March 2023 - Linux-stable-mirror

[PATCH 5.15 0/1] Request to cherry-pick 49c47cc21b5b to 5.15.y

by Meena Shanmugam

The commit 49c47cc21b5b (net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()) fixes race condition and use after free. This patch didn't apply cleanly in 5.15 kernel due to the added switch cases in do_tls_getsockopt_conf function. Hangyu Hua (1): net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() net/tls/tls_main.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) -- 2.40.0.348.gf938b09366-goog

2 years, 1 month

2
2
0 0

Work from Home, COMPANY REP NEEDED !

by Bleiholder Novak

Hello, I am reaching out to provide awareness for a part-time career. We are currently sourcing for representatives in Europe to work from home to act as our company's regional business representative in that region. It will by no means interfere with your current job or business. Kindly email me for detailed information. Regards, Bleiholder Novak

2 years, 1 month

1
0
0 0

[PATCH 06/10] drm/msm: fix vram leak on bind errors

by Johan Hovold

Make sure to release the VRAM buffer also in a case a subcomponent fails to bind. Fixes: d863f0c7b536 ("drm/msm: Call msm_init_vram before binding the gpu") Cc: stable(a)vger.kernel.org # 5.11 Cc: Craig Tatlor <ctatlor97(a)gmail.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/gpu/drm/msm/msm_drv.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c index 89634159ad75..41cc6cd690cd 100644 --- a/drivers/gpu/drm/msm/msm_drv.c +++ b/drivers/gpu/drm/msm/msm_drv.c @@ -51,6 +51,8 @@ #define MSM_VERSION_MINOR 10 #define MSM_VERSION_PATCHLEVEL 0 +static void msm_deinit_vram(struct drm_device *ddev); + static const struct drm_mode_config_funcs mode_config_funcs = { .fb_create = msm_framebuffer_create, .output_poll_changed = drm_fb_helper_output_poll_changed, @@ -260,12 +262,7 @@ static int msm_drm_uninit(struct device *dev) if (kms && kms->funcs) kms->funcs->destroy(kms); - if (priv->vram.paddr) { - unsigned long attrs = DMA_ATTR_NO_KERNEL_MAPPING; - drm_mm_takedown(&priv->vram.mm); - dma_free_attrs(dev, priv->vram.size, NULL, - priv->vram.paddr, attrs); - } + msm_deinit_vram(ddev); component_unbind_all(dev, ddev); @@ -403,6 +400,19 @@ static int msm_init_vram(struct drm_device *dev) return ret; } +static void msm_deinit_vram(struct drm_device *ddev) +{ + struct msm_drm_private *priv = ddev->dev_private; + unsigned long attrs = DMA_ATTR_NO_KERNEL_MAPPING; + + if (!priv->vram.paddr) + return; + + drm_mm_takedown(&priv->vram.mm); + dma_free_attrs(ddev->dev, priv->vram.size, NULL, priv->vram.paddr, + attrs); +} + static int msm_drm_init(struct device *dev, const struct drm_driver *drv) { struct msm_drm_private *priv = dev_get_drvdata(dev); @@ -449,7 +459,7 @@ static int msm_drm_init(struct device *dev, const struct drm_driver *drv) /* Bind all our sub-components: */ ret = component_bind_all(dev, ddev); if (ret) - goto err_put_dev; + goto err_deinit_vram; dma_set_max_seg_size(dev, UINT_MAX); @@ -547,6 +557,8 @@ static int msm_drm_init(struct device *dev, const struct drm_driver *drv) return ret; +err_deinit_vram: + msm_deinit_vram(ddev); err_put_dev: drm_dev_put(ddev); -- 2.39.2

2 years, 1 month

2
1
0 0

[PATCH 05/10] drm/msm: fix drm device leak on bind errors

by Johan Hovold

Make sure to free the DRM device also in case of early errors during bind(). Fixes: 2027e5b3413d ("drm/msm: Initialize MDSS irq domain at probe time") Cc: stable(a)vger.kernel.org # 5.17 Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/gpu/drm/msm/msm_drv.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c index 2f2bcdb671d2..89634159ad75 100644 --- a/drivers/gpu/drm/msm/msm_drv.c +++ b/drivers/gpu/drm/msm/msm_drv.c @@ -444,12 +444,12 @@ static int msm_drm_init(struct device *dev, const struct drm_driver *drv) ret = msm_init_vram(ddev); if (ret) - return ret; + goto err_put_dev; /* Bind all our sub-components: */ ret = component_bind_all(dev, ddev); if (ret) - return ret; + goto err_put_dev; dma_set_max_seg_size(dev, UINT_MAX); @@ -544,6 +544,12 @@ static int msm_drm_init(struct device *dev, const struct drm_driver *drv) err_msm_uninit: msm_drm_uninit(dev); + + return ret; + +err_put_dev: + drm_dev_put(ddev); + return ret; } -- 2.39.2

2 years, 1 month

3
3
0 0

+ mm-hugetlb-fix-uffd-wr-protection-for-cow-optimization-path-v3.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm-hugetlb-fix-uffd-wr-protection-for-cow-optimization-path-v3 has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-fix-uffd-wr-protection-for-cow-optimization-path-v3.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm-hugetlb-fix-uffd-wr-protection-for-cow-optimization-path-v3 Date: Fri, 24 Mar 2023 10:26:20 -0400 Link: https://lkml.kernel.org/r/20230324142620.2344140-1-peterx@redhat.com Reported-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: linux-stable <stable(a)vger.kernel.org> Fixes: 166f3ecc0daf ("mm/hugetlb: hook page faults for uffd write protection") Signed-off-by: Peter Xu <peterx(a)redhat.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-uffd-wr-protection-for-cow-optimization-path-v3 +++ a/mm/hugetlb.c @@ -5491,11 +5491,11 @@ static vm_fault_t hugetlb_wp(struct mm_s * Never handle CoW for uffd-wp protected pages. It should be only * handled when the uffd-wp protection is removed. * - * Note that only the CoW optimization path can trigger this and - * got skipped, because hugetlb_fault() will always resolve uffd-wp - * bit first. + * Note that only the CoW optimization path (in hugetlb_no_page()) + * can trigger this, because hugetlb_fault() will always resolve + * uffd-wp bit first. */ - if (huge_pte_uffd_wp(pte)) + if (!unshare && huge_pte_uffd_wp(pte)) return 0; /* _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-hugetlb-fix-uffd-wr-protection-for-cow-optimization-path.patch mm-hugetlb-fix-uffd-wr-protection-for-cow-optimization-path-v2.patch mm-hugetlb-fix-uffd-wr-protection-for-cow-optimization-path-v3.patch mm-khugepaged-alloc_charge_hpage-take-care-of-mem-charge-errors.patch mm-khugepaged-cleanup-memcg-uncharge-for-failure-path.patch mm-uffd-uffd_feature_wp_unpopulated.patch mm-uffd-uffd_feature_wp_unpopulated-fix.patch selftests-mm-smoke-test-uffd_feature_wp_unpopulated.patch mm-thp-rename-transparent_hugepage_never_dax-to-_unsupported.patch mm-thp-rename-transparent_hugepage_never_dax-to-_unsupported-fix.patch

