Kirill pointed out. Add a new parameter for smaps_account() to tell this entry is migration entry then skip calling page_mapcount(). Don't skip getting mapcount for device private entries since they do track references with mapcount. Pagemap also has the similar issue although it was not reported. Fixed it as well. Fixes: e9b61f19858a ("thp: reintroduce split_huge_page()") Reported-by: syzbot+1f52b3a18d5633fa7f82(a)syzkaller.appspotmail.com Acked-by: David Hildenbrand <david(a)redhat.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Jann Horn <jannh(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Yang Shi <shy828301(a)gmail.com> --- v4: * s/Treated/Treat per David * Collected acked-by tag from David v3: * Fixed the fix tag, the one used by v2 was not accurate * Added comment about the risk calling page_mapcount() per David * Fix pagemap v2: * Added proper fix tag per Jann Horn * Rebased to the latest linus's tree fs/proc/task_mmu.c | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 18f8c3acbb85..bc2f46033231 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -440,7 +440,8 @@ static void smaps_page_accumulate(struct mem_size_stats *mss, } static void smaps_account(struct mem_size_stats *mss, struct page *page, - bool compound, bool young, bool dirty, bool locked) + bool compound, bool young, bool dirty, bool locked, + bool migration) { int i, nr = compound ? compound_nr(page) : 1; unsigned long size = nr * PAGE_SIZE; @@ -467,8 +468,15 @@ static void smaps_account(struct mem_size_stats *mss, struct page *page, * page_count(page) == 1 guarantees the page is mapped exactly once. * If any subpage of the compound page mapped with PTE it would elevate * page_count(). + * + * The page_mapcount() is called to get a snapshot of the mapcount. + * Without holding the page lock this snapshot can be slightly wrong as + * we cannot always read the mapcount atomically. It is not safe to + * call page_mapcount() even with PTL held if the page is not mapped, + * especially for migration entries. Treat regular migration entries + * as mapcount == 1. */ - if (page_count(page) == 1) { + if ((page_count(page) == 1) || migration) { smaps_page_accumulate(mss, page, size, size << PSS_SHIFT, dirty, locked, true); return; @@ -517,6 +525,7 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, struct vm_area_struct *vma = walk->vma; bool locked = !!(vma->vm_flags & VM_LOCKED); struct page *page = NULL; + bool migration = false; if (pte_present(*pte)) { page = vm_normal_page(vma, addr, *pte); @@ -536,8 +545,11 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, } else { mss->swap_pss += (u64)PAGE_SIZE << PSS_SHIFT; } - } else if (is_pfn_swap_entry(swpent)) + } else if (is_pfn_swap_entry(swpent)) { + if (is_migration_entry(swpent)) + migration = true; page = pfn_swap_entry_to_page(swpent); + } } else { smaps_pte_hole_lookup(addr, walk); return; @@ -546,7 +558,8 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, if (!page) return; - smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), locked); + smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), + locked, migration); } #ifdef CONFIG_TRANSPARENT_HUGEPAGE @@ -557,6 +570,7 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, struct vm_area_struct *vma = walk->vma; bool locked = !!(vma->vm_flags & VM_LOCKED); struct page *page = NULL; + bool migration = false; if (pmd_present(*pmd)) { /* FOLL_DUMP will return -EFAULT on huge zero page */ @@ -564,8 +578,10 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, } else if (unlikely(thp_migration_supported() && is_swap_pmd(*pmd))) { swp_entry_t entry = pmd_to_swp_entry(*pmd); - if (is_migration_entry(entry)) + if (is_migration_entry(entry)) { + migration = true; page = pfn_swap_entry_to_page(entry); + } } if (IS_ERR_OR_NULL(page)) return; @@ -577,7 +593,9 @@ static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, /* pass */; else mss->file_thp += HPAGE_PMD_SIZE; - smaps_account(mss, page, true, pmd_young(*pmd), pmd_dirty(*pmd), locked); + + smaps_account(mss, page, true, pmd_young(*pmd), pmd_dirty(*pmd), + locked, migration); } #else static void smaps_pmd_entry(pmd_t *pmd, unsigned long addr, @@ -1378,6 +1396,7 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, { u64 frame = 0, flags = 0; struct page *page = NULL; + bool migration = false; if (pte_present(pte)) { if (pm->show_pfn) @@ -1399,13 +1418,14 @@ static pagemap_entry_t pte_to_pagemap_entry(struct pagemapread *pm, frame = swp_type(entry) | (swp_offset(entry) << MAX_SWAPFILES_SHIFT); flags |= PM_SWAP; + migration = is_migration_entry(entry); if (is_pfn_swap_entry(entry)) page = pfn_swap_entry_to_page(entry); } if (page && !PageAnon(page)) flags |= PM_FILE; - if (page && page_mapcount(page) == 1) + if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; if (vma->vm_flags & VM_SOFTDIRTY) flags |= PM_SOFT_DIRTY; @@ -1421,6 +1441,7 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, spinlock_t *ptl; pte_t *pte, *orig_pte; int err = 0; + bool migration = false; #ifdef CONFIG_TRANSPARENT_HUGEPAGE ptl = pmd_trans_huge_lock(pmdp, vma); @@ -1461,11 +1482,12 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, if (pmd_swp_uffd_wp(pmd)) flags |= PM_UFFD_WP; VM_BUG_ON(!is_pmd_migration_entry(pmd)); + migration = is_migration_entry(entry); page = pfn_swap_entry_to_page(entry); } #endif - if (page && page_mapcount(page) == 1) + if (page && !migration && page_mapcount(page) == 1) flags |= PM_MMAP_EXCLUSIVE; for (; addr != end; addr += PAGE_SIZE) { -- 2.26.3

2 years, 4 months

5
12
0 0

Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()

by Greg Kroah-Hartman

On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote: > On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > wrote: > > > From: Stefan Roese <sr(a)denx.de> > > > > [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ] > > > > There's an open regression related to this commit: > > https://bugzilla.kernel.org/show_bug.cgi?id=216373 This is already in the following released stable kernels: 5.10.137 5.15.61 5.18.18 5.19.2 I'll go drop it from the 4.19 and 5.4 queues, but when this gets resolved in Linus's tree, make sure there's a cc: stable on the fix so that we know to backport it to the above branches as well. Or at the least, a "Fixes:" tag. thanks, greg k-h

