December 2023 - Linux-stable-mirror

[PATCH 3/4] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()

by Baokun Li

After updating bb_free in mb_free_blocks, it is possible to return without updating bb_fragments because the block being freed is found to have already been freed, which leads to inconsistency between bb_free and bb_fragments. Since the group may be unlocked in ext4_grp_locked_error(), this can lead to problems such as dividing by zero when calculating the average fragment length. Therefore, to ensure consistency, move the update of bb_free to after the block double-free check. Fixes: eabe0444df90 ("ext4: speed-up releasing blocks on commit") CC: stable(a)vger.kernel.org # 3.10 Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/mballoc.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index a95fa6e2b0f9..2fbee0f0f5c3 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1892,11 +1892,6 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, mb_check_buddy(e4b); mb_free_blocks_double(inode, e4b, first, count); - this_cpu_inc(discard_pa_seq); - e4b->bd_info->bb_free += count; - if (first < e4b->bd_info->bb_first_free) - e4b->bd_info->bb_first_free = first; - /* access memory sequentially: check left neighbour, * clear range and then check right neighbour */ @@ -1922,9 +1917,14 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, sb, e4b->bd_group, EXT4_GROUP_INFO_BBITMAP_CORRUPT); } - goto done; + return; } + this_cpu_inc(discard_pa_seq); + e4b->bd_info->bb_free += count; + if (first < e4b->bd_info->bb_first_free) + e4b->bd_info->bb_first_free = first; + /* let's maintain fragments counter */ if (left_is_free && right_is_free) e4b->bd_info->bb_fragments--; @@ -1949,7 +1949,6 @@ static void mb_free_blocks(struct inode *inode, struct ext4_buddy *e4b, if (first <= last) mb_buddy_mark_free(e4b, first >> 1, last >> 1); -done: mb_set_largest_free_order(sb, e4b->bd_info); mb_update_avg_fragment_size(sb, e4b->bd_info); mb_check_buddy(e4b); -- 2.31.1