2 years, 1 month

1
0
0 0

[PATCH v2] module: Don't wait for GOING modules

by Petr Pavlu

During a system boot, it can happen that the kernel receives a burst of requests to insert the same module but loading it eventually fails during its init call. For instance, udev can make a request to insert a frequency module for each individual CPU when another frequency module is already loaded which causes the init function of the new module to return an error. Since commit 6e6de3dee51a ("kernel/module.c: Only return -EEXIST for modules that have finished loading"), the kernel waits for modules in MODULE_STATE_GOING state to finish unloading before making another attempt to load the same module. This creates unnecessary work in the described scenario and delays the boot. In the worst case, it can prevent udev from loading drivers for other devices and might cause timeouts of services waiting on them and subsequently a failed boot. This patch attempts a different solution for the problem 6e6de3dee51a was trying to solve. Rather than waiting for the unloading to complete, it returns a different error code (-EBUSY) for modules in the GOING state. This should avoid the error situation that was described in 6e6de3dee51a (user space attempting to load a dependent module because the -EEXIST error code would suggest to user space that the first module had been loaded successfully), while avoiding the delay situation too. Fixes: 6e6de3dee51a ("kernel/module.c: Only return -EEXIST for modules that have finished loading") Co-developed-by: Martin Wilck <mwilck(a)suse.com> Signed-off-by: Martin Wilck <mwilck(a)suse.com> Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> Cc: stable(a)vger.kernel.org --- Changes since v1 [1]: - Don't attempt a new module initialization when a same-name module completely disappeared while waiting on it, which means it went through the GOING state implicitly already. [1] https://lore.kernel.org/linux-modules/20221123131226.24359-1-petr.pavlu@sus… kernel/module/main.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index d02d39c7174e..7a627345d4fd 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2386,7 +2386,8 @@ static bool finished_loading(const char *name) sched_annotate_sleep(); mutex_lock(&module_mutex); mod = find_module_all(name, strlen(name), true); - ret = !mod || mod->state == MODULE_STATE_LIVE; + ret = !mod || mod->state == MODULE_STATE_LIVE + || mod->state == MODULE_STATE_GOING; mutex_unlock(&module_mutex); return ret; @@ -2562,20 +2563,35 @@ static int add_unformed_module(struct module *mod) mod->state = MODULE_STATE_UNFORMED; -again: mutex_lock(&module_mutex); old = find_module_all(mod->name, strlen(mod->name), true); if (old != NULL) { - if (old->state != MODULE_STATE_LIVE) { + if (old->state == MODULE_STATE_COMING + || old->state == MODULE_STATE_UNFORMED) { /* Wait in case it fails to load. */ mutex_unlock(&module_mutex); err = wait_event_interruptible(module_wq, finished_loading(mod->name)); if (err) goto out_unlocked; - goto again; + + /* The module might have gone in the meantime. */ + mutex_lock(&module_mutex); + old = find_module_all(mod->name, strlen(mod->name), + true); } - err = -EEXIST; + + /* + * We are here only when the same module was being loaded. Do + * not try to load it again right now. It prevents long delays + * caused by serialized module load failures. It might happen + * when more devices of the same type trigger load of + * a particular module. + */ + if (old && old->state == MODULE_STATE_LIVE) + err = -EEXIST; + else + err = -EBUSY; goto out; } mod_update_bounds(mod); -- 2.35.3

2 years, 1 month

5
30
0 0

[PATCH v2 1/2] phy: qcom-qmp-pcie: sc8180x PCIe PHY has 2 lanes

by Dmitry Baryshkov

All PCIe PHYs on sc8180x platform have 2 lanes, so change the number of lanes to 2. Fixes: f839f14e24f2 ("phy: qcom-qmp: Add sc8180x PCIe support") Cc: stable(a)vger.kernel.org # 5.15 Sgned-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Changes since v1: - Fixed the Fixes tag according to Johan's recommendation - Added cc stable. --- drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c index d671748bc097..c39c8a680166 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c @@ -2198,7 +2198,7 @@ static const struct qmp_phy_cfg msm8998_pciephy_cfg = { }; static const struct qmp_phy_cfg sc8180x_pciephy_cfg = { - .lanes = 1, + .lanes = 2, .tbls = { .serdes = sc8180x_qmp_pcie_serdes_tbl, -- 2.30.2