2 years, 4 months

5
14
0 0

[PATCH] drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path

by Boris Brezillon

Make sure all bo->base.pages entries are either NULL or pointing to a valid page before calling drm_gem_shmem_put_pages(). Reported-by: Tomeu Vizoso <tomeu.vizoso(a)collabora.com> Cc: <stable(a)vger.kernel.org> Fixes: 187d2929206e ("drm/panfrost: Add support for GPU heap allocations") Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panfrost/panfrost_mmu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.c b/drivers/gpu/drm/panfrost/panfrost_mmu.c index 569509c2ba27..d76dff201ea6 100644 --- a/drivers/gpu/drm/panfrost/panfrost_mmu.c +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.c @@ -460,6 +460,7 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, if (IS_ERR(pages[i])) { mutex_unlock(&bo->base.pages_lock); ret = PTR_ERR(pages[i]); + pages[i] = NULL; goto err_pages; } } -- 2.31.1

2 years, 5 months

2
2
0 0

[PATCH 6.0.y / 6.1.y] x86/split_lock: Add sysctl to control the misery mode

by Guilherme G. Piccoli

commit 727209376f4998bc84db1d5d8af15afea846a92b upstream. Commit b041b525dab9 ("x86/split_lock: Make life miserable for split lockers") changed the way the split lock detector works when in "warn" mode; basically, it not only shows the warn message, but also intentionally introduces a slowdown through sleeping plus serialization mechanism on such task. Based on discussions in [0], seems the warning alone wasn't enough motivation for userspace developers to fix their applications. This slowdown is enough to totally break some proprietary (aka. unfixable) userspace[1]. Happens that originally the proposal in [0] was to add a new mode which would warns + slowdown the "split locking" task, keeping the old warn mode untouched. In the end, that idea was discarded and the regular/default "warn" mode now slows down the applications. This is quite aggressive with regards proprietary/legacy programs that basically are unable to properly run in kernel with this change. While it is understandable that a malicious application could DoS by split locking, it seems unacceptable to regress old/proprietary userspace programs through a default configuration that previously worked. An example of such breakage was reported in [1]. Add a sysctl to allow controlling the "misery mode" behavior, as per Thomas suggestion on [2]. This way, users running legacy and/or proprietary software are allowed to still execute them with a decent performance while still observing the warning messages on kernel log. [0] https://lore.kernel.org/lkml/20220217012721.9694-1-tony.luck@intel.com/ [1] https://github.com/doitsujin/dxvk/issues/2938 [2] https://lore.kernel.org/lkml/87pmf4bter.ffs@tglx/ [ dhansen: minor changelog tweaks, including clarifying the actual problem ] Fixes: b041b525dab9 ("x86/split_lock: Make life miserable for split lockers") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Tested-by: Andre Almeida <andrealmeid(a)igalia.com> Link: https://lore.kernel.org/all/20221024200254.635256-1-gpiccoli%40igalia.com --- Hi folks, I've build tested this on both 6.0.13 and 6.1, worked fine. The split lock detector code changed almost nothing since 6.0, so that makes sense... I think this is important to have in stable, some gaming community members seems excited with that, it'll help with general proprietary software (that is basically unfixable), making them run smoothly on 6.0.y and 6.1.y. I've CCed some folks more than just the stable list, to gather more opinions on that, so apologies if you received this email but think that you shouldn't have. Thanks in advance, Guilherme Documentation/admin-guide/sysctl/kernel.rst | 23 ++++++++ arch/x86/kernel/cpu/intel.c | 63 +++++++++++++++++---- 2 files changed, 76 insertions(+), 10 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index 98d1b198b2b4..c2c64c1b706f 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1314,6 +1314,29 @@ watchdog work to be queued by the watchdog timer function, otherwise the NMI watchdog — if enabled — can detect a hard lockup condition. +split_lock_mitigate (x86 only) +============================== + +On x86, each "split lock" imposes a system-wide performance penalty. On larger +systems, large numbers of split locks from unprivileged users can result in +denials of service to well-behaved and potentially more important users. + +The kernel mitigates these bad users by detecting split locks and imposing +penalties: forcing them to wait and only allowing one core to execute split +locks at a time. + +These mitigations can make those bad applications unbearably slow. Setting +split_lock_mitigate=0 may restore some application performance, but will also +increase system exposure to denial of service attacks from split lock users. + += =================================================================== +0 Disable the mitigation mode - just warns the split lock on kernel log + and exposes the system to denials of service from the split lockers. +1 Enable the mitigation mode (this is the default) - penalizes the split + lockers with intentional performance degradation. += =================================================================== + + stack_erasing ============= diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 2d7ea5480ec3..427899650483 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -1034,8 +1034,32 @@ static const struct { static struct ratelimit_state bld_ratelimit; +static unsigned int sysctl_sld_mitigate = 1; static DEFINE_SEMAPHORE(buslock_sem); +#ifdef CONFIG_PROC_SYSCTL +static struct ctl_table sld_sysctls[] = { + { + .procname = "split_lock_mitigate", + .data = &sysctl_sld_mitigate, + .maxlen = sizeof(unsigned int), + .mode = 0644, + .proc_handler = proc_douintvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_ONE, + }, + {} +}; + +static int __init sld_mitigate_sysctl_init(void) +{ + register_sysctl_init("kernel", sld_sysctls); + return 0; +} + +late_initcall(sld_mitigate_sysctl_init); +#endif + static inline bool match_option(const char *arg, int arglen, const char *opt) { int len = strlen(opt), ratelimit; @@ -1146,12 +1170,20 @@ static void split_lock_init(void) split_lock_verify_msr(sld_state != sld_off); } -static void __split_lock_reenable(struct work_struct *work) +static void __split_lock_reenable_unlock(struct work_struct *work) { sld_update_msr(true); up(&buslock_sem); } +static DECLARE_DELAYED_WORK(sl_reenable_unlock, __split_lock_reenable_unlock); + +static void __split_lock_reenable(struct work_struct *work) +{ + sld_update_msr(true); +} +static DECLARE_DELAYED_WORK(sl_reenable, __split_lock_reenable); + /* * If a CPU goes offline with pending delayed work to re-enable split lock * detection then the delayed work will be executed on some other CPU. That @@ -1169,10 +1201,9 @@ static int splitlock_cpu_offline(unsigned int cpu) return 0; } -static DECLARE_DELAYED_WORK(split_lock_reenable, __split_lock_reenable); - static void split_lock_warn(unsigned long ip) { + struct delayed_work *work; int cpu; if (!current->reported_split_lock) @@ -1180,14 +1211,26 @@ static void split_lock_warn(unsigned long ip) current->comm, current->pid, ip); current->reported_split_lock = 1; - /* misery factor #1, sleep 10ms before trying to execute split lock */ - if (msleep_interruptible(10) > 0) - return; - /* Misery factor #2, only allow one buslocked disabled core at a time */ - if (down_interruptible(&buslock_sem) == -EINTR) - return; + if (sysctl_sld_mitigate) { + /* + * misery factor #1: + * sleep 10ms before trying to execute split lock. + */ + if (msleep_interruptible(10) > 0) + return; + /* + * Misery factor #2: + * only allow one buslocked disabled core at a time. + */ + if (down_interruptible(&buslock_sem) == -EINTR) + return; + work = &sl_reenable_unlock; + } else { + work = &sl_reenable; + } + cpu = get_cpu(); - schedule_delayed_work_on(cpu, &split_lock_reenable, 2); + schedule_delayed_work_on(cpu, work, 2); /* Disable split lock detection on this CPU to make progress */ sld_update_msr(false); -- 2.38.1

