May 2022 - Linux-stable-mirror

by MIKE TAILOR INVESTMENT

Mike Tailor Inv is currently doing a great Promo, You have the opportunity to invest at least $250 USD and earn $2,500 USD in 4 working days. Contact the investment company via this email: ( investmentdept2022(a)miketailorinv.us ). The higher you invest the higher your profit value.

2 years, 7 months

1
0
0 0

[PATCH v7,3/4] drm/mediatek: keep dsi as LP00 before dcs cmds transfer

by xinlei.lee＠mediatek.com

From: Jitao Shi <jitao.shi(a)mediatek.com> To comply with the panel sequence, hold the mipi signal to LP00 before the dcs cmds transmission, and pull the mipi signal high from LP00 to LP11 until the start of the dcs cmds transmission. The normal panel timing is : (1) pp1800 DC pull up (2) avdd & avee AC pull high (3) lcm_reset pull high -> pull low -> pull high (4) Pull MIPI signal high (LP11) -> initial code -> send video data(HS mode) The power-off sequence is reversed. If dsi is not in cmd mode, then dsi will pull the mipi signal high in the mtk_output_dsi_enable function. The delay in lane_ready func is the reaction time of dsi_rx after pulling up the mipi signal. Fixes: 2dd8075d2185 ("drm/mediatek: mtk_dsi: Use the drm_panel_bridge API") Cc: <stable(a)vger.kernel.org> # 5.10.x: b255d51e3967: sched: Modify dsi funcs to atomic operations Cc: <stable(a)vger.kernel.org> # 5.10.x: 72c69c977502: sched: Separate poweron/poweroff from enable/disable and define new funcs Cc: <stable(a)vger.kernel.org> # 5.10.x Signed-off-by: Jitao Shi <jitao.shi(a)mediatek.com> Signed-off-by: Xinlei Lee <xinlei.lee(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> --- drivers/gpu/drm/mediatek/mtk_dsi.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_dsi.c b/drivers/gpu/drm/mediatek/mtk_dsi.c index d9a6b928dba8..25e84d9426bf 100644 --- a/drivers/gpu/drm/mediatek/mtk_dsi.c +++ b/drivers/gpu/drm/mediatek/mtk_dsi.c @@ -203,6 +203,7 @@ struct mtk_dsi { struct mtk_phy_timing phy_timing; int refcount; bool enabled; + bool lanes_ready; u32 irq_data; wait_queue_head_t irq_wait_queue; const struct mtk_dsi_driver_data *driver_data; @@ -661,18 +662,11 @@ static int mtk_dsi_poweron(struct mtk_dsi *dsi) mtk_dsi_reset_engine(dsi); mtk_dsi_phy_timconfig(dsi); - mtk_dsi_rxtx_control(dsi); - usleep_range(30, 100); - mtk_dsi_reset_dphy(dsi); mtk_dsi_ps_control_vact(dsi); mtk_dsi_set_vm_cmd(dsi); mtk_dsi_config_vdo_timing(dsi); mtk_dsi_set_interrupt_enable(dsi); - mtk_dsi_clk_ulp_mode_leave(dsi); - mtk_dsi_lane0_ulp_mode_leave(dsi); - mtk_dsi_clk_hs_mode(dsi, 0); - return 0; err_disable_engine_clk: clk_disable_unprepare(dsi->engine_clk); @@ -701,6 +695,23 @@ static void mtk_dsi_poweroff(struct mtk_dsi *dsi) clk_disable_unprepare(dsi->digital_clk); phy_power_off(dsi->phy); + + dsi->lanes_ready = false; +} + +static void mtk_dsi_lane_ready(struct mtk_dsi *dsi) +{ + if (!dsi->lanes_ready) { + dsi->lanes_ready = true; + mtk_dsi_rxtx_control(dsi); + usleep_range(30, 100); + mtk_dsi_reset_dphy(dsi); + mtk_dsi_clk_ulp_mode_leave(dsi); + mtk_dsi_lane0_ulp_mode_leave(dsi); + mtk_dsi_clk_hs_mode(dsi, 0); + msleep(20); + /* The reaction time after pulling up the mipi signal for dsi_rx */ + } } static void mtk_output_dsi_enable(struct mtk_dsi *dsi) @@ -708,6 +719,7 @@ static void mtk_output_dsi_enable(struct mtk_dsi *dsi) if (dsi->enabled) return; + mtk_dsi_lane_ready(dsi); mtk_dsi_set_mode(dsi); mtk_dsi_clk_hs_mode(dsi, 1); @@ -1017,6 +1029,8 @@ static ssize_t mtk_dsi_host_transfer(struct mipi_dsi_host *host, if (MTK_DSI_HOST_IS_READ(msg->type)) irq_flag |= LPRX_RD_RDY_INT_FLAG; + mtk_dsi_lane_ready(dsi); + ret = mtk_dsi_host_send_cmd(dsi, msg, irq_flag); if (ret) goto restore_dsi_mode; -- 2.18.0