2 years, 1 month

1
0
0 0

[PATCH 4.19 000/252] 4.19.276-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.276 release. There are 252 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 12 Mar 2023 13:36:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.276-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.276-rc1 Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: intel: powerclamp: Fix cur_state for multi package system Eric Biggers <ebiggers(a)google.com> f2fs: fix cgroup writeback accounting with fs-layer encryption Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix race condition with usb_kill_urb Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Provide sync and async uvc_ctrl_status_event Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix listen() regression in 4.19.270 Vasily Gorbik <gor(a)linux.ibm.com> s390/setup: init jump labels before command line parsing Vasily Gorbik <gor(a)linux.ibm.com> s390/maccess: add no DAT mode to kernel_write Nguyen Dinh Phi <phind.uet(a)gmail.com> Bluetooth: hci_sock: purge socket queues in the destruct() callback Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> phy: rockchip-typec: Fix unsigned comparison with less than zero Daniel Scally <dan.scally(a)ideasonboard.com> usb: uvc: Enumerate valid values for color matching Kees Cook <keescook(a)chromium.org> USB: ene_usb6250: Allocate enough memory for full object Kees Cook <keescook(a)chromium.org> usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() Yulong Zhang <yulong.zhang(a)metoak.net> tools/iio/iio_utils:fix memory leak Alexander Usyskin <alexander.usyskin(a)intel.com> mei: bus-fixup:upon error print return values of send and receive Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: disable the CTS when send break signal Sven Schnelle <svens(a)linux.ibm.com> tty: fix out-of-bounds access in tty_driver_lookup_tty() Kees Cook <keescook(a)chromium.org> media: uvcvideo: Silence memcpy() run-time false positive warnings Guenter Roeck <linux(a)roeck-us.net> media: uvcvideo: Handle errors from calls to usb_string Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Handle cameras with invalid descriptors Darrell Kavanagh <darrell.kavanagh(a)gmail.com> firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 Jia-Ju Bai <baijiaju1990(a)gmail.com> tracing: Add NULL checks for buffer in ring_buffer_free_read_page() Dan Carpenter <error27(a)gmail.com> thermal: intel: quark_dts: fix error pointer dereference Arnd Bergmann <arnd(a)arndb.de> scsi: ipr: Work around fortify-string warning George Kennedy <george.kennedy(a)oracle.com> vc_screen: modify vcs_size() handling in vcs_read() Eric Dumazet <edumazet(a)google.com> tcp: tcp_check_req() can be called from process context Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: spear320-hmi: correct STMPE GPIO compatible Fedor Pchelkin <pchelkin(a)ispras.ru> nfc: fix memory leak of se_io context in nfc_genl_se_io Zhengchao Shao <shaozhengchao(a)huawei.com> 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() Juergen Gross <jgross(a)suse.com> 9p/xen: fix connection sequence Juergen Gross <jgross(a)suse.com> 9p/xen: fix version parsing Eric Dumazet <edumazet(a)google.com> net: fix __dev_kfree_skb_any() vs drop monitor Hangyu Hua <hbh25y(a)gmail.com> netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() Li Hua <hucool.lihua(a)huawei.com> watchdog: pcwd_usb: Fix attempting to access uninitialized memory Chen Jun <chenjun102(a)huawei.com> watchdog: Fix kmemleak in watchdog_cdev_register ruanjinjie <ruanjinjie(a)huawei.com> watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path Ammar Faizi <ammarfaizi2(a)gnuweeb.org> x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_writepage: Mark page dirty after writing inode failed Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: dirty_cow_znode: Fix memleak in error handling path Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Re-statistic cleaned znode count if commit failed Yang Yingliang <yangyingliang(a)huawei.com> ubi: Fix possible null-ptr-deref in ubi_free_volume() Li Zetao <lizetao1(a)huawei.com> ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() Li Zetao <lizetao1(a)huawei.com> ubi: Fix use-after-free when volume resizing failed Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Reserve one leb for each journal head while doing budget Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Fix wrong dirty space budget for dirty inode Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Rectify space budget for ubifs_xrename() Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted George Kennedy <george.kennedy(a)oracle.com> ubi: ensure that VID header offset + VID header size <= alloc, size Xiang Yang <xiangyang3(a)huawei.com> um: vector: Fix memory leak in vector_config Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> pwm: stm32-lp: fix the check on arr and cmp registers update Liu Shixin via Jfs-discussion <jfs-discussion(a)lists.sourceforge.net> fs/jfs: fix shift exponent db_agl2size negative Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire tcindex classifier Dmitry Goncharov <dgoncharov(a)users.sf.net> kbuild: Port silent mode detection to future gnu make. Arnd Bergmann <arnd(a)arndb.de> wifi: ath9k: use proper statements in conditionals Mark Hawrylak <mark.hawrylak(a)gmail.com> drm/radeon: Fix eDP for single-display iMac11,2 Damien Le Moal <damien.lemoal(a)opensource.wdc.com> PCI: Avoid FLR for AMD FCH AHCI adapters Tomas Henzl <thenzl(a)redhat.com> scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() Tomas Henzl <thenzl(a)redhat.com> scsi: ses: Fix possible desc_ptr out-of-bounds accesses Tomas Henzl <thenzl(a)redhat.com> scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Tomas Henzl <thenzl(a)redhat.com> scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() James Bottomley <jejb(a)linux.ibm.com> scsi: ses: Don't attach if enclosure has no components Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix erroneous link down Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix link failure in NPIV environment Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Add RUN_TIMEOUT option with default unlimited Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Fix missing "end_monitor" when machine check fails Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Give back console on Ctrt^C on monitor Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu3-cio2: Fix PM runtime usage_count in driver unbind Elvira Khabirova <lineprinter0(a)gmail.com> mips: fix syscall_get_nr Al Viro <viro(a)zeniv.linux.org.uk> alpha: fix FEN fault handling Ilya Dryomov <idryomov(a)gmail.com> rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: exynos: correct TMU phandle in Odroid XU Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: exynos: correct TMU phandle in Exynos4 Mikulas Patocka <mpatocka(a)redhat.com> dm flakey: don't corrupt the zero page Mikulas Patocka <mpatocka(a)redhat.com> dm flakey: fix logic when corrupting a bio Alexander Wetzel <alexander(a)wetzel-home.de> wifi: cfg80211: Fix use after free for wext Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Use a longer retry limit of 48 Jun Nie <jun.nie(a)linaro.org> ext4: refuse to create ea block when umounted Jun Nie <jun.nie(a)linaro.org> ext4: optimize ea_inode block expansion Dmitry Fomin <fomindmitriyfoma(a)mail.ru> ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() Johan Hovold <johan+linaro(a)kernel.org> irqdomain: Drop bogus fwspec-mapping error handling Johan Hovold <johan+linaro(a)kernel.org> irqdomain: Fix disassociation race Johan Hovold <johan+linaro(a)kernel.org> irqdomain: Fix association race Roberto Sassu <roberto.sassu(a)huawei.com> ima: Align