2 years, 5 months

5
5
0 0

[PATCH v2] module: Don't wait for GOING modules

by Petr Pavlu

During a system boot, it can happen that the kernel receives a burst of requests to insert the same module but loading it eventually fails during its init call. For instance, udev can make a request to insert a frequency module for each individual CPU when another frequency module is already loaded which causes the init function of the new module to return an error. Since commit 6e6de3dee51a ("kernel/module.c: Only return -EEXIST for modules that have finished loading"), the kernel waits for modules in MODULE_STATE_GOING state to finish unloading before making another attempt to load the same module. This creates unnecessary work in the described scenario and delays the boot. In the worst case, it can prevent udev from loading drivers for other devices and might cause timeouts of services waiting on them and subsequently a failed boot. This patch attempts a different solution for the problem 6e6de3dee51a was trying to solve. Rather than waiting for the unloading to complete, it returns a different error code (-EBUSY) for modules in the GOING state. This should avoid the error situation that was described in 6e6de3dee51a (user space attempting to load a dependent module because the -EEXIST error code would suggest to user space that the first module had been loaded successfully), while avoiding the delay situation too. Fixes: 6e6de3dee51a ("kernel/module.c: Only return -EEXIST for modules that have finished loading") Co-developed-by: Martin Wilck <mwilck(a)suse.com> Signed-off-by: Martin Wilck <mwilck(a)suse.com> Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> Cc: stable(a)vger.kernel.org --- Changes since v1 [1]: - Don't attempt a new module initialization when a same-name module completely disappeared while waiting on it, which means it went through the GOING state implicitly already. [1] https://lore.kernel.org/linux-modules/20221123131226.24359-1-petr.pavlu@sus… kernel/module/main.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index d02d39c7174e..7a627345d4fd 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2386,7 +2386,8 @@ static bool finished_loading(const char *name) sched_annotate_sleep(); mutex_lock(&module_mutex); mod = find_module_all(name, strlen(name), true); - ret = !mod || mod->state == MODULE_STATE_LIVE; + ret = !mod || mod->state == MODULE_STATE_LIVE + || mod->state == MODULE_STATE_GOING; mutex_unlock(&module_mutex); return ret; @@ -2562,20 +2563,35 @@ static int add_unformed_module(struct module *mod) mod->state = MODULE_STATE_UNFORMED; -again: mutex_lock(&module_mutex); old = find_module_all(mod->name, strlen(mod->name), true); if (old != NULL) { - if (old->state != MODULE_STATE_LIVE) { + if (old->state == MODULE_STATE_COMING + || old->state == MODULE_STATE_UNFORMED) { /* Wait in case it fails to load. */ mutex_unlock(&module_mutex); err = wait_event_interruptible(module_wq, finished_loading(mod->name)); if (err) goto out_unlocked; - goto again; + + /* The module might have gone in the meantime. */ + mutex_lock(&module_mutex); + old = find_module_all(mod->name, strlen(mod->name), + true); } - err = -EEXIST; + + /* + * We are here only when the same module was being loaded. Do + * not try to load it again right now. It prevents long delays + * caused by serialized module load failures. It might happen + * when more devices of the same type trigger load of + * a particular module. + */ + if (old && old->state == MODULE_STATE_LIVE) + err = -EEXIST; + else + err = -EBUSY; goto out; } mod_update_bounds(mod); -- 2.35.3