1 year, 12 months

2
3
0 0

[PATCH 5.10 00/60] 5.10.205-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.205 release. There are 60 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 21 Dec 2023 07:43:52 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.205-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.205-rc2 Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Fix stack teardown in ftrace_no_trace Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Create a dummy stackframe to fix stack unwind Mazin Al Haddad <mazinalhaddad05(a)gmail.com> tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() Jiri Slaby <jirislaby(a)kernel.org> tty: n_gsm, remove duplicates of parameters Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix tty registration before control channel open Roy Luo <royluo(a)google.com> USB: gadget: core: adjust uevent timing on gadget unbind Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix writing to the buffer with max_data_size Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have saved event hold the entire event Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Update snapshot buffer on resize if it is allocated Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix memory leak of free page Florent Revest <revest(a)chromium.org> team: Fix use-after-free when an option instance allocation fails James Houghton <jthoughton(a)google.com> arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify Baokun Li <libaokun1(a)huawei.com> ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix NULL pointer dereference for multi_link Mark Rutland <mark.rutland(a)arm.com> perf: Fix perf_event_validate_size() lockdep splat Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: add const to read-only outgoing usb buffer Lech Perczak <lech.perczak(a)gmail.com> net: usb: qmi_wwan: claim interface 4 for ZTE MF290 Linus Torvalds <torvalds(a)linux-foundation.org> asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation Aoba K <nexp_0x17(a)outlook.com> HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: reset the backlight brightness level on resume Oliver Neukum <oneukum(a)suse.com> HID: add ALWAYS_POLL quirk for Apple kb Brett Raye <braye(a)fastmail.com> HID: glorious: fix Glorious Model I HID report Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: intel_telemetry: Fix kernel doc descriptions Coly Li <colyli(a)suse.de> bcache: avoid NULL checking to c->root in run_cache_set() Coly Li <colyli(a)suse.de> bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() Colin Ian King <colin.i.king(a)gmail.com> bcache: remove redundant assignment to variable cur_idx Coly Li <colyli(a)suse.de> bcache: avoid oversize memory allocation by small stripe_size Ming Lei <ming.lei(a)redhat.com> blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" Oliver Neukum <oneukum(a)suse.com> usb: aqc111: check packet for fixup for true limit Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add spinlock for setting vblank event in atomic_begin Jiaxun Yang <jiaxun.yang(a)flygoat.com> PCI: loongson: Limit MRRS to 256 Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: acpiphp: Reassign resources on bridge if necessary" Hartmut Knaack <knaack.h(a)gmx.de> ALSA: hda/realtek: Apply mute LED quirk for HP15-db Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants Hangyu Hua <hbh25y(a)gmail.com> fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() Jens Axboe <axboe(a)kernel.dk> cred: switch to using atomic_long_t Igor Russkikh <irusskikh(a)marvell.com> net: atlantic: fix double free in ring reinit logic Hyunwoo Kim <v4bel(a)theori.io> appletalk: Fix Use-After-Free in atalk_ioctl Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Handle disabled MDIO busses from devicetree Rasmus Villemoes <linux(a)rasmusvillemoes.dk> net: stmmac: use dev_err_probe() for reporting mdio bus registration failure Nikolay Kuratov <kniv(a)yandex-team.ru> vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() Yusong Gao <a869920004(a)gmail.com> sign-file: Fix incorrect return values check David Arinzon <darinzon(a)amazon.com> net: ena: Fix XDP redirection error David Arinzon <darinzon(a)amazon.com> net: ena: Destroy correct number of xdp queues upon failure Dong Chenchen <dongchenchen2(a)huawei.com> net: Remove acked SYN flag from packet in the transmit queue correctly Dinghao Liu <dinghao.liu(a)zju.edu.cn> qed: Fix a potential use-after-free in qed_cxt_tables_alloc Hyunwoo Kim <v4bel(a)theori.io> net/rose: Fix Use-After-Free in rose_ioctl Hyunwoo Kim <v4bel(a)theori.io> atm: Fix Use-After-Free in do_vcc_ioctl Radu Bulie <radu-andrei.bulie(a)nxp.com> net: fec: correct queue selection Vladimir Oltean <vladimir.oltean(a)nxp.com> net: vlan: introduce skb_vlan_eth_hdr() Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &tx_queue_lock Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &cli_queue_lock Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix reset behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Fix ethtool -G iface tx behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Prevent crash on TX ring changes Maciej Żenczykowski <maze(a)google.com> net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX Mikhail Khvainitski <me(a)khvoinitsky.org> HID: lenovo: Restrict detection of patched firmware only to USB cptkbd David Howells <dhowells(a)redhat.com> afs: Fix refcount underflow from error handling race Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix 'exist' matching on bigendian arches ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/pgtable.h | 6 + arch/powerpc/kernel/trace/ftrace_64_mprofile.S | 17 ++- block/blk-throttle.c | 2 + drivers/atm/solos-pci.c | 8 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 5 + drivers/hid/hid-asus.c | 25 +++- drivers/hid/hid-glorious.c | 16 ++- drivers/hid/hid-ids.h | 11 +- drivers/hid/hid-lenovo.c | 3 +- drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-quirks.c | 1 + drivers/md/bcache/bcache.h | 1 + drivers/md/bcache/btree.c | 7 ++ drivers/md/bcache/super.c | 4 +- drivers/md/bcache/writeback.c | 2 +- drivers/net/ethernet/amazon/ena/ena_eth_com.c | 3 - drivers/net/ethernet/amazon/ena/ena_netdev.c | 13 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 3 +- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 27 ++--- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- .../net/ethernet/qlogic/netxen/netxen_nic_main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 4 +- drivers/net/ethernet/qualcomm/qca_debug.c | 17 +-- drivers/net/ethernet/qualcomm/qca_spi.c | 20 +++- drivers/net/ethernet/sfc/tx_tso.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 13 +- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 8 +- drivers/net/team/team.c | 4 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pci/controller/pci-loongson.c | 46 +++++++- drivers/pci/hotplug/acpiphp_glue.c | 9 +- drivers/platform/x86/intel_telemetry_core.c | 4 +- drivers/soundwire/stream.c | 7 +- drivers/staging/gdm724x/gdm_lte.c | 4 +- drivers/tty/n_gsm.c | 131 +++++++++++++-------- drivers/usb/gadget/udc/core.c | 4 +- fs/afs/rxrpc.c | 2 +- fs/ext4/mballoc.c | 4 + fs/fuse/dax.c | 1 + include/asm-generic/qspinlock.h | 2 +- include/linux/cred.h | 8 +- include/linux/if_vlan.h | 12 +- include/net/addrconf.h | 12 +- include/net/if_inet6.h | 4 - kernel/cred.c | 64 +++++----- kernel/events/core.c | 10 ++ kernel/trace/ring_buffer.c | 18 ++- kernel/trace/trace.c | 4 +- net/appletalk/ddp.c | 9 +- net/atm/ioctl.c | 7 +- net/batman-adv/soft-interface.c | 2 +- net/ipv4/tcp_output.c | 6 + net/ipv6/addrconf.c | 6 +- net/netfilter/nft_exthdr.c | 2 +- net/netfilter/nft_fib.c | 8 +- net/rose/af_rose.c | 4 +- net/vmw_vsock/virtio_transport_common.c | 2 +- scripts/sign-file.c | 12 +- sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + 67 files changed, 439 insertions(+), 224 deletions(-)

1 year, 12 months

6
5
0 0

+ mm-migrate-high-order-folios-in-swap-cache-correctly.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: migrate high-order folios in swap cache correctly has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-migrate-high-order-folios-in-swap-cache-correctly.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Charan Teja Kalla <quic_charante(a)quicinc.com> Subject: mm: migrate high-order folios in swap cache correctly Date: Thu, 14 Dec 2023 04:58:41 +0000 Large folios occupy N consecutive entries in the swap cache instead of using multi-index entries like the page cache. However, if a large folio is re-added to the LRU list, it can be migrated. The migration code was not aware of the difference between the swap cache and the page cache and assumed that a single xas_store() would be sufficient. This leaves potentially many stale pointers to the now-migrated folio in the swap cache, which can lead to almost arbitrary data corruption in the future. This can also manifest as infinite loops with the RCU read lock held. [willy(a)infradead.org: modifications to the changelog & tweaked the fix] Fixes: 3417013e0d183be ("mm/migrate: Add folio_migrate_mapping()") Link: https://lkml.kernel.org/r/20231214045841.961776-1-willy@infradead.org Signed-off-by: Charan Teja Kalla <quic_charante(a)quicinc.com> Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: Charan Teja Kalla <quic_charante(a)quicinc.com> Closes: https://lkml.kernel.org/r/1700569840-17327-1-git-send-email-quic_charante@q… Cc: David Hildenbrand <david(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/mm/migrate.c~mm-migrate-high-order-folios-in-swap-cache-correctly +++ a/mm/migrate.c @@ -405,6 +405,7 @@ int folio_migrate_mapping(struct address int dirty; int expected_count = folio_expected_refs(mapping, folio) + extra_count; long nr = folio_nr_pages(folio); + long entries, i; if (!mapping) { /* Anonymous page without mapping */ @@ -442,8 +443,10 @@ int folio_migrate_mapping(struct address folio_set_swapcache(newfolio); newfolio->private = folio_get_private(folio); } + entries = nr; } else { VM_BUG_ON_FOLIO(folio_test_swapcache(folio), folio); + entries = 1; } /* Move dirty while page refs frozen and newpage not yet exposed */ @@ -453,7 +456,11 @@ int folio_migrate_mapping(struct address folio_set_dirty(newfolio); } - xas_store(&xas, newfolio); + /* Swap cache still stores N entries instead of a high-order entry */ + for (i = 0; i < entries; i++) { + xas_store(&xas, newfolio); + xas_next(&xas); + } /* * Drop cache reference from old page by unfreezing _ Patches currently in -mm which might be from quic_charante(a)quicinc.com are mm-sparsemem-fix-race-in-accessing-memory_section-usage.patch mm-sparsemem-fix-race-in-accessing-memory_section-usage-v2.patch mm-migrate-high-order-folios-in-swap-cache-correctly.patch