2 years, 7 months

3
2
0 0

[PATCH 5.4 00/68] 5.4.196-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.196 release. There are 68 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 25 May 2022 16:56:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.196-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.196-rc1 David Howells <dhowells(a)redhat.com> afs: Fix afs_getattr() to refetch file status if callback break occurred Yang Yingliang <yangyingliang(a)huawei.com> i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() Peter Zijlstra <peterz(a)infradead.org> x86/xen: Mark cpu_bringup_and_idle() as dead_end_function Juergen Gross <jgross(a)suse.com> x86/xen: fix booting 32-bit pv guest Linus Torvalds <torvalds(a)linux-foundation.org> Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" Abel Vesa <abel.vesa(a)nxp.com> ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk Thiébaud Weksteen <tweek(a)google.com> firmware_loader: use kernel credentials when reading firmware Tan Tee Min <tee.min.tan(a)linux.intel.com> net: stmmac: disable Split Header (SPH) for Intel platforms Ming Lei <ming.lei(a)redhat.com> block: return ELEVATOR_DISCARD_MERGE if possible Marek Vasut <marex(a)denx.de> Input: ili210x - fix reset timing Grant Grundler <grundler(a)chromium.org> net: atlantic: verify hw_head_ lies within TX buffer ring Yang Yingliang <yangyingliang(a)huawei.com> net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() Yang Yingliang <yangyingliang(a)huawei.com> ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() Nicolas Dichtel <nicolas.dichtel(a)6wind.com> selftests: add ping test with ping_group_range tuned Felix Fietkau <nbd(a)nbd.name> mac80211: fix rx reordering with non explicit / psmp ack policy Gleb Chesnokov <Chesnokov.G(a)raidix.com> scsi: qla2xxx: Fix missed DMA unmap for aborted commands Thomas Richter <tmricht(a)linux.ibm.com> perf bench numa: Address compiler error on s390 Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> gpio: mvebu/pwm: Refuse requests with inverted polarity Haibo Chen <haibo.chen(a)nxp.com> gpio: gpio-vf610: do not touch other bits when set the target bit Andrew Lunn <andrew(a)lunn.ch> net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. Kevin Mitchell <kevmitch(a)arista.com> igb: skip phy status check where unavailable Ard Biesheuvel <ardb(a)kernel.org> ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 Ard Biesheuvel <ardb(a)kernel.org> ARM: 9196/1: spectre-bhb: enable for Cortex-A15 Jiasheng Jiang <jiasheng(a)iscas.ac.cn> net: af_key: add check for pfkey_broadcast in function pfkey_process Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Properly block LRO when XDP is enabled Duoming Zhou <duoming(a)zju.edu.cn> NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/qla3xxx: Fix a test in ql_reset_work() Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> clk: at91: generated: consider range when calculating best rate Paul Greenwalt <paul.greenwalt(a)intel.com> ice: fix possible under reporting of ethtool Tx and Rx statistics Zixuan Fu <r33s3n6(a)gmail.com> net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() Zixuan Fu <r33s3n6(a)gmail.com> net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() Paolo Abeni <pabeni(a)redhat.com> net/sched: act_pedit: sanitize shift argument before usage Harini Katakam <harini.katakam(a)xilinx.com> net: macb: Increment rx bd head after allocating skb and buffer Jae Hyun Yoo <quic_jaehyoo(a)quicinc.com> ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group Jae Hyun Yoo <quic_jaehyoo(a)quicinc.com> ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi Jérôme Pouiller <jerome.pouiller(a)silabs.com> dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace Hangyu Hua <hbh25y(a)gmail.com> drm/dp/mst: fix a possible memory leak in fetch_monitor_name() Ondrej Mosnacek <omosnace(a)redhat.com> crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Update number of zapped pages even if page list is stable Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold Al Viro <viro(a)zeniv.linux.org.uk> Fix double fget() in vhost_net_set_backend() Peter Zijlstra <peterz(a)infradead.org> perf: Fix sys_perf_event_open() race against self Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Proper check of get_user() error Meena Shanmugam <meenashanmugam(a)google.com> SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() Meena Shanmugam <meenashanmugam(a)google.com> SUNRPC: Don't call connect() more than once on a TCP socket Meena Shanmugam <meenashanmugam(a)google.com> SUNRPC: Prevent immediate close+reconnect Meena Shanmugam <meenashanmugam(a)google.com> SUNRPC: Clean up scheduling of autoclose Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix lockdep warnings during disk space reclamation Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix lockdep warnings in page operations for btree nodes linyujun <linyujun809(a)huawei.com> ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() Tzung-Bi Shih <tzungbi(a)google.com> platform/chrome: cros_ec_debugfs: detach log reader wq from devm Jakob Koschel <jakobkoschel(a)gmail.com> drbd: remove usage of list iterator variable after loop Xiaoke Wang <xkernel.wang(a)foxmail.com> MIPS: lantiq: check the return value of kzalloc() Mario Limonciello <mario.limonciello(a)amd.com> rtc: mc146818-lib: Fix the AltCentury for AMD platforms Anton Eidelman <anton.eidelman(a)gmail.com> nvme-multipath: fix hang when disk goes live over reconnect Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek: Enable headset mic on Lenovo P360 Peter Zijlstra <peterz(a)infradead.org> crypto: x86/chacha20 - Avoid spurious jumps to other functions Zheng Yongjun <zhengyongjun3(a)huawei.com> crypto: stm32 - fix reference leak in stm32_crc_remove Zheng Yongjun <zhengyongjun3(a)huawei.com> Input: stmfts - fix reference leak in stmfts_input_open Jeff LaBundy <jeff(a)labundy.com> Input: add bounds checking to input_set_capability() David Gow <davidgow(a)google.com> um: Cleanup syscall_handler_t definition/cast, fix warning Vincent Whitchurch <vincent.whitchurch(a)axis.com> rtc: fix use-after-free on device removal Miroslav Benes <mbenes(a)suse.cz> x86/xen: Make the secondary CPU idle tasks reliable Miroslav Benes <mbenes(a)suse.cz> x86/xen: Make the boot CPU idle task reliable Willy Tarreau <w(a)1wt.eu> floppy: use a statically allocated error counter ------------- Diffstat: Documentation/DMA-attributes.txt | 10 -- Makefile | 4 +- arch/arm/boot/dts/aspeed-g6-pinctrl.dtsi | 9 +- arch/arm/boot/dts/imx7-colibri.dtsi | 4 +- arch/arm/boot/dts/imx7-mba7.dtsi | 2 +- arch/arm/boot/dts/imx7d-nitrogen7.dts | 2 +- arch/arm/boot/dts/imx7d-pico-hobbit.dts | 4 +- arch/arm/boot/dts/imx7d-pico-pi.dts | 4 +- arch/arm/boot/dts/imx7d-sdb.dts | 2 +- arch/arm/boot/dts/imx7s-warp.dts | 4 +- arch/arm/kernel/entry-armv.S | 2 +- arch/arm/kernel/stacktrace.c | 10 +- arch/arm/mm/proc-v7-bugs.c | 1 + arch/mips/lantiq/falcon/sysctrl.c | 2 + arch/mips/lantiq/xway/gptu.c | 2 + arch/mips/lantiq/xway/sysctrl.c | 46 +++--- arch/x86/crypto/chacha-avx512vl-x86_64.S | 4 +- arch/x86/kvm/mmu.c | 10 +- arch/x86/um/shared/sysdep/syscalls_64.h | 5 +- arch/x86/xen/smp_pv.c | 3 +- arch/x86/xen/xen-head.S | 18 ++- block/bfq-iosched.c | 3 + block/blk-merge.c | 15 -- block/elevator.c | 3 + block/mq-deadline.c | 2 + drivers/base/firmware_loader/main.c | 17 +++ drivers/block/drbd/drbd_main.c | 7 +- drivers/block/floppy.c | 20 ++- drivers/clk/at91/clk-generated.c | 4 + drivers/crypto/qcom-rng.c | 1 + drivers/crypto/stm32/stm32-crc32.c | 4 +- drivers/gpio/gpio-mvebu.c | 3 + drivers/gpio/gpio-vf610.c | 8 +- drivers/gpu/drm/drm_dp_mst_topology.c | 1 + drivers/i2c/busses/i2c-mt7621.c | 10 +- drivers/input/input.c | 19 +++ drivers/input/touchscreen/ili210x.c | 4 +- drivers/input/touchscreen/stmfts.c | 8 +- drivers/mmc/core/block.c | 6 +- drivers/mmc/core/mmc_ops.c | 25 ++-- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 7 + drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/dec/tulip/tulip_core.c | 5 +- drivers/net/ethernet/intel/ice/ice_main.c | 7 +- drivers/net/ethernet/intel/igb/igb_main.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 7 + drivers/net/ethernet/qlogic/qla3xxx.c | 3 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 5 +- drivers/net/vmxnet3/vmxnet3_drv.c | 6 + drivers/nvme/host/core.c | 1 + drivers/nvme/host/multipath.c | 25 +++- drivers/nvme/host/nvme.h | 4 + drivers/pci/pci.c | 10 ++ drivers/platform/chrome/cros_ec_debugfs.c | 12 +- drivers/rtc/class.c | 9 ++ drivers/rtc/rtc-mc146818-lib.c | 16 ++- drivers/scsi/qla2xxx/qla_target.c | 3 + drivers/vhost/net.c | 15 +- fs/afs/inode.c | 14 +- fs/file_table.c | 1 + fs/nilfs2/btnode.c | 23 ++- fs/nilfs2/btnode.h | 1 + fs/nilfs2/btree.c | 27 ++-- fs/nilfs2/dat.c | 4 +- fs/nilfs2/gcinode.c | 7 +- fs/nilfs2/inode.c | 159 +++++++++++++++++++-- fs/nilfs2/mdt.c | 43 ++++-- fs/nilfs2/mdt.h | 6 +- fs/nilfs2/nilfs.h | 16 +-- fs/nilfs2/page.c | 7 +- fs/nilfs2/segment.c | 9 +- fs/nilfs2/super.c | 5 +- include/linux/blkdev.h | 16 +++ include/linux/dma-mapping.h | 8 -- include/linux/mc146818rtc.h | 2 + include/linux/stmmac.h | 1 + include/linux/sunrpc/xprtsock.h | 1 + include/uapi/linux/dma-buf.h | 4 +- kernel/dma/swiotlb.c | 13 +- kernel/events/core.c | 14 ++ net/bridge/br_input.c | 7 + net/key/af_key.c | 6 +- net/mac80211/rx.c | 3 +- net/nfc/nci/data.c | 2 +- net/nfc/nci/hci.c | 4 +- net/sched/act_pedit.c | 4 + net/sunrpc/xprt.c | 34 ++--- net/sunrpc/xprtsock.c | 36 +++-- sound/isa/wavefront/wavefront_synth.c | 3 +- sound/pci/hda/patch_realtek.c | 1 + tools/objtool/check.c | 1 + tools/perf/bench/numa.c | 2 +- tools/testing/selftests/net/fcnal-test.sh | 12 ++ 94 files changed, 682 insertions(+), 264 deletions(-)