2 years, 5 months

5
30
0 0

FAILED: patch "[PATCH] tracing: Free buffers when a used dynamic event is removed" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: 4313e5a61304 ("tracing: Free buffers when a used dynamic event is removed") 5448d44c3855 ("tracing: Add unified dynamic event framework") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4313e5a613049dfc1819a6dfb5f94cf2caff9452 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Wed, 23 Nov 2022 17:14:34 -0500 Subject: [PATCH] tracing: Free buffers when a used dynamic event is removed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available (not currently used by other events). A type number is the identifier of the binary blobs in the tracing ring buffer (known as events) to map them to logic that can parse the binary blob. The issue is that if a dynamic event (like a kprobe event) is traced and is in the ring buffer, and then that event is removed (because it is dynamic, which means it can be created and destroyed), if another dynamic event is created that has the same number that new event's logic on parsing the binary blob will be used. To show how this can be an issue, the following can crash the kernel: # cd /sys/kernel/tracing # for i in `seq 65536`; do echo 'p:kprobes/foo do_sys_openat2 $arg1:u32' > kprobe_events # done For every iteration of the above, the writing to the kprobe_events will remove the old event and create a new one (with the same format) and increase the type number to the next available on until the type number reaches over 65535 which is the max number for the 16 bit type. After it reaches that number, the logic to allocate a new number simply looks for the next available number. When an dynamic event is removed, that number is then available to be reused by the next dynamic event created. That is, once the above reaches the max number, the number assigned to the event in that loop will remain the same. Now that means deleting one dynamic event and created another will reuse the previous events type number. This is where bad things can happen. After the above loop finishes, the kprobes/foo event which reads the do_sys_openat2 function call's first parameter as an integer. # echo 1 > kprobes/foo/enable # cat /etc/passwd > /dev/null # cat trace cat-2211 [005] .... 2007.849603: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849620: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849838: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849880: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 # echo 0 > kprobes/foo/enable Now if we delete the kprobe and create a new one that reads a string: # echo 'p:kprobes/foo do_sys_openat2 +0($arg2):string' > kprobe_events And now we can the trace: # cat trace sendmail-1942 [002] ..... 530.136320: foo: (do_sys_openat2+0x0/0x240) arg1= cat-2046 [004] ..... 530.930817: foo: (do_sys_openat2+0x0/0x240) arg1="��" cat-2046 [004] ..... 530.930961: foo: (do_sys_openat2+0x0/0x240) arg1="��" cat-2046 [004] ..... 530.934278: foo: (do_sys_openat2+0x0/0x240) arg1="��" cat-2046 [004] ..... 530.934563: foo: (do_sys_openat2+0x0/0x240) arg1="��" bash-1515 [007] ..... 534.299093: foo: (do_sys_openat2+0x0/0x240) arg1="kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk��@��4Z��;Y��U And dmesg has: ================================================================== BUG: KASAN: use-after-free in string+0xd4/0x1c0 Read of size 1 at addr ffff88805fdbbfa0 by task cat/2049 CPU: 0 PID: 2049 Comm: cat Not tainted 6.1.0-rc6-test+ #641 Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03 07/14/2016 Call Trace: <TASK> dump_stack_lvl+0x5b/0x77 print_report+0x17f/0x47b kasan_report+0xad/0x130 string+0xd4/0x1c0 vsnprintf+0x500/0x840 seq_buf_vprintf+0x62/0xc0 trace_seq_printf+0x10e/0x1e0 print_type_string+0x90/0xa0 print_kprobe_event+0x16b/0x290 print_trace_line+0x451/0x8e0 s_show+0x72/0x1f0 seq_read_iter+0x58e/0x750 seq_read+0x115/0x160 vfs_read+0x11d/0x460 ksys_read+0xa9/0x130 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fc2e972ade2 Code: c0 e9 b2 fe ff ff 50 48 8d 3d b2 3f 0a 00 e8 05 f0 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 RSP: 002b:00007ffc64e687c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007fc2e972ade2 RDX: 0000000000020000 RSI: 00007fc2e980d000 RDI: 0000000000000003 RBP: 00007fc2e980d000 R08: 00007fc2e980c010 R09: 0000000000000000 R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000020f00 R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000 </TASK> The buggy address belongs to the physical page: page:ffffea00017f6ec0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5fdbb flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) raw: 000fffffc0000000 0000000000000000 ffffea00017f6ec8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88805fdbbe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88805fdbbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88805fdbbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88805fdbc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88805fdbc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== This was found when Zheng Yejian sent a patch to convert the event type number assignment to use IDA, which gives the next available number, and this bug showed up in the fuzz testing by Yujie Liu and the kernel test robot. But after further analysis, I found that this behavior is the same as when the event type numbers go past the 16bit max (and the above shows that). As modules have a similar issue, but is dealt with by setting a "WAS_ENABLED" flag when a module event is enabled, and when the module is freed, if any of its events were enabled, the ring buffer that holds that event is also cleared, to prevent reading stale events. The same can be done for dynamic events. If any dynamic event that is being removed was enabled, then make sure the buffers they were enabled in are now cleared. Link: https://lkml.kernel.org/r/20221123171434.545706e3@gandalf.local.home Link: https://lore.kernel.org/all/20221110020319.1259291-1-zhengyejian1@huawei.co… Cc: stable(a)vger.kernel.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Depends-on: e18eb8783ec49 ("tracing: Add tracing_reset_all_online_cpus_unlocked() function") Depends-on: 5448d44c38557 ("tracing: Add unified dynamic event framework") Depends-on: 6212dd29683ee ("tracing/kprobes: Use dyn_event framework for kprobe events") Depends-on: 065e63f951432 ("tracing: Only have rmmod clear buffers that its events were active in") Depends-on: 575380da8b469 ("tracing: Only clear trace buffer on module unload if event was traced") Fixes: 77b44d1b7c283 ("tracing/kprobes: Rename Kprobe-tracer to kprobe-event") Reported-by: Zheng Yejian <zhengyejian1(a)huawei.com> Reported-by: Yujie Liu <yujie.liu(a)intel.com> Reported-by: kernel test robot <yujie.liu(a)intel.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_dynevent.c b/kernel/trace/trace_dynevent.c index 154996684fb5..4376887e0d8a 100644 --- a/kernel/trace/trace_dynevent.c +++ b/kernel/trace/trace_dynevent.c @@ -118,6 +118,7 @@ int dyn_event_release(const char *raw_command, struct dyn_event_operations *type if (ret) break; } + tracing_reset_all_online_cpus(); mutex_unlock(&event_mutex); out: argv_free(argv); @@ -214,6 +215,7 @@ int dyn_events_release_all(struct dyn_event_operations *type) break; } out: + tracing_reset_all_online_cpus(); mutex_unlock(&event_mutex); return ret; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 78cd19e31dba..f71ea6e79b3c 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -2880,7 +2880,10 @@ static int probe_remove_event_call(struct trace_event_call *call) * TRACE_REG_UNREGISTER. */ if (file->flags & EVENT_FILE_FL_ENABLED) - return -EBUSY; + goto busy; + + if (file->flags & EVENT_FILE_FL_WAS_ENABLED) + tr->clear_trace = true; /* * The do_for_each_event_file_safe() is * a double loop. After finding the call for this @@ -2893,6 +2896,12 @@ static int probe_remove_event_call(struct trace_event_call *call) __trace_remove_event_call(call); return 0; + busy: + /* No need to clear the trace now */ + list_for_each_entry(tr, &ftrace_trace_arrays, list) { + tr->clear_trace = false; + } + return -EBUSY; } /* Remove an event_call */