1 year, 12 months

2
1
0 0

[PATCH 5.15 00/83] 5.15.144-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.144 release. There are 83 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Dec 2023 13:50:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.144-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.144-rc1 Hayes Wang <hayeswang(a)realtek.com> r8152: fix the autosuspend doesn't work Hayes Wang <hayeswang(a)realtek.com> r8152: remove rtl_vendor_mode function Hayes Wang <hayeswang(a)realtek.com> r8152: avoid to change cfg for all devices Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> ksmbd: Mark as BROKEN in the 5.15.y kernel Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Fix stack teardown in ftrace_no_trace Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Create a dummy stackframe to fix stack unwind Christopher Bednarz <christopher.n.bednarz(a)intel.com> RDMA/irdma: Prevent zero-length STAG registration Roy Luo <royluo(a)google.com> USB: gadget: core: adjust uevent timing on gadget unbind Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not try to put back write_stamp Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix writing to the buffer with max_data_size Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have saved event hold the entire event Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not update before stamp when switching sub-buffers Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Update snapshot buffer on resize if it is allocated Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix memory leak of free page Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: add begin/end_use ring callbacks Florent Revest <revest(a)chromium.org> team: Fix use-after-free when an option instance allocation fails James Houghton <jthoughton(a)google.com> arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify Baokun Li <libaokun1(a)huawei.com> ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix NULL pointer dereference for multi_link Josef Bacik <josef(a)toxicpanda.com> btrfs: do not allow non subvolume root targets for snapshot Mark Rutland <mark.rutland(a)arm.com> perf: Fix perf_event_validate_size() lockdep splat Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: add const to read-only outgoing usb buffer Lech Perczak <lech.perczak(a)gmail.com> net: usb: qmi_wwan: claim interface 4 for ZTE MF290 Linus Torvalds <torvalds(a)linux-foundation.org> asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation Aoba K <nexp_0x17(a)outlook.com> HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: reset the backlight brightness level on resume Oliver Neukum <oneukum(a)suse.com> HID: add ALWAYS_POLL quirk for Apple kb Brett Raye <braye(a)fastmail.com> HID: glorious: fix Glorious Model I HID report Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: intel_telemetry: Fix kernel doc descriptions Coly Li <colyli(a)suse.de> bcache: avoid NULL checking to c->root in run_cache_set() Coly Li <colyli(a)suse.de> bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() Colin Ian King <colin.i.king(a)gmail.com> bcache: remove redundant assignment to variable cur_idx Coly Li <colyli(a)suse.de> bcache: avoid oversize memory allocation by small stripe_size Ming Lei <ming.lei(a)redhat.com> blk-cgroup: bypass blkcg_deactivate_policy after destroying Ming Lei <ming.lei(a)redhat.com> blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" Jean Delvare <jdelvare(a)suse.de> stmmac: dwmac-loongson: Add architecture dependency Oliver Neukum <oneukum(a)suse.com> usb: aqc111: check packet for fixup for true limit Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add spinlock for setting vblank event in atomic_begin Jiaxun Yang <jiaxun.yang(a)flygoat.com> PCI: loongson: Limit MRRS to 256 Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: acpiphp: Reassign resources on bridge if necessary" Hartmut Knaack <knaack.h(a)gmx.de> ALSA: hda/realtek: Apply mute LED quirk for HP15-db Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB Hangyu Hua <hbh25y(a)gmail.com> fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() Jens Axboe <axboe(a)kernel.dk> cred: switch to using atomic_long_t Igor Russkikh <irusskikh(a)marvell.com> net: atlantic: fix double free in ring reinit logic Hyunwoo Kim <v4bel(a)theori.io> appletalk: Fix Use-After-Free in atalk_ioctl Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Handle disabled MDIO busses from devicetree Rasmus Villemoes <linux(a)rasmusvillemoes.dk> net: stmmac: use dev_err_probe() for reporting mdio bus registration failure Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-switch: fix size of the dma_unmap Nikolay Kuratov <kniv(a)yandex-team.ru> vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() Yusong Gao <a869920004(a)gmail.com> sign-file: Fix incorrect return values check Yanteng Si <siyanteng(a)loongson.cn> stmmac: dwmac-loongson: Make sure MDIO is initialized before use David Arinzon <darinzon(a)amazon.com> net: ena: Fix XDP redirection error David Arinzon <darinzon(a)amazon.com> net: ena: Fix xdp drops handling due to multibuf packets David Arinzon <darinzon(a)amazon.com> net: ena: Destroy correct number of xdp queues upon failure Dong Chenchen <dongchenchen2(a)huawei.com> net: Remove acked SYN flag from packet in the transmit queue correctly Dinghao Liu <dinghao.liu(a)zju.edu.cn> qed: Fix a potential use-after-free in qed_cxt_tables_alloc Hyunwoo Kim <v4bel(a)theori.io> net/rose: Fix Use-After-Free in rose_ioctl Hyunwoo Kim <v4bel(a)theori.io> atm: Fix Use-After-Free in do_vcc_ioctl Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Update RSS algorithm index Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix promisc mcam entry action Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-af: fix a use-after-free in rvu_nix_register_reporters Radu Bulie <radu-andrei.bulie(a)nxp.com> net: fec: correct queue selection Vladimir Oltean <vladimir.oltean(a)nxp.com> net: vlan: introduce skb_vlan_eth_hdr() Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &tx_queue_lock Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &cli_queue_lock Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix reset behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Fix ethtool -G iface tx behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Prevent crash on TX ring changes Maciej Żenczykowski <maze(a)google.com> net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX Mikhail Khvainitski <me(a)khvoinitsky.org> HID: lenovo: Restrict detection of patched firmware only to USB cptkbd David Howells <dhowells(a)redhat.com> afs: Fix refcount underflow from error handling race Zizhi Wo <wozizhi(a)huawei.com> ksmbd: fix memory leak in smb2_lock() Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Handle more memory types passed from firmware David Hildenbrand <david(a)redhat.com> memblock: allow to specify flags with memblock_add_node() David Hildenbrand <david(a)redhat.com> mm/memory_hotplug: handle memblock_add_node() failures in add_memory_resource() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix 'exist' matching on bigendian arches Kelly Kane <kelly(a)hawknetworks.com> r8152: add vendor/device ID pair for ASUS USB-C2500 Antonio Napolitano <anton(a)polit.no> r8152: add vendor/device ID pair for D-Link DUB-E250 Bjørn Mork <bjorn(a)mork.no> r8152: add USB device driver for config selection Kan Liang <kan.liang(a)linux.intel.com> perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table ------------- Diffstat: Makefile | 4 +- arch/arc/mm/init.c | 4 +- arch/arm64/include/asm/pgtable.h | 6 + arch/ia64/mm/contig.c | 2 +- arch/ia64/mm/init.c | 2 +- arch/m68k/mm/mcfmmu.c | 3 +- arch/m68k/mm/motorola.c | 6 +- arch/mips/include/asm/mach-loongson64/boot_param.h | 6 +- arch/mips/loongson64/init.c | 42 +++-- arch/mips/sgi-ip27/ip27-memory.c | 3 +- arch/powerpc/kernel/trace/ftrace_64_mprofile.S | 17 +- arch/s390/kernel/setup.c | 3 +- arch/x86/events/intel/uncore_discovery.c | 18 ++- block/blk-cgroup.c | 13 ++ block/blk-throttle.c | 2 + drivers/atm/solos-pci.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 28 ++++ drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 5 + drivers/hid/hid-asus.c | 27 +++- drivers/hid/hid-glorious.c | 16 +- drivers/hid/hid-ids.h | 11 +- drivers/hid/hid-lenovo.c | 3 +- drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-quirks.c | 1 + drivers/infiniband/hw/irdma/ctrl.c | 6 + drivers/infiniband/hw/irdma/type.h | 2 + drivers/infiniband/hw/irdma/verbs.c | 10 +- drivers/md/bcache/bcache.h | 1 + drivers/md/bcache/btree.c | 7 + drivers/md/bcache/super.c | 4 +- drivers/md/bcache/writeback.c | 2 +- drivers/net/ethernet/amazon/ena/ena_eth_com.c | 3 - drivers/net/ethernet/amazon/ena/ena_netdev.c | 30 ++-- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 3 +- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- .../ethernet/freescale/dpaa2/dpaa2-switch-flower.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 27 ++-- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 5 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 55 +++++-- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 25 ++- .../net/ethernet/qlogic/netxen/netxen_nic_main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 4 +- drivers/net/ethernet/qualcomm/qca_debug.c | 17 +- drivers/net/ethernet/qualcomm/qca_spi.c | 20 ++- drivers/net/ethernet/sfc/tx_tso.c | 2 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 13 +- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 8 +- drivers/net/team/team.c | 4 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 177 ++++++++++++--------- drivers/pci/controller/pci-loongson.c | 46 +++++- drivers/pci/hotplug/acpiphp_glue.c | 9 +- drivers/platform/x86/intel/telemetry/core.c | 4 +- drivers/soundwire/stream.c | 7 +- drivers/staging/gdm724x/gdm_lte.c | 4 +- drivers/usb/gadget/udc/core.c | 4 +- fs/afs/rxrpc.c | 2 +- fs/btrfs/ioctl.c | 9 ++ fs/ext4/mballoc.c | 4 + fs/fuse/dax.c | 1 + fs/ksmbd/Kconfig | 1 + fs/ksmbd/smb2pdu.c | 1 + include/asm-generic/qspinlock.h | 2 +- include/linux/cred.h | 8 +- include/linux/if_vlan.h | 12 +- include/linux/memblock.h | 3 +- include/linux/mm.h | 2 +- include/linux/usb/r8152.h | 2 + include/net/addrconf.h | 12 +- include/net/if_inet6.h | 4 - kernel/cred.c | 64 ++++---- kernel/events/core.c | 10 ++ kernel/trace/ring_buffer.c | 56 +++---- kernel/trace/trace.c | 4 +- mm/memblock.c | 9 +- mm/memory_hotplug.c | 8 +- net/appletalk/ddp.c | 9 +- net/atm/ioctl.c | 7 +- net/batman-adv/soft-interface.c | 2 +- net/ipv4/tcp_output.c | 6 + net/ipv6/addrconf.c | 6 +- net/netfilter/nft_exthdr.c | 2 +- net/netfilter/nft_fib.c | 8 +- net/rose/af_rose.c | 4 +- net/vmw_vsock/virtio_transport_common.c | 2 +- scripts/sign-file.c | 12 +- sound/pci/hda/patch_hdmi.c | 3 + sound/pci/hda/patch_realtek.c | 1 + 96 files changed, 699 insertions(+), 359 deletions(-)