2 years, 7 months

8
70
0 0

[PATCH 5.15 000/132] 5.15.42-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.42 release. There are 132 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 25 May 2022 16:56:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.42-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.42-rc1 David Howells <dhowells(a)redhat.com> afs: Fix afs_getattr() to refetch file status if callback break occurred Yang Yingliang <yangyingliang(a)huawei.com> i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() Sean Wang <sean.wang(a)mediatek.com> mt76: mt7921e: fix possible probe failure after reboot Jae Hyun Yoo <quic_jaehyoo(a)quicinc.com> dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group Marek Vasut <marex(a)denx.de> Input: ili210x - fix reset timing Shreyas K K <quic_shrekk(a)quicinc.com> arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs Grant Grundler <grundler(a)chromium.org> net: atlantic: verify hw_head_ lies within TX buffer ring Grant Grundler <grundler(a)chromium.org> net: atlantic: add check for MAX_SKB_FRAGS Grant Grundler <grundler(a)chromium.org> net: atlantic: reduce scope of is_rsc_complete Grant Grundler <grundler(a)chromium.org> net: atlantic: fix "frag[0] not initialized" Yang Yingliang <yangyingliang(a)huawei.com> net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() Yang Yingliang <yangyingliang(a)huawei.com> ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() Johannes Berg <johannes.berg(a)intel.com> nl80211: fix locking in nl80211_set_tx_bitrate_mask() Lina Wang <lina.wang(a)mediatek.com> net: fix wrong network header length Daniel Vetter <daniel.vetter(a)ffwll.ch> fbdev: Prevent possible use-after-free in fb_release() Javier Martinez Canillas <javierm(a)redhat.com> Revert "fbdev: Make fb_release() return -ENODEV if fbdev was unregistered" Nicolas Dichtel <nicolas.dichtel(a)6wind.com> selftests: add ping test with ping_group_range tuned Kieran Frewen <kieran.frewen(a)morsemicro.com> nl80211: validate S1G channel width Felix Fietkau <nbd(a)nbd.name> mac80211: fix rx reordering with non explicit / psmp ack policy Gleb Chesnokov <Chesnokov.G(a)raidix.com> scsi: qla2xxx: Fix missed DMA unmap for aborted commands Brian Bunker <brian(a)purestorage.com> scsi: scsi_dh_alua: Properly handle the ALUA transitioning state Thomas Richter <tmricht(a)linux.ibm.com> perf bench numa: Address compiler error on s390 Kan Liang <kan.liang(a)linux.intel.com> perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> gpio: mvebu/pwm: Refuse requests with inverted polarity Haibo Chen <haibo.chen(a)nxp.com> gpio: gpio-vf610: do not touch other bits when set the target bit Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Fix check for btf__load_from_kernel_by_id() in libbpf Daejun Park <daejun7.park(a)samsung.com> scsi: ufs: core: Fix referencing invalid rsp field Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> riscv: dts: sifive: fu540-c000: align dma node name with dtschema Andrew Lunn <andrew(a)lunn.ch> net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. Ritaro Takenaka <ritarot634(a)gmail.com> netfilter: flowtable: move dst_check to packet path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: pass flowtable to nf_flow_table_iterate() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: fix TCP flow teardown Kevin Mitchell <kevmitch(a)arista.com> igb: skip phy status check where unavailable Mat Martineau <mathew.j.martineau(a)linux.intel.com> mptcp: Do TCP fallback on early DSS checksum failure Paolo Abeni <pabeni(a)redhat.com> mptcp: strict local address ID selection Paolo Abeni <pabeni(a)redhat.com> mptcp: fix checksum byte order Geliang Tang <geliang.tang(a)suse.com> mptcp: reuse __mptcp_make_csum in validate_data_csum Geliang Tang <geliang.tang(a)suse.com> mptcp: change the parameter of __mptcp_make_csum Ard Biesheuvel <ardb(a)kernel.org> ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 Ard Biesheuvel <ardb(a)kernel.org> ARM: 9196/1: spectre-bhb: enable for Cortex-A15 Jiasheng Jiang <jiasheng(a)iscas.ac.cn> net: af_key: add check for pfkey_broadcast in function pfkey_process Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Properly block LRO when XDP is enabled Maor Dickman <maord(a)nvidia.com> net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table Duoming Zhou <duoming(a)zju.edu.cn> NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/qla3xxx: Fix a test in ql_reset_work() Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> clk: at91: generated: consider range when calculating best rate Michal Wilczynski <michal.wilczynski(a)intel.com> ice: Fix interrupt moderation settings getting cleared Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: move ice_container_type onto ice_ring_container Paul Greenwalt <paul.greenwalt(a)intel.com> ice: fix possible under reporting of ethtool Tx and Rx statistics Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix crash when writing timestamp on RX rings Zixuan Fu <r33s3n6(a)gmail.com> net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() Zixuan Fu <r33s3n6(a)gmail.com> net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: systemport: Fix an error handling path in bcm_sysport_probe() Pali Rohár <pali(a)kernel.org> Revert "PCI: aardvark: Rewrite IRQ code to chained IRQ handler" Felix Fietkau <nbd(a)nbd.name> netfilter: nft_flow_offload: fix offload with pppoe + vlan Felix Fietkau <nbd(a)nbd.name> net: fix dev_fill_forward_path with pppoe + bridge Felix Fietkau <nbd(a)nbd.name> netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices Felix Fietkau <nbd(a)nbd.name> netfilter: flowtable: fix excessive hw offload attempts after failure Paolo Abeni <pabeni(a)redhat.com> net/sched: act_pedit: sanitize shift argument before usage Eyal Birger <eyal.birger(a)gmail.com> xfrm: fix "disable_policy" flag use when arriving from different devices Nicolas Dichtel <nicolas.dichtel(a)6wind.com> xfrm: rework default policy structure Harini Katakam <harini.katakam(a)xilinx.com> net: macb: Increment rx bd head after allocating skb and buffer Alex Elder <elder(a)linaro.org> net: ipa: record proper RX transaction count Randy Dunlap <rdunlap(a)infradead.org> ALSA: hda - fix unused Realtek function when PM is not enabled Mattijs Korpershoek <mkorpershoek(a)baylibre.com> pinctrl: mediatek: mt8365: fix IES control pins Howard Chiu <howard_chiu(a)aspeedtech.com> ARM: dts: aspeed: Add video engine to g6 Joel Stanley <joel(a)jms.id.au> ARM: dts: aspeed: Add secure boot controller node Eddie James <eajames(a)linux.ibm.com> ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest Jae Hyun Yoo <quic_jaehyoo(a)quicinc.com> ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group Jae Hyun Yoo <quic_jaehyoo(a)quicinc.com> pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl Jae Hyun Yoo <quic_jaehyoo(a)quicinc.com> ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi Charan Teja Kalla <quic_charante(a)quicinc.com> dma-buf: ensure unique directory name for dmabuf stats Jérôme Pouiller <jerome.pouiller(a)silabs.com> dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace Hangyu Hua <hbh25y(a)gmail.com> drm/dp/mst: fix a possible memory leak in fetch_monitor_name() Anusha Srivatsa <anusha.srivatsa(a)intel.com> drm/i915/dmc: Add MMIO range restrictions Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Don't reset dGPUs if the system is going to s2idle Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free on linger ping and resends Ondrej Mosnacek <omosnace(a)redhat.com> crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Ensure the cleared tags are visible before setting the PTE Prakruthi Deepak Heragu <quic_pheragu(a)quicinc.com> arm64: paravirt: Use RCU read locks to guard stolen_time Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Update number of zapped pages even if page list is stable Jarkko Nikula <jarkko.nikula(a)linux.intel.com> Revert "can: m_can: pci: use custom bit timings for Elkhart Lake" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold Al Viro <viro(a)zeniv.linux.org.uk> Fix double fget() in vhost_net_set_backend() Ondrej Mosnacek <omosnace(a)redhat.com> selinux: fix bad cleanup on error in hashtab_duplicate() Peter Zijlstra <peterz(a)infradead.org> perf: Fix sys_perf_event_open() race against self Werner Sembach <wse(a)tuxedocomputers.com> ALSA: hda/realtek: Add quirk for TongFang devices with pop noise Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Proper check of get_user() error Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Restore Rane SL-1 quirk Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix lockdep warnings during disk space reclamation Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix lockdep warnings in page operations for btree nodes linyujun <linyujun809(a)huawei.com> ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() Tzung-Bi Shih <tzungbi(a)google.com> platform/chrome: cros_ec_debugfs: detach log reader wq from devm Jakob Koschel <jakobkoschel(a)gmail.com> drbd: remove usage of list iterator variable after loop Xiaoke Wang <xkernel.wang(a)foxmail.com> MIPS: lantiq: check the return value of kzalloc() Guo Xuenan <guoxuenan(a)huawei.com> fs: fix an infinite loop in iomap_fiemap Mario Limonciello <mario.limonciello(a)amd.com> rtc: mc146818-lib: Fix the AltCentury for AMD platforms Anton Eidelman <anton.eidelman(a)gmail.com> nvme-multipath: fix hang when disk goes live over reconnect Sagi Grimberg <sagi(a)grimberg.me> nvmet: use a private workqueue instead of the system workqueue Michael S. Tsirkin <mst(a)redhat.com> tools/virtio: compile with -pthread Zhu Lingshan <lingshan.zhu(a)intel.com> vhost_vdpa: don't setup irq offloading when irq_num < 0 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: improve zpci_dev reference counting Heiko Carstens <hca(a)linux.ibm.com> s390/traps: improve panic message for translation-specification exception Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek: Enable headset mic on Lenovo P360 Peter Zijlstra <peterz(a)infradead.org> crypto: x86/chacha20 - Avoid spurious jumps to other functions Zheng Yongjun <zhengyongjun3(a)huawei.com> crypto: stm32 - fix reference leak in stm32_crc_remove Andre Przywara <andre.przywara(a)arm.com> rtc: sun6i: Fix time overflow handling Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Disable page faults during lockless buffered reads Monish Kumar R <monish.kumar.r(a)intel.com> nvme-pci: add quirks for Samsung X5 SSDs Zheng Yongjun <zhengyongjun3(a)huawei.com> Input: stmfts - fix reference leak in stmfts_input_open Jeff LaBundy <jeff(a)labundy.com> Input: add bounds checking to input_set_capability() David Gow <davidgow(a)google.com> um: Cleanup syscall_handler_t definition/cast, fix warning Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: fix bug when reading alarm registers Vincent Whitchurch <vincent.whitchurch(a)axis.com> rtc: fix use-after-free on device removal Greg Thelen <gthelen(a)google.com> Revert "drm/i915/opregion: check port number bounds for SWSCI display power state" Hyeonggon Yoo <42.hyeyoo(a)gmail.com> mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool Terry Bowman <terry.bowman(a)amd.com> Watchdog: sp5100_tco: Enable Family 17h+ CPUs Terry Bowman <terry.bowman(a)amd.com> Watchdog: sp5100_tco: Add initialization using EFCH MMIO Terry Bowman <terry.bowman(a)amd.com> Watchdog: sp5100_tco: Refactor MMIO base address initialization Terry Bowman <terry.bowman(a)amd.com> Watchdog: sp5100_tco: Move timer initialization into function Terry Bowman <terry.bowman(a)amd.com> i2c: piix4: Enable EFCH MMIO for Family 17h+ Terry Bowman <terry.bowman(a)amd.com> i2c: piix4: Add EFCH MMIO support for SMBus port select Terry Bowman <terry.bowman(a)amd.com> i2c: piix4: Add EFCH MMIO support to SMBus base address detect Terry Bowman <terry.bowman(a)amd.com> i2c: piix4: Add EFCH MMIO support to region request and release Terry Bowman <terry.bowman(a)amd.com> i2c: piix4: Move SMBus port selection into function Terry Bowman <terry.bowman(a)amd.com> i2c: piix4: Move SMBus controller base address detect into function Terry Bowman <terry.bowman(a)amd.com> i2c: piix4: Move port I/O region request/release code into functions Terry Bowman <terry.bowman(a)amd.com> i2c: piix4: Replace hardcoded memory map size with a #define Terry Bowman <terry.bowman(a)amd.com> kernel/resource: Introduce request_mem_region_muxed() Willy Tarreau <w(a)1wt.eu> floppy: use a statically allocated error counter Pavel Begunkov <asml.silence(a)gmail.com> io_uring: arm poll for non-nowait files Schspa Shi <schspa(a)gmail.com> usb: gadget: fix race when gadget driver register via ioctl ------------- Diffstat: Documentation/arm64/silicon-errata.rst | 3 + .../bindings/pinctrl/aspeed,ast2600-pinctrl.yaml | 2 +- Makefile | 4 +- arch/arm/boot/dts/aspeed-bmc-ibm-everest.dts | 15 + arch/arm/boot/dts/aspeed-bmc-ibm-rainier.dts | 15 + arch/arm/boot/dts/aspeed-g6-pinctrl.dtsi | 9 +- arch/arm/boot/dts/aspeed-g6.dtsi | 35 +++ arch/arm/kernel/entry-armv.S | 2 +- arch/arm/kernel/stacktrace.c | 10 +- arch/arm/mm/proc-v7-bugs.c | 1 + arch/arm64/kernel/cpu_errata.c | 2 + arch/arm64/kernel/mte.c | 3 + arch/arm64/kernel/paravirt.c | 29 +- arch/mips/lantiq/falcon/sysctrl.c | 2 + arch/mips/lantiq/xway/gptu.c | 2 + arch/mips/lantiq/xway/sysctrl.c | 46 ++- arch/riscv/boot/dts/sifive/fu540-c000.dtsi | 2 +- arch/s390/kernel/traps.c | 6 +- arch/s390/pci/pci.c | 1 + arch/s390/pci/pci_bus.h | 3 +- arch/s390/pci/pci_clp.c | 9 +- arch/s390/pci/pci_event.c | 7 +- arch/x86/crypto/chacha-avx512vl-x86_64.S | 4 +- arch/x86/kvm/mmu/mmu.c | 10 +- arch/x86/um/shared/sysdep/syscalls_64.h | 5 +- drivers/block/drbd/drbd_main.c | 7 +- drivers/block/floppy.c | 18 +- drivers/clk/at91/clk-generated.c | 4 + drivers/crypto/qcom-rng.c | 1 + drivers/crypto/stm32/stm32-crc32.c | 4 +- drivers/dma-buf/dma-buf.c | 8 + drivers/gpio/gpio-mvebu.c | 3 + drivers/gpio/gpio-vf610.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 +- drivers/gpu/drm/drm_dp_mst_topology.c | 1 + drivers/gpu/drm/i915/display/intel_dmc.c | 44 +++ drivers/gpu/drm/i915/display/intel_opregion.c | 15 - drivers/gpu/drm/i915/i915_reg.h | 16 + drivers/i2c/busses/i2c-mt7621.c | 10 +- drivers/i2c/busses/i2c-piix4.c | 213 ++++++++++--- drivers/input/input.c | 19 ++ drivers/input/touchscreen/ili210x.c | 4 +- drivers/input/touchscreen/stmfts.c | 8 +- drivers/net/can/m_can/m_can_pci.c | 48 +-- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 20 +- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 7 + drivers/net/ethernet/broadcom/bcmsysport.c | 6 +- drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/dec/tulip/tulip_core.c | 5 +- drivers/net/ethernet/intel/ice/ice_base.c | 2 + drivers/net/ethernet/intel/ice/ice_ethtool.c | 38 +-- drivers/net/ethernet/intel/ice/ice_lib.c | 16 +- drivers/net/ethernet/intel/ice/ice_main.c | 7 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 19 +- drivers/net/ethernet/intel/ice/ice_txrx.h | 17 +- drivers/net/ethernet/intel/igb/igb_main.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 7 + .../mellanox/mlx5/core/steering/dr_action.c | 6 +- .../ethernet/mellanox/mlx5/core/steering/dr_fw.c | 4 +- .../mellanox/mlx5/core/steering/dr_types.h | 3 +- .../ethernet/mellanox/mlx5/core/steering/fs_dr.c | 4 +- .../ethernet/mellanox/mlx5/core/steering/mlx5dr.h | 3 +- drivers/net/ethernet/qlogic/qla3xxx.c | 3 +- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 4 +- drivers/net/ipa/gsi.c | 6 +- drivers/net/ppp/pppoe.c | 1 + drivers/net/vmxnet3/vmxnet3_drv.c | 6 + drivers/net/wireless/mediatek/mt76/mt7921/dma.c | 115 ------- drivers/net/wireless/mediatek/mt76/mt7921/mcu.c | 20 +- drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 121 ++++++++ drivers/nvme/host/core.c | 1 + drivers/nvme/host/multipath.c | 25 +- drivers/nvme/host/nvme.h | 4 + drivers/nvme/host/pci.c | 5 +- drivers/nvme/target/admin-cmd.c | 2 +- drivers/nvme/target/configfs.c | 2 +- drivers/nvme/target/core.c | 24 +- drivers/nvme/target/fc.c | 8 +- drivers/nvme/target/fcloop.c | 16 +- drivers/nvme/target/io-cmd-file.c | 6 +- drivers/nvme/target/loop.c | 4 +- drivers/nvme/target/nvmet.h | 1 + drivers/nvme/target/passthru.c | 2 +- drivers/nvme/target/rdma.c | 12 +- drivers/nvme/target/tcp.c | 10 +- drivers/pci/controller/pci-aardvark.c | 48 ++- drivers/pci/pci.c | 10 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 14 +- drivers/pinctrl/mediatek/pinctrl-mt8365.c | 2 +- drivers/platform/chrome/cros_ec_debugfs.c | 12 +- drivers/rtc/class.c | 9 + drivers/rtc/rtc-mc146818-lib.c | 16 +- drivers/rtc/rtc-pcf2127.c | 3 +- drivers/rtc/rtc-sun6i.c | 14 +- drivers/scsi/device_handler/scsi_dh_alua.c | 3 +- drivers/scsi/qla2xxx/qla_target.c | 3 + drivers/scsi/ufs/ufshpb.c | 19 +- drivers/usb/gadget/legacy/raw_gadget.c | 2 + drivers/vhost/net.c | 15 +- drivers/vhost/vdpa.c | 5 +- drivers/video/fbdev/core/fbmem.c | 5 +- drivers/video/fbdev/core/fbsysfs.c | 4 + drivers/watchdog/sp5100_tco.c | 334 ++++++++++++++------- drivers/watchdog/sp5100_tco.h | 7 + fs/afs/inode.c | 14 +- fs/gfs2/file.c | 4 +- fs/io_uring.c | 7 - fs/ioctl.c | 2 +- fs/nilfs2/btnode.c | 23 +- fs/nilfs2/btnode.h | 1 + fs/nilfs2/btree.c | 27 +- fs/nilfs2/dat.c | 4 +- fs/nilfs2/gcinode.c | 7 +- fs/nilfs2/inode.c | 159 +++++++++- fs/nilfs2/mdt.c | 43 ++- fs/nilfs2/mdt.h | 6 +- fs/nilfs2/nilfs.h | 16 +- fs/nilfs2/page.c | 7 +- fs/nilfs2/segment.c | 9 +- fs/nilfs2/super.c | 5 +- include/linux/ceph/osd_client.h | 3 + include/linux/ioport.h | 2 + include/linux/mc146818rtc.h | 2 + include/linux/netdevice.h | 2 +- include/net/ip.h | 1 + include/net/netns/xfrm.h | 6 +- include/net/xfrm.h | 58 ++-- include/uapi/linux/dma-buf.h | 4 +- kernel/events/core.c | 14 + mm/kfence/core.c | 11 + net/bridge/br_input.c | 7 + net/ceph/osd_client.c | 302 ++++++++----------- net/core/dev.c | 2 +- net/core/skbuff.c | 4 +- net/ipv4/route.c | 23 +- net/key/af_key.c | 6 +- net/mac80211/rx.c | 3 +- net/mptcp/options.c | 40 ++- net/mptcp/pm_netlink.c | 13 - net/mptcp/protocol.c | 3 + net/mptcp/protocol.h | 5 +- net/mptcp/subflow.c | 103 +++++-- net/netfilter/nf_flow_table_core.c | 80 ++--- net/netfilter/nf_flow_table_ip.c | 19 ++ net/netfilter/nft_flow_offload.c | 28 +- net/nfc/nci/data.c | 2 +- net/nfc/nci/hci.c | 4 +- net/sched/act_pedit.c | 4 + net/wireless/nl80211.c | 18 +- net/xfrm/xfrm_policy.c | 10 +- net/xfrm/xfrm_user.c | 43 ++- security/selinux/ss/hashtab.c | 3 +- sound/isa/wavefront/wavefront_synth.c | 3 +- sound/pci/hda/patch_realtek.c | 17 +- sound/usb/quirks-table.h | 9 + tools/build/Makefile.feature | 1 + tools/build/feature/Makefile | 4 + .../test-libbpf-btf__load_from_kernel_by_id.c | 7 + tools/perf/Makefile.config | 7 + tools/perf/arch/x86/util/perf_regs.c | 12 + tools/perf/bench/numa.c | 2 +- tools/perf/util/bpf-event.c | 4 +- tools/testing/selftests/net/fcnal-test.sh | 12 + tools/virtio/Makefile | 3 +- 166 files changed, 1925 insertions(+), 1083 deletions(-)