2 years, 5 months

4
7
0 0

[PATCH v2] Input: xen-kbdfront - drop keys to shrink modalias

by Jason Andryuk

xen kbdfront registers itself as being able to deliver *any* key since it doesn't know what keys the backend may produce. Unfortunately, the generated modalias gets too large and uevent creation fails with -ENOMEM. This can lead to gdm not using the keyboard since there is no seat associated [1] and the debian installer crashing [2]. Trim the ranges of key capabilities by removing some BTN_* ranges. While doing this, some neighboring undefined ranges are removed to trim it further. An upper limit of KEY_KBD_LCD_MENU5 is still too large. Use an upper limit of KEY_BRIGHTNESS_MENU. This removes: BTN_DPAD_UP(0x220)..BTN_DPAD_RIGHT(0x223) Empty space 0x224..0x229 Empty space 0x28a..0x28f KEY_MACRO1(0x290)..KEY_MACRO30(0x2ad) KEY_MACRO_RECORD_START 0x2b0 KEY_MACRO_RECORD_STOP 0x2b1 KEY_MACRO_PRESET_CYCLE 0x2b2 KEY_MACRO_PRESET1(0x2b3)..KEY_MACRO_PRESET3(0xb5) Empty space 0x2b6..0x2b7 KEY_KBD_LCD_MENU1(0x2b8)..KEY_KBD_LCD_MENU5(0x2bc) Empty space 0x2bd..0x2bf BTN_TRIGGER_HAPPY(0x2c0)..BTN_TRIGGER_HAPPY40(0x2e7) Empty space 0x2e8..0x2ff The modalias shrinks from 2082 to 1550 bytes. A chunk of keys need to be removed to allow the keyboard to be used. This may break some functionality, but the hope is these macro keys are uncommon and don't affect any users. [1] https://github.com/systemd/systemd/issues/22944 [2] https://lore.kernel.org/xen-devel/87o8dw52jc.fsf@vps.thesusis.net/T/ Cc: Phillip Susi <phill(a)thesusis.net> Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jandryuk(a)gmail.com> --- drivers/input/misc/xen-kbdfront.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) v2: Remove more keys: v1 didn't remove enough and modalias was still broken. diff --git a/drivers/input/misc/xen-kbdfront.c b/drivers/input/misc/xen-kbdfront.c index 8d8ebdc2039b..4ecb579df748 100644 --- a/drivers/input/misc/xen-kbdfront.c +++ b/drivers/input/misc/xen-kbdfront.c @@ -256,7 +256,14 @@ static int xenkbd_probe(struct xenbus_device *dev, __set_bit(EV_KEY, kbd->evbit); for (i = KEY_ESC; i < KEY_UNKNOWN; i++) __set_bit(i, kbd->keybit); - for (i = KEY_OK; i < KEY_MAX; i++) + /* In theory we want to go KEY_OK..KEY_MAX, but that grows the + * modalias line too long. There is a gap of buttons from + * BTN_DPAD_UP..BTN_DPAD_RIGHT and KEY_ALS_TOGGLE is the next + * defined. Then continue up to KEY_BRIGHTNESS_MENU as an upper + * limit. */ + for (i = KEY_OK; i < BTN_DPAD_UP; i++) + __set_bit(i, kbd->keybit); + for (i = KEY_ALS_TOGGLE; i <= KEY_BRIGHTNESS_MENU; i++) __set_bit(i, kbd->keybit); ret = input_register_device(kbd); -- 2.38.1