ima_file_mmap() parameters with mmap_file LSM hook KP Singh <kpsingh(a)kernel.org> Documentation/hw-vuln: Document the interaction between IBRS and STIBP KP Singh <kpsingh(a)kernel.org> x86/speculation: Allow enabling STIBP with legacy IBRS Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Fix mixed steppings support Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add a @cpu parameter to the reloading functions Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter Yang Jihong <yangjihong1(a)huawei.com> x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range Yang Jihong <yangjihong1(a)huawei.com> x86/kprobes: Fix __recover_optprobed_insn check optimizing logic Sean Christopherson <seanjc(a)google.com> x86/reboot: Disable SVM, not just VMX, when stopping CPUs Sean Christopherson <seanjc(a)google.com> x86/reboot: Disable virtualization in an emergency if SVM is supported Sean Christopherson <seanjc(a)google.com> x86/crash: Disable virt in core NMI crash handler to avoid double shootdown Sean Christopherson <seanjc(a)google.com> x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) Jan Kara <jack(a)suse.cz> udf: Fix file corruption when appending just after end of preallocated extent Jan Kara <jack(a)suse.cz> udf: Do not update file length for failed writes to inline files Jan Kara <jack(a)suse.cz> udf: Do not bother merging very long extents Jan Kara <jack(a)suse.cz> udf: Truncate added extents on failed expansion Heming Zhao via Ocfs2-devel <ocfs2-devel(a)oss.oracle.com> ocfs2: fix non-auto defrag path not working issue Heming Zhao via Ocfs2-devel <ocfs2-devel(a)oss.oracle.com> ocfs2: fix defrag path triggering jbd2 ASSERT Eric Biggers <ebiggers(a)google.com> f2fs: fix information leak in f2fs_move_inline_dirents() Dongliang Mu <mudongliangabcd(a)gmail.com> fs: hfsplus: fix UAF issue in hfsplus_put_super Liu Shixin <liushixin2(a)huawei.com> hfs: fix missing hfs_bnode_get() in __hfs_bnode_create Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: exynos: correct HDMI phy compatible in Exynos4 Vasily Gorbik <gor(a)linux.ibm.com> s390/kprobes: fix current_kprobe never cleared after kprobes reenter Vasily Gorbik <gor(a)linux.ibm.com> s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler Ilya Leoshkevich <iii(a)linux.ibm.com> s390: discard .interp section Johan Hovold <johan+linaro(a)kernel.org> rtc: pm8xxx: fix set-alarm race Alper Nebi Yasak <alpernebiyasak(a)gmail.com> firmware: coreboot: framebuffer: Ignore reserved pixel color bits Jun ASAKA <JunASAKA(a)zzy040330.moe> wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu Mike Snitzer <snitzer(a)kernel.org> dm cache: add cond_resched() to various workqueue loops Mike Snitzer <snitzer(a)kernel.org> dm thin: add cond_resched() to various workqueue loops Claudiu Beznea <claudiu.beznea(a)microchip.com> pinctrl: at91: use devm_kasprintf() to avoid potential leaks Kees Cook <keescook(a)chromium.org> regulator: s5m8767: Bounds check id indexing into arrays Kees Cook <keescook(a)chromium.org> regulator: max77802: Bounds check regulator id against opmode Kees Cook <keescook(a)chromium.org> ASoC: kirkwood: Iterate over array indexes instead of using pointer math Jakob Koschel <jkl820.git(a)gmail.com> docs/scripts/gdb: add necessary make scripts_gdb step Jiasheng Jiang <jiasheng(a)iscas.ac.cn> drm/msm/dsi: Add missing check for alloc_ordered_workqueue Liwei Song <liwei.song(a)windriver.com> drm/radeon: free iio for atombios when driver shutdown Roman Li <roman.li(a)amd.com> drm/amd/display: Fix potential null-deref in dm_resume Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer: Fix debug print Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Fix Lenovo Ideapad Z570 DMI match Michael Schmitz <schmitzmic(a)gmail.com> m68k: Check syscall_trace_enter() return code Florian Fainelli <f.fainelli(a)gmail.com> net: bcmgenet: Add a check for oversized packets Mark Rutland <mark.rutland(a)arm.com> ACPI: Don't build ACPICA with '-Os' Pietro Borrello <borrello(a)diag.uniroma1.it> inet: fix fast path in __inet_hash_connect() Jisoo Jang <jisoo.jang(a)yonsei.ac.kr> wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Breno Leitao <leitao(a)debian.org> x86/bugs: Reset speculation control settings on init Jann Horn <jannh(a)google.com> timers: Prevent union confusion from unexpected restart_syscall() Yang Li <yang.lee(a)linux.alibaba.com> thermal: intel: Fix unsigned comparison with less than zero Paul E. McKenney <paulmck(a)kernel.org> rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() Jisoo Jang <jisoo.jang(a)yonsei.ac.kr> wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() Markuss Broks <markuss.broks(a)gmail.com> ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy Jan Kara <jack(a)suse.cz> udf: Define EFSCORRUPTED error code Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Avoid infinite loop on intent for missing channel Duoming Zhou <duoming(a)zju.edu.cn> media: usb: siano: Fix use after free bugs caused by do_submit_urb Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: i2c: ov7670: 0 instead of -EINVAL was returned Duoming Zhou <duoming(a)zju.edu.cn> media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() Yuan Can <yuancan(a)huawei.com> media: i2c: ov772x: Fix memleak in ov772x_probe() Nathan Chancellor <nathan(a)kernel.org> powerpc: Remove linker flag from KBUILD_AFLAGS Jiasheng Jiang <jiasheng(a)iscas.ac.cn> media: platform: ti: Add missing check for devm_regulator_get Randy Dunlap <rdunlap(a)infradead.org> MIPS: vpe-mt: drop physical_memsize Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: ensure 4KB alignment for rtas_data_buf Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: make all exports GPL Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/lparcfg: add missing RTAS retry status handling Chen-Yu Tsai <wenst(a)chromium.org> clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() Frederic Barrat <fbarrat(a)linux.ibm.com> powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - don't check penirq immediately for 7845 Luca Ellero <l.ellero(a)asem.it> Input: ads7846 - don't report pressure for ads7845 Samuel Holland <samuel(a)sholland.org> mtd: rawnand: sunxi: Fix the size of the last OOB region Qiheng Lin <linqiheng(a)huawei.com> mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix bash specific "==" operator Randy Dunlap <rdunlap(a)infradead.org> sparc: allow PM configs for sparc32 COMPILE_TEST Yicong Yang <yangyicong(a)hisilicon.com> perf tools: Fix auto-complete on aarch64 Ian Rogers <irogers(a)google.com> perf llvm: Fix inadvertent file creation Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: jdata writepage fix Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix warning and UAF when destroy the MR list Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix lost destroy smbd connection when MR allocate failed Benjamin Coddington <bcodding(a)redhat.com> nfsd: fix race to check ls_layouts Mike Snitzer <snitzer(a)kernel.org> dm: remove flush_scheduled_work() during local_exit() Vadim Pasternak <vadimp(a)nvidia.com> hwmon: (mlxreg-fan) Return zero speed for broken fan William Zhang <william.zhang(a)broadcom.com> spi: bcm63xx-hsspi: Fix multi-bit mode setting Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-hsspi: fix pm_runtime Jiasheng Jiang <jiasheng(a)iscas.ac.cn> scsi: aic94xx: Add missing check for dma_map_single() Jonathan Cormier <jcormier(a)criticallink.com> hwmon: (ltc2945) Handle error case in ltc2945_value_store Haibo Chen <haibo.chen(a)nxp.com> gpio: vf610: connect GPIO label to dev name Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/mediatek: Clean dangling pointer on bind error path Rob Clark <robdclark(a)chromium.org> drm/mediatek: Drop unbalanced obj