2 years, 7 months

10
141
0 0

+ hugetlb-fix-huge_pmd_unshare-address-update.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: hugetlb: fix huge_pmd_unshare address update has been added to the -mm mm-hotfixes-unstable branch. Its filename is hugetlb-fix-huge_pmd_unshare-address-update.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: hugetlb: fix huge_pmd_unshare address update Date: Tue, 24 May 2022 13:50:03 -0700 The routine huge_pmd_unshare() is passed a pointer to an address associated with an area which may be unshared. If unshare is successful this address is updated to 'optimize' callers iterating over huge page addresses. For the optimization to work correctly, address should be updated to the last huge page in the unmapped/unshared area. However, in the common case where the passed address is PUD_SIZE aligned, the address is incorrectly updated to the address of the preceding huge page. That wastes CPU cycles as the unmapped/unshared range is scanned twice. Link: https://lkml.kernel.org/r/20220524205003.126184-1-mike.kravetz@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/mm/hugetlb.c~hugetlb-fix-huge_pmd_unshare-address-update +++ a/mm/hugetlb.c @@ -6562,7 +6562,14 @@ int huge_pmd_unshare(struct mm_struct *m pud_clear(pud); put_page(virt_to_page(ptep)); mm_dec_nr_pmds(mm); - *addr = ALIGN(*addr, HPAGE_SIZE * PTRS_PER_PTE) - HPAGE_SIZE; + /* + * This update of passed address optimizes loops sequentially + * processing addresses in increments of huge page size (PMD_SIZE + * in this case). By clearing the pud, a PUD_SIZE area is unmapped. + * Update address to the 'last page' in the cleared area so that + * calling loop can move to first page past this area. + */ + *addr |= PUD_SIZE - PMD_SIZE; return 1; } _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are hugetlb-fix-huge_pmd_unshare-address-update.patch

2 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9f46c187e2e680ecd9de7983e4d081c3391acc76 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini <pbonzini(a)redhat.com> Date: Fri, 20 May 2022 13:48:11 -0400 Subject: [PATCH] KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Fix it trivially by checking for mmu->invlpg before every call. There are other possibilities: - check for CR0.PG, because KVM (like all Intel processors after P5) flushes guest TLB on CR0.PG changes so that INVPCID/INVLPG are a nop with paging disabled - check for EFER.LMA, because KVM syncs and flushes when switching MMU contexts outside of 64-bit mode All of these are tricky, go for the simple solution. This is CVE-2022-1789. Reported-by: Yongkang Jia <kangel(a)zju.edu.cn> Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 56ebc4fb7f91..45e1573f8f1d 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5470,14 +5470,16 @@ void kvm_mmu_invpcid_gva(struct kvm_vcpu *vcpu, gva_t gva, unsigned long pcid) uint i; if (pcid == kvm_get_active_pcid(vcpu)) { - mmu->invlpg(vcpu, gva, mmu->root.hpa); + if (mmu->invlpg) + mmu->invlpg(vcpu, gva, mmu->root.hpa); tlb_flush = true; } for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++) { if (VALID_PAGE(mmu->prev_roots[i].hpa) && pcid == kvm_get_pcid(vcpu, mmu->prev_roots[i].pgd)) { - mmu->invlpg(vcpu, gva, mmu->prev_roots[i].hpa); + if (mmu->invlpg) + mmu->invlpg(vcpu, gva, mmu->prev_roots[i].hpa); tlb_flush = true; } }