1 year, 12 months

11
95
0 0

[PATCH 1/2] HID: wacom: Correct behavior when processing some confidence == false touches

by Gerecke, Jason

From: Jason Gerecke <jason.gerecke(a)wacom.com> There appear to be a few different ways that Wacom devices can deal with confidence: 1. If the device looses confidence in a touch, it will first clear the tipswitch flag in one report, and then clear the confidence flag in a second report. This behavior is used by e.g. DTH-2452. 2. If the device looses confidence in a touch, it will clear both the tipswitch and confidence flags within the same report. This behavior is used by some AES devices. 3. If the device looses confidence in a touch, it will clear *only* the confidence bit. The tipswitch bit will remain set so long as the touch is tracked. This behavior may be used in future devices. The driver does not currently handle situation 3 properly. Touches that loose confidence will remain "in prox" and essentially frozen in place until the tipswitch bit is finally cleared. Not only does this result in userspace seeing a stuck touch, but it also prevents pen arbitration from working properly (the pen won't send events until all touches are up, but we don't currently process events from non-confident touches). This commit centralizes the checking of the confidence bit in the wacom_wac_finger_slot() function and has 'prox' depend on it. In the case where situation 3 is encountered, the treat the touch as though it was removed, allowing both userspace and the pen arbitration to act normally. Signed-off-by: Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> Signed-off-by: Ping Cheng <ping.cheng(a)wacom.com> Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> Fixes: 7fb0413baa7f ("HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts") Cc: stable(a)vger.kernel.org --- drivers/hid/wacom_wac.c | 32 ++++---------------------------- 1 file changed, 4 insertions(+), 28 deletions(-) diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index 471db78dbbf0..8289ce763704 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -2649,8 +2649,8 @@ static void wacom_wac_finger_slot(struct wacom_wac *wacom_wac, { struct hid_data *hid_data = &wacom_wac->hid_data; bool mt = wacom_wac->features.touch_max > 1; - bool prox = hid_data->tipswitch && - report_touch_events(wacom_wac); + bool touch_down = hid_data->tipswitch && hid_data->confidence; + bool prox = touch_down && report_touch_events(wacom_wac); if (touch_is_muted(wacom_wac)) { if (!wacom_wac->shared->touch_down) @@ -2700,24 +2700,6 @@ static void wacom_wac_finger_slot(struct wacom_wac *wacom_wac, } } -static bool wacom_wac_slot_is_active(struct input_dev *dev, int key) -{ - struct input_mt *mt = dev->mt; - struct input_mt_slot *s; - - if (!mt) - return false; - - for (s = mt->slots; s != mt->slots + mt->num_slots; s++) { - if (s->key == key && - input_mt_get_value(s, ABS_MT_TRACKING_ID) >= 0) { - return true; - } - } - - return false; -} - static void wacom_wac_finger_event(struct hid_device *hdev, struct hid_field *field, struct hid_usage *usage, __s32 value) { @@ -2768,14 +2750,8 @@ static void wacom_wac_finger_event(struct hid_device *hdev, } if (usage->usage_index + 1 == field->report_count) { - if (equivalent_usage == wacom_wac->hid_data.last_slot_field) { - bool touch_removed = wacom_wac_slot_is_active(wacom_wac->touch_input, - wacom_wac->hid_data.id) && !wacom_wac->hid_data.tipswitch; - - if (wacom_wac->hid_data.confidence || touch_removed) { - wacom_wac_finger_slot(wacom_wac, wacom_wac->touch_input); - } - } + if (equivalent_usage == wacom_wac->hid_data.last_slot_field) + wacom_wac_finger_slot(wacom_wac, wacom_wac->touch_input); } } -- 2.43.0