unref Mikko Perttunen <mperttunen(a)nvidia.com> gpu: host1x: Don't skip assigning syncpoints to channels Jiasheng Jiang <jiasheng(a)iscas.ac.cn> drm/msm/dpu: Add check for pstates Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm: use strscpy instead of strncpy Daniel Mentz <danielmentz(a)google.com> drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness Alexey V. Vissarionov <gremlin(a)altlinux.org> ALSA: hda/ca0132: minor fix for allocation size Miaoqian Lin <linmq006(a)gmail.com> pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups Lee Jones <lee.jones(a)linaro.org> pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours Jiasheng Jiang <jiasheng(a)iscas.ac.cn> drm/msm/hdmi: Add missing check for alloc_ordered_workqueue Liang He <windhl(a)126.com> gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: dpi: Fix format mapping for RGB565 Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: dpi: Add option for inverting pixel clock and output enable Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> drm: Clarify definition of the DRM_BUS_FLAG_(PIXDATA|SYNC)_* macros Yuan Can <yuancan(a)huawei.com> drm/bridge: megachips: Fix error handling in i2c_register_driver() Geert Uytterhoeven <geert+renesas(a)glider.be> drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC Roxana Nicolescu <roxana.nicolescu(a)canonical.com> selftest: fib_tests: Always cleanup before exit Florian Fainelli <f.fainelli(a)gmail.com> irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts Florian Fainelli <f.fainelli(a)gmail.com> irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts Frank Jungclaus <frank.jungclaus(a)esd.eu> can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error Shayne Chen <shayne.chen(a)mediatek.com> wifi: mac80211: make rate u32 in sta_set_rate_info_rx() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: crypto4xx - Call dma_unmap_page when done Dan Carpenter <error27(a)gmail.com> wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> wifi: iwl4965: Add missing check for create_singlethread_workqueue() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> wifi: iwl3945: Add missing check for create_singlethread_workqueue Conor Dooley <conor.dooley(a)microchip.com> RISC-V: time: initialize hrtimer based broadcast clock event device Randy Dunlap <rdunlap(a)infradead.org> m68k: /proc/hardware should depend on PROC_FS Herbert Xu <herbert(a)gondor.apana.org.au> crypto: rsa-pkcs1pad - Use akcipher_request_complete Pietro Borrello <borrello(a)diag.uniroma1.it> rds: rds_rm_zerocopy_callback() correct order for list_add_tail() Ilya Leoshkevich <iii(a)linux.ibm.com> libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix potential user-after-free Miaoqian Lin <linmq006(a)gmail.com> irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe Miaoqian Lin <linmq006(a)gmail.com> irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains Jack Morgenstein <jackm(a)nvidia.com> net/mlx5: Enhance debug print in page allocation failure Yang Yingliang <yangyingliang(a)huawei.com> powercap: fix possible name leak in powercap_register_zone() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: seqiv - Handle EBUSY correctly Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Fix missing NUL-termination with large strings Minsuk Kang <linuxlovemin(a)yonsei.ac.kr> wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails Pavel Skripkin <paskripkin(a)gmail.com> ath9k: htc: clean up statistics macros Wan Jiabing <wanjiabing(a)vivo.com> ath9k: hif_usb: simplify if-if to if-else Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> wifi: orinoco: check return value of hermes_write_wordrec() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: nsrepair: handle cases without a return value correctly Herbert Xu <herbert(a)gondor.apana.org.au> lib/mpi: Fix buffer overrun when SG is too long Zhen Lei <thunder.leizhen(a)huawei.com> genirq: Fix the return type of kstat_cpu_irqs_sum() Mario Limonciello <mario.limonciello(a)amd.com> ACPICA: Drop port I/O validation for some regions Yang Yingliang <yangyingliang(a)huawei.com> wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() Yang Yingliang <yangyingliang(a)huawei.com> wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() Yang Yingliang <yangyingliang(a)huawei.com> wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() Yang Yingliang <yangyingliang(a)huawei.com> wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave() Yang Yingliang <yangyingliang(a)huawei.com> wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave() Zhengchao Shao <shaozhengchao(a)huawei.com> wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() Zhang Changzhong <zhangchangzhong(a)huawei.com> wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() Zhengchao Shao <shaozhengchao(a)huawei.com> wifi: ipw2200: fix memory leak in ipw_wdev_init() Yang Yingliang <yangyingliang(a)huawei.com> wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ipw2x00: switch from 'pci_' to 'dma_' API Li Zetao <lizetao1(a)huawei.com> wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() Arnd Bergmann <arnd(a)arndb.de> rtlwifi: fix -Wpointer-sign warning Yang Yingliang <yangyingliang(a)huawei.com> wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() Zhengchao Shao <shaozhengchao(a)huawei.com> wifi: libertas: fix memory leak in lbs_init_adapter() Yuan Can <yuancan(a)huawei.com> wifi: rsi: Fix memory leak in rsi_coex_attach() Martin K. Petersen <martin.petersen(a)oracle.com> block: bio-integrity: Copy flags when bio_integrity_payload is cloned Kemeng Shi <shikemeng(a)huaweicloud.com> blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: amlogic: meson-gx: add missing unit address to rng node name Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: meson-axg: enable SCPI Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name Angus Chen <angus.chen(a)jaguarmicro.com> ARM: imx: Call ida_simple_remove() for ida_simple_get Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato Yang Yingliang <yangyingliang(a)huawei.com> ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> arm64: dts: meson-gx: Fix Ethernet MAC address unit name Qiheng Lin <linqiheng(a)huawei.com> ARM: zynq: Fix refcount leak in zynq_early_slcr_init Chen Hui <judy.chenhui(a)huawei.com> ARM: OMAP2+: Fix memory leak in realtime_counter_init() Pietro Borrello <borrello(a)diag.uniroma1.it> HID: asus: use spinlock to safely schedule workers Pietro Borrello <borrello(a)diag.uniroma1.it> HID: asus: use spinlock to protect concurrent accesses Luke D. Jones <luke(a)ljones.dev> HID: asus: Remove check for same LED brightness on set ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 21 +- Documentation/dev-tools/gdb-kernel-debugging.rst | 4 + Makefile | 17 +- arch/alpha/kernel/traps.c | 30 +- arch/arm/boot/dts/exynos3250-rinato.dts | 2 +- arch/arm/boot/dts/exynos4-cpu-thermal.dtsi | 2 +- arch/arm/boot/dts/exynos4.dtsi | 2 +- arch/arm/boot/dts/exynos5410-odroidxu.dts | 1 - arch/arm/boot/dts/exynos5420.dtsi | 2 +- arch/arm/boot/dts/spear320-hmi.dts | 2 +- arch/arm/mach-imx/mmdc.c | 24 +- arch/arm/mach-omap1/timer.c | 2 +- arch/arm/mach-omap2/timer.c | 1 + arch/arm/mach-zynq/slcr.c | 1 + arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 26 + arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 6 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 1 + arch/m68k/68000/entry.S | 2 + arch/m68k/Kconfig.devices | 1 + arch/m68k/coldfire/entry.S | 2 + arch/m68k/kernel/entry.S | 3 + arch/mips/include/asm/syscall.h | 2 +- arch/mips/include/asm/vpe.h | 1 - arch/mips/kernel/vpe-mt.c | 7 +- arch/mips/lantiq/prom.c | 6 - arch/powerpc/Makefile | 2 +- arch/powerpc/kernel/rtas.c | 24 +- arch/powerpc/platforms/powernv/pci-ioda.c | 3 +- arch/powerpc/platforms/pseries/lparcfg.c | 20 +- arch/riscv/kernel/time.c | 3 + arch/s390/kernel/kprobes.c | 4 +- arch/s390/kernel/setup.c | 1 + arch/s390/kernel/vmlinux.lds.S | 1 + arch/s390/mm/maccess.c | 16 +- arch/sparc/Kconfig | 2 +- arch/um/drivers/vector_kern.c | 1 + arch/x86/include/asm/microcode.h | 4 +- arch/x86/include/asm/microcode_amd.h | 4 +- arch/x86/include/asm/msr-index.h | 4 + arch/x86/include/asm/reboot.h | 2 + arch/x86/include/asm/virtext.h | 16 +- arch/x86/kernel/cpu/bugs.c | 35 +- arch/x86/kernel/cpu/microcode/amd.c | 53 +- arch/x86/kernel/cpu/microcode/core.c | 6 +- arch/x86/kernel/crash.c | 17 +- arch/x86/kernel/kprobes/opt.c | 6 +- arch/x86/kernel/reboot.c | 88 ++- arch/x86/kernel/smp.c | 6 +- arch/x86/kernel/sysfb_efi.c | 8 + arch/x86/um/vdso/um_vdso.c | 12 +- block/bio-integrity.c | 1 + block/blk-mq-sched.c | 3 +- crypto/rsa-pkcs1pad.c | 34 +- crypto/seqiv.c | 2 +- drivers/acpi/acpica/Makefile | 2 +- drivers/acpi/acpica/hwvalid.c | 7 +- drivers/acpi/acpica/nsrepair.c | 12 +- drivers/acpi/battery.c | 2 +- drivers/acpi/video_detect.c | 2 +- drivers/block/rbd.c | 20 +- drivers/clk/clk.c | 11 + drivers/crypto/amcc/crypto4xx_core.c | 10 +- drivers/firmware/google/framebuffer-coreboot.c | 4 +- drivers/gpio/gpio-vf610.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +- .../drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 6 +- drivers/gpu/drm/drm_mipi_dsi.c | 52 ++ drivers/gpu/drm/mediatek/mtk_drm_drv.c | 1 + drivers/gpu/drm/mediatek/mtk_drm_gem.c | 2 - drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 2 + drivers/gpu/drm/msm/dsi/dsi_host.c | 3 + drivers/gpu/drm/msm/hdmi/hdmi.c | 4 + drivers/gpu/drm/msm/msm_fence.c | 2 +- drivers/gpu/drm/mxsfb/Kconfig | 1 + drivers/gpu/drm/radeon/atombios_encoders.c | 5 +- drivers/gpu/drm/radeon/radeon_device.c | 1 + drivers/gpu/drm/vc4/vc4_dpi.c | 66 +- drivers/gpu/host1x/hw/syncpt_hw.c | 3 - drivers/gpu/ipu-v3/ipu-common.c | 1 + drivers/hid/hid-asus.c | 38 +- drivers/hwmon/ltc2945.c | 2 + drivers/hwmon/mlxreg-fan.c | 6 + drivers/iio/accel/mma9551_core.c | 10 +- drivers/input/touchscreen/ads7846.c | 13 +- drivers/irqchip/irq-alpine-msi.c | 1 + drivers/irqchip/irq-bcm7120-l2.c | 3 +- drivers/irqchip/irq-brcmstb-l2.c | 6 +- drivers/irqchip/irq-mvebu-gicp.c | 1 + drivers/md/dm-cache-target.c | 4 + drivers/md/dm-flakey.c | 30 +- drivers/md/dm-thin.c | 2 + drivers/md/dm.c | 1 - drivers/media/i2c/ov7670.c | 2 +- drivers/media/i2c/ov772x.c | 3 +- drivers/media/pci/intel/ipu3/ipu3-cio2.c | 3 + drivers/media/platform/omap3isp/isp.c | 9 + drivers/media/rc/ene_ir.c | 3 +- drivers/media/usb/siano/smsusb.c | 1 + drivers/media/usb/uvc/uvc_ctrl.c | 30 +- drivers/media/usb/uvc/uvc_driver.c | 48 +- drivers/media/usb/uvc/uvc_entity.c | 2 +- drivers/media/usb/uvc/uvc_status.c | 40 +- drivers/media/usb/uvc/uvc_video.c | 4 +- drivers/media/usb/uvc/uvcvideo.h | 5 +- drivers/mfd/pcf50633-adc.c | 7 +- drivers/misc/mei/bus-fixup.c | 8 +- drivers/mtd/nand/raw/sunxi_nand.c | 2 +- drivers/mtd/ubi/build.c | 7 + drivers/mtd/ubi/vmt.c | 18 +- drivers/mtd/ubi/wl.c | 25 +- drivers/net/can/usb/esd_usb2.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 + .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +- .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 3 +- drivers/net/wireless/ath/ath9k/hif_usb.c | 60 +- drivers/net/wireless/ath/ath9k/htc.h | 32 +- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 10 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 4 +- drivers/net/wireless/ath/ath9k/wmi.c | 1 + .../wireless/broadcom/brcm80211/brcmfmac/common.c | 7 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 1 + .../wireless/broadcom/brcm80211/brcmfmac/msgbuf.c | 5 +- drivers/net/wireless/intel/ipw2x00/ipw2100.c | 121 ++-- drivers/net/wireless/intel/ipw2x00/ipw2200.c | 67 +- drivers/net/wireless/intel/iwlegacy/3945-mac.c | 16 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 12 +- drivers/net/wireless/intersil/orinoco/hw.c | 2 + drivers/net/wireless/marvell/libertas/cmdresp.c | 2 +- drivers/net/wireless/marvell/libertas/if_usb.c | 2 +- drivers/net/wireless/marvell/libertas/main.c | 3 +- drivers/net/wireless/marvell/libertas_tf/if_usb.c | 2 +- drivers/net/wireless/marvell/mwifiex/11n.c | 6 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c | 5 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 11 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 91 ++- .../net/wireless/realtek/rtlwifi/rtl8821ae/table.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/table.h | 4 +- drivers/net/wireless/rsi/rsi_91x_coex.c | 1 + drivers/net/wireless/wl3501_cs.c | 2 +- drivers/nfc/st-nci/se.c | 6 + drivers/nfc/st21nfca/se.c | 6 + drivers/pci/quirks.c | 1 + drivers/phy/rockchip/phy-rockchip-typec.c | 3 +- drivers/pinctrl/pinctrl-at91-pio4.c | 4 +- drivers/pinctrl/pinctrl-at91.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 23 +- drivers/powercap/powercap_sys.c | 14 +- drivers/pwm/pwm-stm32-lp.c | 2 +- drivers/regulator/max77802-regulator.c | 34 +- drivers/regulator/s5m8767.c | 6 +- drivers/rpmsg/qcom_glink_native.c | 1 + drivers/rtc/rtc-pm8xxx.c | 24 +- drivers/scsi/aic94xx/aic94xx_task.c | 3 + drivers/scsi/ipr.c | 41 +- drivers/scsi/qla2xxx/qla_os.c | 9 +- drivers/scsi/ses.c | 64 +- drivers/spi/spi-bcm63xx-hsspi.c | 20 +- drivers/thermal/intel_powerclamp.c | 20 +- drivers/thermal/intel_quark_dts_thermal.c | 12 +- drivers/thermal/intel_soc_dts_iosf.c | 2 +- drivers/tty/serial/fsl_lpuart.c | 24 +- drivers/tty/tty_io.c | 8 +- drivers/tty/vt/vc_screen.c | 4 +- drivers/usb/host/xhci-mvebu.c | 2 +- drivers/usb/storage/ene_ub6250.c | 2 +- drivers/watchdog/at91sam9_wdt.c | 7 +- drivers/watchdog/pcwd_usb.c | 6 +- drivers/watchdog/watchdog_dev.c | 2 +- fs/cifs/smbdirect.c | 4 +- fs/ext4/xattr.c | 35 +- fs/f2fs/data.c | 4 +- fs/f2fs/inline.c | 13 +- fs/gfs2/aops.c | 3 +- fs/hfs/bnode.c | 1 + fs/hfsplus/super.c | 4 +- fs/jfs/jfs_dmap.c | 3 +- fs/nfsd/nfs4layouts.c | 4 +- fs/ocfs2/move_extents.c | 34 +- fs/ubifs/budget.c | 9 +- fs/ubifs/dir.c | 13 +- fs/ubifs/file.c | 12 +- fs/ubifs/tnc.c | 24 +- fs/udf/file.c | 26 +- fs/udf/inode.c | 58 +- fs/udf/udf_sb.h | 2 + include/drm/drm_connector.h | 36 +- include/drm/drm_mipi_dsi.h | 4 + include/linux/ima.h | 6 +- include/linux/kernel_stat.h | 2 +- include/linux/kprobes.h | 2 + include/uapi/linux/usb/video.h | 30 + include/uapi/linux/uvcvideo.h | 2 +- kernel/irq/irqdomain.c | 31 +- kernel/kprobes.c | 6 +- kernel/rcu/tree_exp.h | 2 + kernel/time/hrtimer.c | 2 + kernel/time/posix-stubs.c | 2 + kernel/time/posix-timers.c | 2 + kernel/trace/ring_buffer.c | 7 +- lib/mpi/mpicoder.c | 3 +- net/9p/trans_rdma.c | 15 +- net/9p/trans_xen.c | 48 +- net/bluetooth/hci_sock.c | 11 +- net/bluetooth/l2cap_core.c | 24 - net/bluetooth/l2cap_sock.c | 8 + net/core/dev.c | 4 +- net/ipv4/inet_connection_sock.c | 1 + net/ipv4/inet_hashtables.c | 12 +- net/ipv4/tcp_minisocks.c | 7 +- net/mac80211/sta_info.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 5 +- net/nfc/netlink.c | 4 + net/rds/message.c | 2 +- net/sched/Kconfig | 11 - net/sched/Makefile | 1 - net/sched/cls_tcindex.c | 698 --------------------- net/wireless/sme.c | 31 +- security/integrity/ima/ima_main.c | 7 +- security/security.c | 7 +- sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/ice1712/aureon.c | 2 +- sound/soc/kirkwood/kirkwood-dma.c | 2 +- sound/soc/soc-compress.c | 2 +- tools/iio/iio_utils.c | 23 +- tools/lib/bpf/nlattr.c | 2 +- tools/perf/perf-completion.sh | 11 +- tools/perf/util/llvm-utils.c | 25 +- tools/testing/ktest/ktest.pl | 26 +- tools/testing/ktest/sample.conf | 5 + .../ftrace/test.d/ftrace/func_event_triggers.tc | 2 +- tools/testing/selftests/net/fib_tests.sh | 2 + 232 files changed, 1671 insertions(+), 1666 deletions(-)