2 years, 7 months

2
1
0 0

[PATCH 4.19 00/44] 4.19.245-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.245 release. There are 44 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 25 May 2022 16:56:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.245-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.245-rc1 David Howells <dhowells(a)redhat.com> afs: Fix afs_getattr() to refetch file status if callback break occurred Linus Torvalds <torvalds(a)linux-foundation.org> Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" Halil Pasic <pasic(a)linux.ibm.com> swiotlb: fix info leak with DMA_FROM_DEVICE Grant Grundler <grundler(a)chromium.org> net: atlantic: verify hw_head_ lies within TX buffer ring Yang Yingliang <yangyingliang(a)huawei.com> net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() Yang Yingliang <yangyingliang(a)huawei.com> ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() Felix Fietkau <nbd(a)nbd.name> mac80211: fix rx reordering with non explicit / psmp ack policy Gleb Chesnokov <Chesnokov.G(a)raidix.com> scsi: qla2xxx: Fix missed DMA unmap for aborted commands Thomas Richter <tmricht(a)linux.ibm.com> perf bench numa: Address compiler error on s390 Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> gpio: mvebu/pwm: Refuse requests with inverted polarity Haibo Chen <haibo.chen(a)nxp.com> gpio: gpio-vf610: do not touch other bits when set the target bit Andrew Lunn <andrew(a)lunn.ch> net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. Kevin Mitchell <kevmitch(a)arista.com> igb: skip phy status check where unavailable Ard Biesheuvel <ardb(a)kernel.org> ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 Ard Biesheuvel <ardb(a)kernel.org> ARM: 9196/1: spectre-bhb: enable for Cortex-A15 Jiasheng Jiang <jiasheng(a)iscas.ac.cn> net: af_key: add check for pfkey_broadcast in function pfkey_process Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Properly block LRO when XDP is enabled Duoming Zhou <duoming(a)zju.edu.cn> NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/qla3xxx: Fix a test in ql_reset_work() Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> clk: at91: generated: consider range when calculating best rate Zixuan Fu <r33s3n6(a)gmail.com> net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() Zixuan Fu <r33s3n6(a)gmail.com> net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() Paolo Abeni <pabeni(a)redhat.com> net/sched: act_pedit: sanitize shift argument before usage Harini Katakam <harini.katakam(a)xilinx.com> net: macb: Increment rx bd head after allocating skb and buffer Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Cleanup BKOPS support Hangyu Hua <hbh25y(a)gmail.com> drm/dp/mst: fix a possible memory leak in fetch_monitor_name() Ondrej Mosnacek <omosnace(a)redhat.com> crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold Al Viro <viro(a)zeniv.linux.org.uk> Fix double fget() in vhost_net_set_backend() Peter Zijlstra <peterz(a)infradead.org> perf: Fix sys_perf_event_open() race against self Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Proper check of get_user() error Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix lockdep warnings during disk space reclamation Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix lockdep warnings in page operations for btree nodes linyujun <linyujun809(a)huawei.com> ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() Jakob Koschel <jakobkoschel(a)gmail.com> drbd: remove usage of list iterator variable after loop Xiaoke Wang <xkernel.wang(a)foxmail.com> MIPS: lantiq: check the return value of kzalloc() Zheng Yongjun <zhengyongjun3(a)huawei.com> crypto: stm32 - fix reference leak in stm32_crc_remove Zheng Yongjun <zhengyongjun3(a)huawei.com> Input: stmfts - fix reference leak in stmfts_input_open Jeff LaBundy <jeff(a)labundy.com> Input: add bounds checking to input_set_capability() David Gow <davidgow(a)google.com> um: Cleanup syscall_handler_t definition/cast, fix warning Willy Tarreau <w(a)1wt.eu> floppy: use a statically allocated error counter ------------- Diffstat: Makefile | 4 +- arch/arm/kernel/entry-armv.S | 2 +- arch/arm/kernel/stacktrace.c | 10 +- arch/arm/mm/proc-v7-bugs.c | 1 + arch/mips/lantiq/falcon/sysctrl.c | 2 + arch/mips/lantiq/xway/gptu.c | 2 + arch/mips/lantiq/xway/sysctrl.c | 46 +++--- arch/x86/um/shared/sysdep/syscalls_64.h | 5 +- drivers/block/drbd/drbd_main.c | 7 +- drivers/block/floppy.c | 17 +-- drivers/clk/at91/clk-generated.c | 4 + drivers/crypto/qcom-rng.c | 1 + drivers/crypto/stm32/stm32_crc32.c | 4 +- drivers/gpio/gpio-mvebu.c | 3 + drivers/gpio/gpio-vf610.c | 8 +- drivers/gpu/drm/drm_dp_mst_topology.c | 1 + drivers/input/input.c | 19 +++ drivers/input/touchscreen/stmfts.c | 8 +- drivers/mmc/core/block.c | 8 +- drivers/mmc/core/card.h | 6 +- drivers/mmc/core/mmc.c | 6 - drivers/mmc/core/mmc_ops.c | 110 ++++---------- drivers/mmc/core/mmc_ops.h | 3 +- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 7 + drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/dec/tulip/tulip_core.c | 5 +- drivers/net/ethernet/intel/igb/igb_main.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 7 + drivers/net/ethernet/qlogic/qla3xxx.c | 3 +- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 4 +- drivers/net/vmxnet3/vmxnet3_drv.c | 6 + drivers/pci/pci.c | 10 ++ drivers/scsi/qla2xxx/qla_target.c | 3 + drivers/vhost/net.c | 15 +- fs/afs/inode.c | 14 +- fs/nilfs2/btnode.c | 23 ++- fs/nilfs2/btnode.h | 1 + fs/nilfs2/btree.c | 27 ++-- fs/nilfs2/dat.c | 4 +- fs/nilfs2/gcinode.c | 7 +- fs/nilfs2/inode.c | 159 +++++++++++++++++++-- fs/nilfs2/mdt.c | 43 ++++-- fs/nilfs2/mdt.h | 6 +- fs/nilfs2/nilfs.h | 16 +-- fs/nilfs2/page.c | 7 +- fs/nilfs2/segment.c | 9 +- fs/nilfs2/super.c | 5 +- kernel/dma/swiotlb.c | 12 +- kernel/events/core.c | 14 ++ net/bridge/br_input.c | 7 + net/key/af_key.c | 6 +- net/mac80211/rx.c | 3 +- net/nfc/nci/data.c | 2 +- net/nfc/nci/hci.c | 4 +- net/sched/act_pedit.c | 4 + sound/isa/wavefront/wavefront_synth.c | 3 +- tools/perf/bench/numa.c | 2 +- 57 files changed, 483 insertions(+), 237 deletions(-)