2 years, 5 months

2
4
0 0

tcpci module in Kernel 5.15.74 with PTN5110 not working correctly

by Christian Bach

Hello For a few weeks now I am trying to make the PTN5110 chip work with the new Kernel 5.15.74. The same hardware setup was working with the 4.19.72 Kernel. The steps I took so far are as follows: 1. Study the Documentation and look at example Device Tree's in the Kernel 2. Try out different Device Tree configurations derived from the Documentation and examples 3. I did look on Stackoverflow, the NXP and other forums for any similar issue but could not find any 4. Updating the Kernel to the newest Version I was able to find: 5.15.74 (Hash: f0bee94053065c7cb8eacadfdd6bf739a2042b35 in Repo: git://git.yoctoproject.org/linux-yocto.git;branch=v5.15/standard/base) 5. Downgrade to the earliest Kernel possible: v5.10-rc1 (Hash: 3650b228f83adda7e5ee532e2b90429c03f7b9ec in Repo: git://git.yoctoproject.org/linux-yocto.git;branch=v5.15/standard/base) None of those steps had any effect. Every time I plug in a USB-A to USB-C cable the Kernel gets stuck in the ISR until I unplug the cable. (Attaching a full USB-PD capable Power Source over a USB-C cable works fine) This results in an unreasonable high CPU usage (most of the times the CPU gets blocked completely). I did analyze the I2C bus and found that the old Kernel did change many configurations after the A-C cable got attached while the new Kernel does nothing (please see logs below). I also did compare what happens on the I2C bus during chip initialization but did not find any mentionable differences. My HW setup is an i.mx6ul with the PTN5110 attached on I2C4. ================================================= My device tree looks like this: / { regulators { compatible = "simple-bus"; #address-cells = <1>; #size-cells = <0>; reg_usb_otg1_vbus: regulator@2 { compatible = "regulator-fixed"; reg = <2>; regulator-name = "usb_otg1_vbus"; pinctrl-names = "default"; pinctrl-0 = <&pinctrl_usb_otg1_vbus>; regulator-min-microvolt = <5000000>; regulator-max-microvolt = <5000000>; gpio = <&gpio2 8 GPIO_ACTIVE_HIGH>; enable-active-high; status = "okay"; }; }; }; &usbotg1 { /*pinctrl-names = "default"; pinctrl-0 = <&pinctrl_usbotg1>;*/ dr_mode = "otg"; status = "okay"; disable-over-current; vbus-supply = <&reg_usb_otg1_vbus>; }; &i2c4 { clock-frequency = <100000>; pinctrl-names = "default"; pinctrl-0 = <&pinctrl_i2c4>; status = "okay"; usb_pd: ptn5110@50 { compatible = "nxp,ptn5110"; reg = <0x50>; pinctrl-names = "default"; pinctrl-0 = <&pinctrl_usb_pd>; interrupt-parent = <&gpio2>; interrupts = <11 IRQ_TYPE_LEVEL_LOW>; wakeup-source; usb_con: connector { compatible = "usb-c-connector"; label = "USB-C"; data-role = "dual"; power-role = "dual"; try-power-role = "sink"; source-pdos = <PDO_FIXED(VSAFE5V, 2000, PDO_FIXED_USB_COMM | PDO_FIXED_DUAL_ROLE)>; sink-pdos = <PDO_FIXED(VSAFE5V, 2000, PDO_FIXED_USB_COMM | PDO_FIXED_DUAL_ROLE) //PDO_FIXED(VSAFE5V, 3000, 0) //PDO_FIXED(9000, 3000, 0) PDO_FIXED(12000, 3000, 0) PDO_FIXED(20000, 3000, 0)>; //PDO_FIXED(20000, 5000, 0)>; op-sink-microwatt = <10000000>; }; }; }; &iomuxc { pinctrl_i2c4: i2c4grp { fsl,pins = < MX6UL_PAD_UART2_TX_DATA__I2C4_SCL 0x4001b8b0 MX6UL_PAD_UART2_RX_DATA__I2C4_SDA 0x4001b8b0 >; }; pinctrl_usb_pd: usbpdgrp { fsl,pins = < MX6UL_PAD_ENET2_TX_DATA0__GPIO2_IO11 0x0001b020 /* Alert Interrupt */ MX6UL_PAD_ENET2_TX_CLK__GPIO2_IO14 0x0001b020 /* Fault Interrupt */ >; }; pinctrl_usb_otg1_vbus: usbotg1 { fsl,pins = < MX6UL_PAD_ENET2_RX_DATA0__GPIO2_IO08 0x000000b9 MX6UL_PAD_ENET2_RX_DATA1__USB_OTG1_OC 0x000010b0 >; }; }; ================================================= I2C Log on plug in event of Kernel 5.15.68: Direction | Address | Data ------------------------------- Read | 10 | 02 22 Write | 10 | 02 22 Read | 14 | 04 Read | 10 | 02 02 Write | 10 | 02 02 Read | 1E | 0C Read | 14 | 04 Read | 10 | 03 02 Write | 10 | 03 02 Read | 1E | 0C Read | 1A | 4A Read | 14 | 04 Read | 1D | 11 Read | 1E | 0C Pause for 200ms Read | 1A | 4A Read | 1A | 4A Read | 1D | 11 Write | 1A | 0E Write | 19 | 00 Write | 2E | 02 Write | 23 | 66 Write | 23 | 55 Write | 2F | 21 Pause for 300ms Write | 51 | 02 Write | 52 | 00 00 Write | 50 | 25 Read | 10 | 50 02 Write | 10 | 50 02 Read | 10 | 00 02 Write | 10 | 00 02 Write | 72 | 8C 00 Read | 1C | 60 Read | 10 | 00 02 Write | 10 | 00 02 Write | 2F | 00 Read | 1C | 60 Read | 10 | 00 02 Write | 10 | 00 02 Write | 2E | 02 Read | 10 | 00 02 Write | 10 | 00 02 Read | 10 | 00 02 Write | 10 | 00 02 Read | 10 | 00 02 Write | 10 | 00 02 Read | 10 | 00 02 Write | 10 | 00 02 (It will loop like this until the cable gets detached) I2C Log on plug in event of Kernel 5.15.68: Direction | Address | Data ------------------------------- Read | 10 | 02 22 Write | 10 | 02 22 Read | 14 | 04 Read | 10 | 02 02 Write | 10 | 02 02 Read | 1E | 0C Read | 14 | 04 Read | 10 | 02 02 Write | 10 | 02 02 Read | 1E | 0C Read | 14 | 04 Read | 1E | 0C Pause for 200ms Read | 10 | 01 02 Write | 10 | 01 02 Read | 1D | 11 Pause for 250ms Read | 1A | 4A Write | 1A | 4E Write | 19 | 00 Write | 2E | 02 Write | 23 | 66 Write | 23 | 55 Write | 2F | 21 Pause for 4ms Write | 51 | 02 Write | 52 | 00 00 Write | 50 | 35 Read | 10 | 50 02 Write | 10 | 50 02 Read | 10 | 00 02 Write | 10 | 00 02 Write | 2F | 00 Read | 10 | 00 02 Write | 10 | 00 02 Read | 1C | 60 Read | 10 | 00 02 Write | 10 | 00 02 Write | 23 | 66 Read | 10 | 02 02 Write | 10 | 02 02 Write | 23 | 44 Read | 14 | FF Write | 2E | 02 Read | 1E | 0C Write | 10 | FF FF Write | 14 | 04 Write | 23 | 33 Write | 12 | 7F 00 Write | 2F | 00 Write | 23 | 66 Write | 23 | 44 Read | 1C | 60 Read | 1A | 4E Write | 1A | 4E Write | 19 | 00 Write | 2E | 02 Read | 1E | 0C Read | 1D | 11 Write | 2F | 00 Write | 23 | 66 Write | 23 | 44 Read | 1C | 60 Read | 1A | 4E Write | 1A | 4E Write | 19 | 00 Write | 2E | 02 Write | 1A | 0F Read | 10 | 01 02 Write | 10 | 01 02 Read | 1D | 00 Write | 1A | 4A Write | 23 | 99 Read | 10 | 01 02 Write | 10 | 01 02 Read | 1D | 11 (no more communication after this point) -- Dipl. El-Ing. FH Christian Bach, Projektleiter Direct +41 43 456 16 96 . http://www.scs.ch Supercomputing Systems AG . Technoparkstrasse 1 . CH-8005 Zürich