1 year, 12 months

2
1
0 0

[PATCH 5.4 00/40] 5.4.265-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.265 release. There are 40 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Dec 2023 13:50:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.265-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.265-rc1 Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Fix stack teardown in ftrace_no_trace Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Create a dummy stackframe to fix stack unwind Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Be sure to wait while busy in CQE error recovery Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix memory leak of free page Florent Revest <revest(a)chromium.org> team: Fix use-after-free when an option instance allocation fails James Houghton <jthoughton(a)google.com> arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify Baokun Li <libaokun1(a)huawei.com> ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix NULL pointer dereference for multi_link Mark Rutland <mark.rutland(a)arm.com> perf: Fix perf_event_validate_size() lockdep splat Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: add const to read-only outgoing usb buffer Lech Perczak <lech.perczak(a)gmail.com> net: usb: qmi_wwan: claim interface 4 for ZTE MF290 Linus Torvalds <torvalds(a)linux-foundation.org> asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation Aoba K <nexp_0x17(a)outlook.com> HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: reset the backlight brightness level on resume Oliver Neukum <oneukum(a)suse.com> HID: add ALWAYS_POLL quirk for Apple kb Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: intel_telemetry: Fix kernel doc descriptions Coly Li <colyli(a)suse.de> bcache: avoid NULL checking to c->root in run_cache_set() Coly Li <colyli(a)suse.de> bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() Coly Li <colyli(a)suse.de> bcache: avoid oversize memory allocation by small stripe_size Ming Lei <ming.lei(a)redhat.com> blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" Oliver Neukum <oneukum(a)suse.com> usb: aqc111: check packet for fixup for true limit Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: acpiphp: Reassign resources on bridge if necessary" Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants Jens Axboe <axboe(a)kernel.dk> cred: switch to using atomic_long_t Hyunwoo Kim <v4bel(a)theori.io> appletalk: Fix Use-After-Free in atalk_ioctl Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Handle disabled MDIO busses from devicetree Rasmus Villemoes <linux(a)rasmusvillemoes.dk> net: stmmac: use dev_err_probe() for reporting mdio bus registration failure Nikolay Kuratov <kniv(a)yandex-team.ru> vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() Yusong Gao <a869920004(a)gmail.com> sign-file: Fix incorrect return values check Dong Chenchen <dongchenchen2(a)huawei.com> net: Remove acked SYN flag from packet in the transmit queue correctly Dinghao Liu <dinghao.liu(a)zju.edu.cn> qed: Fix a potential use-after-free in qed_cxt_tables_alloc Hyunwoo Kim <v4bel(a)theori.io> net/rose: Fix Use-After-Free in rose_ioctl Hyunwoo Kim <v4bel(a)theori.io> atm: Fix Use-After-Free in do_vcc_ioctl Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &tx_queue_lock Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &cli_queue_lock Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix reset behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Fix ethtool -G iface tx behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Prevent crash on TX ring changes Maciej Żenczykowski <maze(a)google.com> net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX David Howells <dhowells(a)redhat.com> afs: Fix refcount underflow from error handling race ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/pgtable.h | 6 +++ arch/powerpc/kernel/trace/ftrace_64_mprofile.S | 17 ++++-- block/blk-throttle.c | 2 + drivers/atm/solos-pci.c | 8 +-- drivers/hid/hid-asus.c | 25 +++++++-- drivers/hid/hid-multitouch.c | 5 ++ drivers/hid/hid-quirks.c | 1 + drivers/md/bcache/bcache.h | 1 + drivers/md/bcache/btree.c | 7 +++ drivers/md/bcache/super.c | 4 +- drivers/mmc/core/core.c | 2 + drivers/mmc/core/mmc_ops.c | 5 +- drivers/mmc/core/mmc_ops.h | 2 + drivers/net/ethernet/qlogic/qed/qed_cxt.c | 1 + drivers/net/ethernet/qualcomm/qca_debug.c | 17 +++--- drivers/net/ethernet/qualcomm/qca_spi.c | 20 ++++++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +-- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 8 ++- drivers/net/team/team.c | 4 +- drivers/net/usb/aqc111.c | 8 +-- drivers/net/usb/qmi_wwan.c | 1 + drivers/pci/hotplug/acpiphp_glue.c | 9 ++-- drivers/platform/x86/intel_telemetry_core.c | 4 +- drivers/soundwire/stream.c | 7 +-- fs/afs/rxrpc.c | 2 +- fs/ext4/mballoc.c | 4 ++ include/asm-generic/qspinlock.h | 2 +- include/linux/cred.h | 8 +-- include/net/addrconf.h | 12 ++++- include/net/if_inet6.h | 4 -- kernel/cred.c | 64 +++++++++++------------ kernel/events/core.c | 10 ++++ kernel/trace/ring_buffer.c | 2 + net/appletalk/ddp.c | 9 ++-- net/atm/ioctl.c | 7 ++- net/ipv4/tcp_output.c | 6 +++ net/ipv6/addrconf.c | 6 +-- net/rose/af_rose.c | 4 +- net/vmw_vsock/virtio_transport_common.c | 2 +- scripts/sign-file.c | 12 ++--- sound/pci/hda/patch_hdmi.c | 2 + 42 files changed, 220 insertions(+), 110 deletions(-)

1 year, 12 months

6
45
0 0

[RFT 1/2] RISC-V: handle missing "no-map" properties for OpenSBI's PMP protected regions