2 years, 1 month

6
259
0 0

[PATCH] drm/nouveau/gr: enable memory loads on helper invocation on all channels

by Karol Herbst

We have a lurking bug where Fragment Shader Helper Invocations can't load from memory. But this is actually required in OpenGL and is causing random hangs or failures in random shaders. It is unknown how widespread this issue is, but shaders hitting this can end up with infinite loops. We enable those only on all Kepler and newer GPUs where we use our own Firmware. Nvidia's firmware provides a way to set a kernelspace controlled list of mmio registers in the gr space from push buffers via MME macros. Cc: Ben Skeggs <bskeggs(a)redhat.com> Cc: David Airlie <airlied(a)gmail.com> Cc: nouveau(a)lists.freedesktop.org Cc: stable(a)vger.kernel.org Signed-off-by: Karol Herbst <kherbst(a)redhat.com> --- drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.h | 2 ++ drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk104.c | 4 +++- drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110.c | 10 ++++++++++ drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110b.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk208.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm107.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm200.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp100.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp102.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp104.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp107.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgv100.c | 10 ++++++++++ 13 files changed, 35 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.c index cb390e0134a23..950ab7c82582f 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.c @@ -1332,6 +1332,8 @@ gf100_grctx_generate_floorsweep(struct gf100_gr *gr) func->gpc_tpc_nr(gr); if (func->r419f78) func->r419f78(gr); + if (func->r419ba4) + func->r419ba4(gr); if (func->tpc_mask) func->tpc_mask(gr); if (func->smid_config) diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.h b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.h index 00dbeda7e3464..f31303efbc0ff 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.h +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgf100.h @@ -57,6 +57,7 @@ struct gf100_grctx_func { void (*r406500)(struct gf100_gr *); void (*gpc_tpc_nr)(struct gf100_gr *); void (*r419f78)(struct gf100_gr *); + void (*r419ba4)(struct gf100_gr *); void (*tpc_mask)(struct gf100_gr *); void (*smid_config)(struct gf100_gr *); /* misc other things */ @@ -117,6 +118,7 @@ void gk104_grctx_generate_r418800(struct gf100_gr *); extern const struct gf100_grctx_func gk110_grctx; void gk110_grctx_generate_r419eb0(struct gf100_gr *); +void gk110_grctx_generate_r419f78(struct gf100_gr *); extern const struct gf100_grctx_func gk110b_grctx; extern const struct gf100_grctx_func gk208_grctx; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk104.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk104.c index 94233d0119dff..52a234b1ef010 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk104.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk104.c @@ -906,7 +906,9 @@ static void gk104_grctx_generate_r419f78(struct gf100_gr *gr) { struct nvkm_device *device = gr->base.engine.subdev.device; - nvkm_mask(device, 0x419f78, 0x00000001, 0x00000000); + + /* bit 3 set disables loads in fp helper invocations, we need it enabled */ + nvkm_mask(device, 0x419f78, 0x00000009, 0x00000000); } void diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110.c index 4391458e1fb2f..3acdd9eeb74a7 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110.c @@ -820,6 +820,15 @@ gk110_grctx_generate_r419eb0(struct gf100_gr *gr) nvkm_mask(device, 0x419eb0, 0x00001000, 0x00001000); } +void +gk110_grctx_generate_r419f78(struct gf100_gr *gr) +{ + struct nvkm_device *device = gr->base.engine.subdev.device; + + /* bit 3 set disables loads in fp helper invocations, we need it enabled */ + nvkm_mask(device, 0x419f78, 0x00000008, 0x00000000); +} + const struct gf100_grctx_func gk110_grctx = { .main = gf100_grctx_generate_main, @@ -854,4 +863,5 @@ gk110_grctx = { .gpc_tpc_nr = gk104_grctx_generate_gpc_tpc_nr, .r418800 = gk104_grctx_generate_r418800, .r419eb0 = gk110_grctx_generate_r419eb0, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110b.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110b.c index 7b9a34f9ec3c7..5597e87624acd 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110b.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk110b.c @@ -103,4 +103,5 @@ gk110b_grctx = { .gpc_tpc_nr = gk104_grctx_generate_gpc_tpc_nr, .r418800 = gk104_grctx_generate_r418800, .r419eb0 = gk110_grctx_generate_r419eb0, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk208.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk208.c index c78d07a8bb7df..612656496541d 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk208.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgk208.c @@ -568,4 +568,5 @@ gk208_grctx = { .dist_skip_table = gf117_grctx_generate_dist_skip_table, .gpc_tpc_nr = gk104_grctx_generate_gpc_tpc_nr, .r418800 = gk104_grctx_generate_r418800, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm107.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm107.c index beac66eb2a803..9906974ac3f07 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm107.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm107.c @@ -988,4 +988,5 @@ gm107_grctx = { .r406500 = gm107_grctx_generate_r406500, .gpc_tpc_nr = gk104_grctx_generate_gpc_tpc_nr, .r419e00 = gm107_grctx_generate_r419e00, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm200.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm200.c index 175da8ac656ce..839b706a86e86 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm200.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm200.c @@ -127,4 +127,5 @@ gm200_grctx = { .smid_config = gm200_grctx_generate_smid_config, .r418e94 = gm200_grctx_generate_r418e94, .r419a3c = gm200_grctx_generate_r419a3c, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp100.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp100.c index 8485aaeae7a92..068d36490d14c 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp100.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp100.c @@ -148,4 +148,5 @@ gp100_grctx = { .tpc_mask = gm200_grctx_generate_tpc_mask, .smid_config = gp100_grctx_generate_smid_config, .r419a3c = gm200_grctx_generate_r419a3c, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp102.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp102.c index 7537979a54927..18a5b3ca7d8c5 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp102.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp102.c @@ -122,4 +122,5 @@ gp102_grctx = { .smid_config = gp100_grctx_generate_smid_config, .r419a3c = gm200_grctx_generate_r419a3c, .r408840 = gp102_grctx_generate_r408840, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp104.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp104.c index 90b5f793e5676..5366f5b5ce80a 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp104.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp104.c @@ -47,4 +47,5 @@ gp104_grctx = { .tpc_mask = gm200_grctx_generate_tpc_mask, .smid_config = gp100_grctx_generate_smid_config, .r419a3c = gm200_grctx_generate_r419a3c, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp107.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp107.c index d191761a04711..d658ff1ce7bbc 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp107.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgp107.c @@ -55,4 +55,5 @@ gp107_grctx = { .tpc_mask = gm200_grctx_generate_tpc_mask, .smid_config = gp100_grctx_generate_smid_config, .r419a3c = gm200_grctx_generate_r419a3c, + .r419f78 = gk110_grctx_generate_r419f78, }; diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgv100.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgv100.c index 957ea9d6bad4b..dadc0ecd1722d 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgv100.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgv100.c @@ -192,6 +192,15 @@ gv100_grctx_unkn88c(struct gf100_gr *gr, bool on) nvkm_rd32(device, 0x408a14); } +static void +gv100_grctx_generate_r419ba4(struct gf100_gr *gr) +{ + struct nvkm_device *device = gr->base.engine.subdev.device; + + /* bit 3 set disables loads in fp helper invocations, we need it enabled */ + nvkm_mask(device, 0x419ba4, 0x00000008, 0x00000000); +} + const struct gf100_grctx_func gv100_grctx = { .unkn88c = gv100_grctx_unkn88c, @@ -219,4 +228,5 @@ gv100_grctx = { .gpc_tpc_nr = gk104_grctx_generate_gpc_tpc_nr, .smid_config = gp100_grctx_generate_smid_config, .r400088 = gv100_grctx_generate_r400088, + .r419ba4 = gv100_grctx_generate_r419ba4, }; -- 2.39.2