2 years, 6 months

3
9
0 0

[PATCH 0/6] hwpoison, shmem, hugetlb: fix data loss issue 5.10.y

by Mike Kravetz

This is a request for adding the following patches to stable 5.10.y. Poisoned shmem and hugetlb pages are removed from the pagecache. Subsequent access to the offset in the file results in a NEW zero filled page. Application code does not get notified of the data loss, and the only 'clue' is a message in the system log. Data loss has been experienced by real users. This was addressed upstream. Most commits were marked for backports, but some were not. This was discussed here [1] and here [2]. Patches apply cleanly to v5.4.224 and pass tests checking for this specific data loss issue. LTP mm tests show no regressions. All patches except 4 "mm: hwpoison: handle non-anonymous THP correctly" required a small bit of change to apply correctly: mostly for context. linux-mm Cc'ed as it would be great to get at least an ACK from others familiar with this issue. [1] https://lore.kernel.org/linux-mm/Y2UTUNBHVY5U9si2@monkey/ [2] https://lore.kernel.org/stable/20221114131403.GA3807058@u2004/ James Houghton (1): hugetlbfs: don't delete error page from pagecache Yang Shi (5): mm: hwpoison: remove the unnecessary THP check mm: filemap: check if THP has hwpoisoned subpage for PMD page fault mm: hwpoison: refactor refcount check handling mm: hwpoison: handle non-anonymous THP correctly mm: shmem: don't truncate page if memory failure happens fs/hugetlbfs/inode.c | 13 ++-- include/linux/page-flags.h | 23 ++++++ mm/huge_memory.c | 2 + mm/hugetlb.c | 4 + mm/memory-failure.c | 153 ++++++++++++++++++++++++------------- mm/memory.c | 9 +++ mm/page_alloc.c | 4 +- mm/shmem.c | 51 +++++++++++-- 8 files changed, 191 insertions(+), 68 deletions(-) -- 2.38.1

2 years, 6 months

2
7
0 0

[PATCH 5.4 00/67] 5.4.227-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.227 release. There are 67 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 14 Dec 2022 13:08:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.227-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.227-rc1 Frank Jungclaus <frank.jungclaus(a)esd.eu> can: esd_usb: Allow REC and TEC to return to zero Dan Carpenter <error27(a)gmail.com> net: mvneta: Fix an out of bounds check Eric Dumazet <edumazet(a)google.com> ipv6: avoid use-after-free in ip6_fragment() Yang Yingliang <yangyingliang(a)huawei.com> net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() Juergen Gross <jgross(a)suse.com> xen/netback: fix build warning Zhang Changzhong <zhangchangzhong(a)huawei.com> ethernet: aeroflex: fix potential skb leak in greth_init_rings() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect route flushing when table ID 0 is used Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect route flushing when source address is deleted YueHaibing <yuehaibing(a)huawei.com> tipc: Fix potential OOB in tipc_link_proto_rcv() Liu Jian <liujian56(a)huawei.com> net: hisilicon: Fix potential use-after-free in hix5hd2_rx() Liu Jian <liujian56(a)huawei.com> net: hisilicon: Fix potential use-after-free in hisi_femac_rx() Yongqiang Liu <liuyongqiang13(a)huawei.com> net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: fix "snps,axi-config" node property parsing Pankaj Raghav <p.raghav(a)samsung.com> nvme initialize core quirks before calling nvme_init_subsystem Kees Cook <keescook(a)chromium.org> NFC: nci: Bounds check struct nfc_target arrays Przemyslaw Patynowski <przemyslawx.patynowski(a)intel.com> i40e: Disallow ip4 and ip6 l4_4_bytes Sylwester Dziedziuch <sylwesterx.dziedziuch(a)intel.com> i40e: Fix for VF MAC address 0 Michal Jaron <michalx.jaron(a)intel.com> i40e: Fix not setting default xps_cpus after reset Dan Carpenter <error27(a)gmail.com> net: mvneta: Prevent out of bounds read in mvneta_config_rss() Lin Liu <lin.liu(a)citrix.com> xen-netfront: Fix NULL sring after live migration Valentina Goncharenko <goncharenko.vp(a)ispras.ru> net: encx24j600: Fix invalid logic in reading of MISTAT register Valentina Goncharenko <goncharenko.vp(a)ispras.ru> net: encx24j600: Add parentheses to fix precedence Wei Yongjun <weiyongjun1(a)huawei.com> mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Zhengchao Shao <shaozhengchao(a)huawei.com> selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload Artem Chernyshev <artem.chernyshev(a)red-soft.ru> net: dsa: ksz: Check return value Chen Zhongjin <chenzhongjin(a)huawei.com> Bluetooth: Fix not cleanup led when bt_init fails Wang ShaoBo <bobo.shaobowang(a)huawei.com> Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Akihiko Odaki <akihiko.odaki(a)daynix.com> igb: Allocate MSI-X vector when testing Akihiko Odaki <akihiko.odaki(a)daynix.com> e1000e: Fix TX dispatch condition Xiongfeng Wang <wangxiongfeng2(a)huawei.com> gpio: amd8111: Fix PCI device reference count leak Qiqi Zhang <eddy.zhang(a)rock-chips.com> drm/bridge: ti-sn65dsi86: Fix output polarity setting bug Hauke Mehrtens <hauke(a)hauke-m.de> ca8210: Fix crash by zero initializing data Ziyang Xuan <william.xuanziyang(a)huawei.com> ieee802154: cc2520: Fix error return code in cc2520_hw_init() Baolin Wang <baolin.wang(a)linux.alibaba.com> mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page Oliver Hartkopp <socketcan(a)hartkopp.net> can: af_can: fix NULL pointer dereference in can_rcv_filter ZhangPeng <zhangpeng362(a)huawei.com> HID: core: fix shift-out-of-bounds in hid_report_raw_event Anastasia Belova <abelova(a)astralinux.ru> HID: hid-lg4ff: Add check for empty lbuf Ankit Patel <anpatel(a)nvidia.com> HID: usbhid: Add ALWAYS_POLL quirk for some mice Rob Clark <robdclark(a)chromium.org> drm/shmem-helper: Remove errant put in error path Thomas Huth <thuth(a)redhat.com> KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field John Starks <jostarks(a)microsoft.com> mm/gup: fix gup_pud_range() for dax Tejun Heo <tj(a)kernel.org> memcg: fix possible use-after-free in memcg_write_event_control() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-dv-timings.c: fix too strict blanking sanity checks Rafał Miłecki <rafal(a)milecki.pl> Revert "net: dsa: b53: Fix valid setting for MDB entries" Juergen Gross <jgross(a)suse.com> xen/netback: don't call kfree_skb() with interrupts disabled Juergen Gross <jgross(a)suse.com> xen/netback: do some code cleanup Ross Lagerwall <ross.lagerwall(a)citrix.com> xen/netback: Ensure protocol headers don't fall in the non-linear area Jann Horn <jannh(a)google.com> mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Jann Horn <jannh(a)google.com> mm/khugepaged: fix GUP-fast interaction by sending IPI Jann Horn <jannh(a)google.com> mm/khugepaged: take the right locks for page table retraction Davide Tronchin <davide.tronchin.94(a)gmail.com> net: usb: qmi_wwan: add u-blox 0x1342 composition Dominique Martinet <asmadeus(a)codewreck.org> 9p/xen: check logical size for buffer size Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fbcon: Use kzalloc() in fbcon_prepare_logo() Andreas Kemnade <andreas(a)kemnade.info> regulator: twl6030: fix get status of twl6032 regulators Srinivasa Rao Mandadapu <quic_srivasam(a)quicinc.com> ASoC: soc-pcm: Add NULL check in BE reparenting Filipe Manana <fdmanana(a)suse.com> btrfs: send: avoid unaligned encoded writes when attempting to clone range Kees Cook <keescook(a)chromium.org> ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event Konrad Dybcio <konrad.dybcio(a)linaro.org> regulator: slg51000: Wait after asserting CS pin GUO Zihua <guozihua(a)huawei.com> 9p/fd: Use P9_HDRSZ for header size Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 Giulio Benetti <giulio.benetti(a)benettiengineering.com> ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation Tomislav Novak <tnovak(a)fb.com> ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix ir-receiver node names Sebastian Reichel <sebastian.reichel(a)collabora.com> arm: dts: rockchip: fix node name for hym8563 rtc FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rk3036-evb.dts | 2 +- arch/arm/boot/dts/rk3188-radxarock.dts | 2 +- arch/arm/boot/dts/rk3188.dtsi | 3 +- arch/arm/boot/dts/rk3288-evb-act8846.dts | 2 +- arch/arm/boot/dts/rk3288-firefly.dtsi | 2 +- arch/arm/boot/dts/rk3288-miqi.dts | 2 +- arch/arm/boot/dts/rk3288-rock2-square.dts | 2 +- arch/arm/boot/dts/rk3xxx.dtsi | 7 + arch/arm/include/asm/perf_event.h | 2 +- arch/arm/include/asm/pgtable-nommu.h | 6 - arch/arm/include/asm/pgtable.h | 16 +- arch/arm/mm/nommu.c | 19 + arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dts | 1 - arch/s390/kvm/vsie.c | 4 +- drivers/gpio/gpio-amd8111.c | 4 + drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 +- drivers/gpu/drm/drm_gem_shmem_helper.c | 4 +- drivers/hid/hid-core.c | 3 + drivers/hid/hid-ids.h | 3 + drivers/hid/hid-lg4ff.c | 6 + drivers/hid/hid-quirks.c | 3 + drivers/media/v4l2-core/v4l2-dv-timings.c | 20 +- drivers/net/can/usb/esd_usb2.c | 6 + drivers/net/dsa/b53/b53_common.c | 1 + drivers/net/ethernet/aeroflex/greth.c | 1 + drivers/net/ethernet/cavium/thunder/nicvf_main.c | 4 +- drivers/net/ethernet/hisilicon/hisi_femac.c | 2 +- drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 19 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 + drivers/net/ethernet/intel/igb/igb_ethtool.c | 2 + drivers/net/ethernet/marvell/mvneta.c | 2 +- drivers/net/ethernet/microchip/encx24j600-regmap.c | 4 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 8 +- drivers/net/ieee802154/ca8210.c | 2 +- drivers/net/ieee802154/cc2520.c | 2 +- drivers/net/plip/plip.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/xen-netback/common.h | 14 +- drivers/net/xen-netback/interface.c | 22 +- drivers/net/xen-netback/netback.c | 229 +-- drivers/net/xen-netback/rx.c | 10 +- drivers/net/xen-netfront.c | 6 + drivers/nvme/host/core.c | 8 +- drivers/regulator/slg51000-regulator.c | 2 + drivers/regulator/twl6030-regulator.c | 15 +- drivers/video/fbdev/core/fbcon.c | 2 +- fs/btrfs/send.c | 24 +- include/asm-generic/tlb.h | 4 + include/linux/cgroup.h | 1 + include/linux/hugetlb.h | 6 +- kernel/cgroup/cgroup-internal.h | 1 - mm/gup.c | 15 +- mm/hugetlb.c | 28 +- mm/khugepaged.c | 47 +- mm/memcontrol.c | 15 +- mm/mmu_gather.c | 5 + net/9p/trans_fd.c | 6 +- net/9p/trans_xen.c | 9 + net/bluetooth/6lowpan.c | 1 + net/bluetooth/af_bluetooth.c | 4 +- net/can/af_can.c | 4 +- net/dsa/tag_ksz.c | 3 +- net/ipv4/fib_frontend.c | 3 + net/ipv4/fib_semantics.c | 1 + net/ipv6/ip6_output.c | 5 + net/mac802154/iface.c | 1 + net/nfc/nci/ntf.c | 6 + net/tipc/link.c | 4 +- net/unix/diag.c | 20 +- sound/core/seq/seq_memory.c | 11 +- sound/soc/soc-pcm.c | 2 + tools/testing/selftests/net/fib_tests.sh | 1727 -------------------- tools/testing/selftests/net/rtnetlink.sh | 2 +- 77 files changed, 476 insertions(+), 1980 deletions(-)

2 years, 6 months

9
85
0 0

crypto-rockchip patches queued for 6.1

by Diederik de Haas

Hi, I couldn't find an existing mail with "[PATCH AUTOSEL 6.1 N/M] XYZ" to reply to, so I'm just sending an email like this. Hope that's ok. In https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/ tree/queue-6.1 there are a number of patches which start with: crypto-rockchip- like crypto-rockchip-add-fallback-for-ahash.patch I guess they were (auto) selected as they contain a "Fixes: <commitid>" line. Those 7 patches are actually part of a larger patch set, see here: https://lore.kernel.org/all/20220927075511.3147847-1-clabbe@baylibre.com/ All those patches have been merged into Linus' tree for 6.2 and there's a hotfix planned to be submitted for 6.2 here: https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/ commit/?h=v6.2-armsoc/dtsfixes&id=53e8e1e6e9c1653095211a8edf17912f2374bb03 Wouldn't it make more sense to queue the whole patch set for 6.1? Or (at least) the whole crypto rockchip part as mentioned here: https://lore.kernel.org/all/Y5mGGrBJaDL6mnQJ@gondor.apana.org.au/ under the "Corentin Labbe (32):" label? Cheers, Diederik

2 years, 6 months

2
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2022