by Conor Dooley

Add an erratum for versions [v0.8 to v1.3) of OpenSBI which fail to add the "no-map" property to the reserved memory nodes for the regions it has protected using PMPs. Our existing fix sweeping hibernation under the carpet by marking it NONPORTABLE is insufficient as there are other ways to generate accesses to these reserved memory regions, as Petr discovered [1] while testing crash kernels & kdump. Intercede during the boot process when the afflicted versions of OpenSBI are present & set the "no-map" property in all "mmode_resv" nodes before the kernel does its reserved memory region initialisation. Reported-by: Song Shuai <suagrfillet(a)gmail.com> Link: https://lore.kernel.org/all/CAAYs2=gQvkhTeioMmqRDVGjdtNF_vhB+vm_1dHJxPNi75Y… Reported-by: JeeHeng Sia <jeeheng.sia(a)starfivetech.com> Link: https://groups.google.com/a/groups.riscv.org/g/sw-dev/c/ITXwaKfA6z8 Reported-by: Petr Tesarik <petrtesarik(a)huaweicloud.com> Closes: https://lore.kernel.org/linux-riscv/76ff0f51-d6c1-580d-f943-061e93073306@hu… [1] CC: stable(a)vger.kernel.org Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- arch/riscv/include/asm/sbi.h | 5 +++++ arch/riscv/kernel/sbi.c | 42 +++++++++++++++++++++++++++++++++++- arch/riscv/mm/init.c | 3 +++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/sbi.h b/arch/riscv/include/asm/sbi.h index 5b4a1bf5f439..5360f3476278 100644 --- a/arch/riscv/include/asm/sbi.h +++ b/arch/riscv/include/asm/sbi.h @@ -252,6 +252,9 @@ enum sbi_pmu_ctr_type { #define SBI_ERR_ALREADY_STARTED -7 #define SBI_ERR_ALREADY_STOPPED -8 +/* SBI implementation IDs */ +#define SBI_IMP_OPENSBI 1 + extern unsigned long sbi_spec_version; struct sbiret { long error; @@ -259,6 +262,8 @@ struct sbiret { }; void sbi_init(void); +void sbi_apply_reserved_mem_erratum(void *dtb_va); + struct sbiret sbi_ecall(int ext, int fid, unsigned long arg0, unsigned long arg1, unsigned long arg2, unsigned long arg3, unsigned long arg4, diff --git a/arch/riscv/kernel/sbi.c b/arch/riscv/kernel/sbi.c index c672c8ba9a2a..aeb27263fa53 100644 --- a/arch/riscv/kernel/sbi.c +++ b/arch/riscv/kernel/sbi.c @@ -5,8 +5,10 @@ * Copyright (c) 2020 Western Digital Corporation or its affiliates. */ +#include <linux/acpi.h> #include <linux/bits.h> #include <linux/init.h> +#include <linux/libfdt.h> #include <linux/pm.h> #include <linux/reboot.h> #include <asm/sbi.h> @@ -583,6 +585,40 @@ long sbi_get_mimpid(void) } EXPORT_SYMBOL_GPL(sbi_get_mimpid); +static long sbi_firmware_id; +static long sbi_firmware_version; + +/* + * For devicetrees patched by OpenSBI a "mmode_resv" node is added to cover + * the region OpenSBI has protected by means of a PMP. Some versions of OpenSBI, + * [v0.8 to v1.3), omitted the "no-map" property, but this trips up hibernation + * among other things. + */ +void __init sbi_apply_reserved_mem_erratum(void *dtb_pa) +{ + int child, reserved_mem; + + if (sbi_firmware_id != SBI_IMP_OPENSBI) + return; + + if (!acpi_disabled) + return; + + if (sbi_firmware_version >= 0x10003 || sbi_firmware_version < 0x8) + return; + + reserved_mem = fdt_path_offset((void *)dtb_pa, "/reserved-memory"); + if (reserved_mem < 0) + return; + + fdt_for_each_subnode(child, (void *)dtb_pa, reserved_mem) { + const char *name = fdt_get_name((void *)dtb_pa, child, NULL); + + if (!strncmp(name, "mmode_resv", 10)) + fdt_setprop((void *)dtb_pa, child, "no-map", NULL, 0); + } +}; + void __init sbi_init(void) { int ret; @@ -596,8 +632,12 @@ void __init sbi_init(void) sbi_major_version(), sbi_minor_version()); if (!sbi_spec_is_0_1()) { + sbi_firmware_id = sbi_get_firmware_id(); + sbi_firmware_version = sbi_get_firmware_version(); + pr_info("SBI implementation ID=0x%lx Version=0x%lx\n", - sbi_get_firmware_id(), sbi_get_firmware_version()); + sbi_firmware_id, sbi_firmware_version); + if (sbi_probe_extension(SBI_EXT_TIME)) { __sbi_set_timer = __sbi_set_timer_v02; pr_info("SBI TIME extension detected\n"); diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index 70fb31960b63..cb16bfdeacdb 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -29,6 +29,7 @@ #include <asm/tlbflush.h> #include <asm/sections.h> #include <asm/soc.h> +#include <asm/sbi.h> #include <asm/io.h> #include <asm/ptdump.h> #include <asm/numa.h> @@ -253,6 +254,8 @@ static void __init setup_bootmem(void) * in the device tree, otherwise the allocation could end up in a * reserved region. */ + + sbi_apply_reserved_mem_erratum(dtb_early_va); early_init_fdt_scan_reserved_mem(); /* -- 2.40.1

1 year, 12 months

8
19
0 0

[PATCH] ARM: dts: qcom-sdx55: Fix the base address of PCIe PHY

by Manivannan Sadhasivam

While convering the binding to new format, serdes address specified in the old binding was used as the base address. This causes a boot hang as the driver tries to access memory region outside of the specified address. Fix it! Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Cc: stable(a)vger.kernel.org # 6.6 Fixes: bb56cff4ac03 ("ARM: dts: qcom-sdx55: switch PCIe QMP PHY to new style of bindings") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- arch/arm/boot/dts/qcom/qcom-sdx55.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/boot/dts/qcom/qcom-sdx55.dtsi b/arch/arm/boot/dts/qcom/qcom-sdx55.dtsi index 2aa5089a8513..a88f186fcf03 100644 --- a/arch/arm/boot/dts/qcom/qcom-sdx55.dtsi +++ b/arch/arm/boot/dts/qcom/qcom-sdx55.dtsi @@ -436,9 +436,9 @@ pcie_ep: pcie-ep@1c00000 { status = "disabled"; }; - pcie_phy: phy@1c07000 { + pcie_phy: phy@1c06000 { compatible = "qcom,sdx55-qmp-pcie-phy"; - reg = <0x01c07000 0x2000>; + reg = <0x01c06000 0x2000>; #address-cells = <1>; #size-cells = <1>; ranges; -- 2.25.1