2 years, 7 months

6
47
0 0

[PATCH 5.4] x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests

by Thomas Gleixner

commit 7e0815b3e09986d2fe651199363e135b9358132a upstream. When a XEN_HVM guest uses the XEN PIRQ/Eventchannel mechanism, then PCI/MSI[-X] masking is solely controlled by the hypervisor, but contrary to XEN_PV guests this does not disable PCI/MSI[-X] masking in the PCI/MSI layer. This can lead to a situation where the PCI/MSI layer masks an MSI[-X] interrupt and the hypervisor grants the write despite the fact that it already requested the interrupt. As a consequence interrupt delivery on the affected device is not happening ever. Set pci_msi_ignore_mask to prevent that like it's done for XEN_PV guests already. Fixes: 809f9267bbab ("xen: map MSIs into pirqs") Reported-by: Jeremi Piotrowski <jpiotrowski(a)linux.microsoft.com> Reported-by: Dusty Mabe <dustymabe(a)redhat.com> Reported-by: Salvatore Bonaccorso <carnil(a)debian.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Noah Meyerhans <noahm(a)debian.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/87tuaduxj5.ffs@tglx [nmeyerha(a)amazon.com: backported to 5.4] Signed-off-by: Noah Meyerhans <nmeyerha(a)amazon.com> --- arch/x86/pci/xen.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c index 5c11ae66b5d8..9cf8f5417e7f 100644 --- a/arch/x86/pci/xen.c +++ b/arch/x86/pci/xen.c @@ -442,6 +442,11 @@ void __init xen_msi_init(void) x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs; x86_msi.teardown_msi_irq = xen_teardown_msi_irq; + /* + * With XEN PIRQ/Eventchannels in use PCI/MSI[-X] masking is solely + * controlled by the hypervisor. + */ + pci_msi_ignore_mask = 1; } #endif -- 2.25.1

2 years, 7 months

1
0
0 0

[PATCH 4.19] x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests

by Thomas Gleixner

commit 7e0815b3e09986d2fe651199363e135b9358132a upstream. When a XEN_HVM guest uses the XEN PIRQ/Eventchannel mechanism, then PCI/MSI[-X] masking is solely controlled by the hypervisor, but contrary to XEN_PV guests this does not disable PCI/MSI[-X] masking in the PCI/MSI layer. This can lead to a situation where the PCI/MSI layer masks an MSI[-X] interrupt and the hypervisor grants the write despite the fact that it already requested the interrupt. As a consequence interrupt delivery on the affected device is not happening ever. Set pci_msi_ignore_mask to prevent that like it's done for XEN_PV guests already. Fixes: 809f9267bbab ("xen: map MSIs into pirqs") Reported-by: Jeremi Piotrowski <jpiotrowski(a)linux.microsoft.com> Reported-by: Dusty Mabe <dustymabe(a)redhat.com> Reported-by: Salvatore Bonaccorso <carnil(a)debian.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Noah Meyerhans <noahm(a)debian.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/87tuaduxj5.ffs@tglx [nmeyerha(a)amazon.com: backported to 4.19] Signed-off-by: Noah Meyerhans <nmeyerha(a)amazon.com> --- arch/x86/pci/xen.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c index 22da9bfd8a45..bacf8d988f65 100644 --- a/arch/x86/pci/xen.c +++ b/arch/x86/pci/xen.c @@ -441,6 +441,11 @@ void __init xen_msi_init(void) x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs; x86_msi.teardown_msi_irq = xen_teardown_msi_irq; + /* + * With XEN PIRQ/Eventchannels in use PCI/MSI[-X] masking is solely + * controlled by the hypervisor. + */ + pci_msi_ignore_mask = 1; } #endif -- 2.25.1

2 years, 7 months

1
0
0 0

[PATCH 4.19 1/2] tcp: change source port randomizarion at connect() time

by Stefan Ghinea

From: Eric Dumazet <edumazet(a)google.com> commit 190cc82489f46f9d88e73c81a47e14f80a791e1a upstream RFC 6056 (Recommendations for Transport-Protocol Port Randomization) provides good summary of why source selection needs extra care. David Dworken reminded us that linux implements Algorithm 3 as described in RFC 6056 3.3.3 Quoting David : In the context of the web, this creates an interesting info leak where websites can count how many TCP connections a user's computer is establishing over time. For example, this allows a website to count exactly how many subresources a third party website loaded. This also allows: - Distinguishing between different users behind a VPN based on distinct source port ranges. - Tracking users over time across multiple networks. - Covert communication channels between different browsers/browser profiles running on the same computer - Tracking what applications are running on a computer based on the pattern of how fast source ports are getting incremented. Section 3.3.4 describes an enhancement, that reduces attackers ability to use the basic information currently stored into the shared 'u32 hint'. This change also decreases collision rate when multiple applications need to connect() to different destinations. Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: David Dworken <ddworken(a)google.com> Cc: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [SG: Adjusted context] Signed-off-by: Stefan Ghinea <stefan.ghinea(a)windriver.com> --- net/ipv4/inet_hashtables.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index c96a5871b49d..da9537ab3b98 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -714,6 +714,17 @@ void inet_unhash(struct sock *sk) } EXPORT_SYMBOL_GPL(inet_unhash); +/* RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm + * Note that we use 32bit integers (vs RFC 'short integers') + * because 2^16 is not a multiple of num_ephemeral and this + * property might be used by clever attacker. + * RFC claims using TABLE_LENGTH=10 buckets gives an improvement, + * we use 256 instead to really give more isolation and + * privacy, this only consumes 1 KB of kernel memory. + */ +#define INET_TABLE_PERTURB_SHIFT 8 +static u32 table_perturb[1 << INET_TABLE_PERTURB_SHIFT]; + int __inet_hash_connect(struct inet_timewait_death_row *death_row, struct sock *sk, u32 port_offset, int (*check_established)(struct inet_timewait_death_row *, @@ -727,7 +738,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, struct inet_bind_bucket *tb; u32 remaining, offset; int ret, i, low, high; - static u32 hint; + u32 index; if (port) { head = &hinfo->bhash[inet_bhashfn(net, port, @@ -752,7 +763,10 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, if (likely(remaining > 1)) remaining &= ~1U; - offset = (hint + port_offset) % remaining; + net_get_random_once(table_perturb, sizeof(table_perturb)); + index = hash_32(port_offset, INET_TABLE_PERTURB_SHIFT); + + offset = (READ_ONCE(table_perturb[index]) + port_offset) % remaining; /* In first pass we try ports of @low parity. * inet_csk_get_port() does the opposite choice. */ @@ -805,7 +819,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, return -EADDRNOTAVAIL; ok: - hint += i + 2; + WRITE_ONCE(table_perturb[index], READ_ONCE(table_perturb[index]) + i + 2); /* Head lock still held and bh's disabled */ inet_bind_hash(sk, tb, port); -- 2.36.1

2 years, 7 months

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2022