2 years, 1 month

1
0
0 0

[PATCH] mm/hugetlb: Fix uffd wr-protection for CoW optimization path

by Peter Xu

This patch fixes an issue that a hugetlb uffd-wr-protected mapping can be writable even with uffd-wp bit set. It only happens with all these conditions met: (1) hugetlb memory (2) private mapping (3) original mapping was missing, then (4) being wr-protected (IOW, pte marker installed). Then write to the page to trigger. Userfaultfd-wp trap for hugetlb was implemented in hugetlb_fault() before even reaching hugetlb_wp() to avoid taking more locks that userfault won't need. However there's one CoW optimization path for missing hugetlb page that can trigger hugetlb_wp() inside hugetlb_no_page(), that can bypass the userfaultfd-wp traps. A few ways to resolve this: (1) Skip the CoW optimization for hugetlb private mapping, considering that private mappings for hugetlb should be very rare, so it may not really be helpful to major workloads. The worst case is we only skip the optimization if userfaultfd_wp(vma)==true, because uffd-wp needs another fault anyway. (2) Move the userfaultfd-wp handling for hugetlb from hugetlb_fault() into hugetlb_wp(). The major cons is there're a bunch of locks taken when calling hugetlb_wp(), and that will make the changeset unnecessarily complicated due to the lock operations. (3) Carry over uffd-wp bit in hugetlb_wp(), so it'll need to fault again for uffd-wp privately mapped pages. This patch chose option (3) which contains the minimum changeset (simplest for backport) and also make sure hugetlb_wp() itself will start to be always safe with uffd-wp ptes even if called elsewhere in the future. This patch will be needed for v5.19+ hence copy stable. Reported-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: linux-stable <stable(a)vger.kernel.org> Fixes: 166f3ecc0daf ("mm/hugetlb: hook page faults for uffd write protection") Signed-off-by: Peter Xu <peterx(a)redhat.com> --- mm/hugetlb.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 8bfd07f4c143..22337b191eae 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5478,7 +5478,7 @@ static vm_fault_t hugetlb_wp(struct mm_struct *mm, struct vm_area_struct *vma, struct folio *pagecache_folio, spinlock_t *ptl) { const bool unshare = flags & FAULT_FLAG_UNSHARE; - pte_t pte; + pte_t pte, newpte; struct hstate *h = hstate_vma(vma); struct page *old_page; struct folio *new_folio; @@ -5622,8 +5622,10 @@ static vm_fault_t hugetlb_wp(struct mm_struct *mm, struct vm_area_struct *vma, mmu_notifier_invalidate_range(mm, range.start, range.end); page_remove_rmap(old_page, vma, true); hugepage_add_new_anon_rmap(new_folio, vma, haddr); - set_huge_pte_at(mm, haddr, ptep, - make_huge_pte(vma, &new_folio->page, !unshare)); + newpte = make_huge_pte(vma, &new_folio->page, !unshare); + if (huge_pte_uffd_wp(pte)) + newpte = huge_pte_mkuffd_wp(newpte); + set_huge_pte_at(mm, haddr, ptep, newpte); folio_set_hugetlb_migratable(new_folio); /* Make the old page be freed below */ new_folio = page_folio(old_page); -- 2.39.1

2 years, 1 month

4
10
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2023