1 year, 12 months

4
3
0 0

[PATCH] cxl/hdm: Fix dpa translation locking

by Dan Williams

The helper, cxl_dpa_resource_start(), snapshots the dpa-address of an endpoint-decoder after acquiring the cxl_dpa_rwsem. However, it is sufficient to assert that cxl_dpa_rwsem is held rather than acquire it in the helper. Otherwise, it triggers multiple lockdep reports: 1/ Tracing callbacks are in an atomic context that can not acquire sleeping locks: BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1525 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1288, name: bash preempt_count: 2, expected: 0 RCU nest depth: 0, expected: 0 [..] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc38 05/24/2023 Call Trace: <TASK> dump_stack_lvl+0x71/0x90 __might_resched+0x1b2/0x2c0 down_read+0x1a/0x190 cxl_dpa_resource_start+0x15/0x50 [cxl_core] cxl_trace_hpa+0x122/0x300 [cxl_core] trace_event_raw_event_cxl_poison+0x1c9/0x2d0 [cxl_core] 2/ The rwsem is already held in the inject poison path: WARNING: possible recursive locking detected 6.7.0-rc2+ #12 Tainted: G W OE N -------------------------------------------- bash/1288 is trying to acquire lock: ffffffffc05f73d0 (cxl_dpa_rwsem){++++}-{3:3}, at: cxl_dpa_resource_start+0x15/0x50 [cxl_core] but task is already holding lock: ffffffffc05f73d0 (cxl_dpa_rwsem){++++}-{3:3}, at: cxl_inject_poison+0x7d/0x1e0 [cxl_core] [..] Call Trace: <TASK> dump_stack_lvl+0x71/0x90 __might_resched+0x1b2/0x2c0 down_read+0x1a/0x190 cxl_dpa_resource_start+0x15/0x50 [cxl_core] cxl_trace_hpa+0x122/0x300 [cxl_core] trace_event_raw_event_cxl_poison+0x1c9/0x2d0 [cxl_core] __traceiter_cxl_poison+0x5c/0x80 [cxl_core] cxl_inject_poison+0x1bc/0x1e0 [cxl_core] This appears to have been an issue since the initial implementation and uncovered by the new cxl-poison.sh test [1]. That test is now passing with these changes. Fixes: 28a3ae4ff66c ("cxl/trace: Add an HPA to cxl_poison trace events") Link: http://lore.kernel.org/r/e4f2716646918135ddbadf4146e92abb659de734.170061515… [1] Cc: <stable(a)vger.kernel.org> Cc: Alison Schofield <alison.schofield(a)intel.com> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Dave Jiang <dave.jiang(a)intel.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/cxl/core/hdm.c | 3 +-- drivers/cxl/core/port.c | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/cxl/core/hdm.c b/drivers/cxl/core/hdm.c index 529baa8a1759..7d97790b893d 100644 --- a/drivers/cxl/core/hdm.c +++ b/drivers/cxl/core/hdm.c @@ -363,10 +363,9 @@ resource_size_t cxl_dpa_resource_start(struct cxl_endpoint_decoder *cxled) { resource_size_t base = -1; - down_read(&cxl_dpa_rwsem); + lockdep_assert_held(&cxl_dpa_rwsem); if (cxled->dpa_res) base = cxled->dpa_res->start; - up_read(&cxl_dpa_rwsem); return base; } diff --git a/drivers/cxl/core/port.c b/drivers/cxl/core/port.c index 38441634e4c6..f6e9b2986a9a 100644 --- a/drivers/cxl/core/port.c +++ b/drivers/cxl/core/port.c @@ -226,9 +226,9 @@ static ssize_t dpa_resource_show(struct device *dev, struct device_attribute *at char *buf) { struct cxl_endpoint_decoder *cxled = to_cxl_endpoint_decoder(dev); - u64 base = cxl_dpa_resource_start(cxled); - return sysfs_emit(buf, "%#llx\n", base); + guard(rwsem_read)(&cxl_dpa_rwsem); + return sysfs_emit(buf, "%#llx\n", cxl_dpa_resource_start(cxled)); } static DEVICE_ATTR_RO(dpa_resource);

1 year, 12 months

5
5
0 0

FAILED: patch "[PATCH] drm: Fix FD ownership check in drm_master_check_perm()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5a6c9a05e55cb2972396cc991af9d74c8c15029a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023121851-roamer-gravel-ddbe@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 5a6c9a05e55c ("drm: Fix FD ownership check in drm_master_check_perm()") 1c7a387ffef8 ("drm: Update file owner during use") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a6c9a05e55cb2972396cc991af9d74c8c15029a Mon Sep 17 00:00:00 2001 From: Lingkai Dong <Lingkai.Dong(a)arm.com> Date: Wed, 6 Dec 2023 13:51:58 +0000 Subject: [PATCH] drm: Fix FD ownership check in drm_master_check_perm() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The DRM subsystem keeps a record of the owner of a DRM device file descriptor using thread group ID (TGID) instead of process ID (PID), to ensures all threads within the same userspace process are considered the owner. However, the DRM master ownership check compares the current thread's PID against the record, so the thread is incorrectly considered to be not the FD owner if the PID is not equal to the TGID. This causes DRM ioctls to be denied master privileges, even if the same thread that opened the FD performs an ioctl. Fix this by checking TGID. Fixes: 4230cea89cafb ("drm: Track clients by tgid and not tid") Signed-off-by: Lingkai Dong <lingkai.dong(a)arm.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.4+ Link: https://patchwork.freedesktop.org/patch/msgid/PA6PR08MB107665920BE9A96658CD… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c index 2ed2585ded37..6899b3dc1f12 100644 --- a/drivers/gpu/drm/drm_auth.c +++ b/drivers/gpu/drm/drm_auth.c @@ -236,7 +236,7 @@ static int drm_master_check_perm(struct drm_device *dev, struct drm_file *file_priv) { if (file_priv->was_master && - rcu_access_pointer(file_priv->pid) == task_pid(current)) + rcu_access_pointer(file_priv->pid) == task_tgid(current)) return 0; if (!capable(CAP_SYS_ADMIN))

1 year, 12 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2023