December 2024 - Linux-stable-mirror

[PATCH RESEND] drm/komeda: Add check for komeda_get_layer_fourcc_list()

by Haoxiang Li

Add check for the return value of komeda_get_layer_fourcc_list() to catch the potential exception. Fixes: 5d51f6c0da1b ("drm/komeda: Add writeback support") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c b/drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c index ebccb74306a7..f30b3d5eeca5 100644 --- a/drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c +++ b/drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c @@ -160,6 +160,10 @@ static int komeda_wb_connector_add(struct komeda_kms_dev *kms, formats = komeda_get_layer_fourcc_list(&mdev->fmt_tbl, kwb_conn->wb_layer->layer_type, &n_formats); + if (!formats) { + kfree(kwb_conn); + return -ENOMEM; + } err = drm_writeback_connector_init(&kms->base, wb_conn, &komeda_wb_connector_funcs, -- 2.25.1

1 day, 13 hours

2
1
0 0

FAILED: patch "[PATCH] vmalloc: fix accounting with i915" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a2e740e216f5bf49ccb83b6d490c72a340558a43 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024122301-uncommon-enquirer-5f71@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a2e740e216f5bf49ccb83b6d490c72a340558a43 Mon Sep 17 00:00:00 2001 From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Date: Wed, 11 Dec 2024 20:25:37 +0000 Subject: [PATCH] vmalloc: fix accounting with i915 If the caller of vmap() specifies VM_MAP_PUT_PAGES (currently only the i915 driver), we will decrement nr_vmalloc_pages and MEMCG_VMALLOC in vfree(). These counters are incremented by vmalloc() but not by vmap() so this will cause an underflow. Check the VM_MAP_PUT_PAGES flag before decrementing either counter. Link: https://lkml.kernel.org/r/20241211202538.168311-1-willy@infradead.org Fixes: b944afc9d64d ("mm: add a VM_MAP_PUT_PAGES flag for vmap") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Shakeel Butt <shakeel.butt(a)linux.dev> Reviewed-by: Balbir Singh <balbirs(a)nvidia.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmalloc.c b/mm/vmalloc.c index f009b21705c1..5c88d0e90c20 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3374,7 +3374,8 @@ void vfree(const void *addr) struct page *page = vm->pages[i]; BUG_ON(!page); - mod_memcg_page_state(page, MEMCG_VMALLOC, -1); + if (!(vm->flags & VM_MAP_PUT_PAGES)) + mod_memcg_page_state(page, MEMCG_VMALLOC, -1); /* * High-order allocs for huge vmallocs are split, so * can be freed as an array of order-0 allocations @@ -3382,7 +3383,8 @@ void vfree(const void *addr) __free_page(page); cond_resched(); } - atomic_long_sub(vm->nr_pages, &nr_vmalloc_pages); + if (!(vm->flags & VM_MAP_PUT_PAGES)) + atomic_long_sub(vm->nr_pages, &nr_vmalloc_pages); kvfree(vm->pages); kfree(vm); }

2 days, 11 hours

3
3
0 0

[PATCH 1/2] PCI/MSI: Add MSIX option to write to ENTRY_DATA before any reads

by dullfire＠yahoo.com

From: Jonathan Currier <dullfire(a)yahoo.com> Commit 7d5ec3d36123 ("PCI/MSI: Mask all unused MSI-X entries") introduces a readl() from ENTRY_VECTOR_CTRL before the writel() to ENTRY_DATA. This is correct, however some hardware, like the Sun Neptune chips, the niu module, will cause an error and/or fatal trap if any MSIX table entry is read before the corresponding ENTRY_DATA field is written to. This patch adds an optional early writel() in msix_prepare_msi_desc(). Cc: stable(a)vger.kernel.org Signed-off-by: Jonathan Currier <dullfire(a)yahoo.com> --- drivers/pci/msi/msi.c | 2 ++ include/linux/pci.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/drivers/pci/msi/msi.c b/drivers/pci/msi/msi.c index 3a45879d85db..50d87fb5e37f 100644 --- a/drivers/pci/msi/msi.c +++ b/drivers/pci/msi/msi.c @@ -611,6 +611,8 @@ void msix_prepare_msi_desc(struct pci_dev *dev, struct msi_desc *desc) if (desc->pci.msi_attrib.can_mask) { void __iomem *addr = pci_msix_desc_addr(desc); + if (dev->dev_flags & PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST) + writel(0, addr + PCI_MSIX_ENTRY_DATA); desc->pci.msix_ctrl = readl(addr + PCI_MSIX_ENTRY_VECTOR_CTRL); } } diff --git a/include/linux/pci.h b/include/linux/pci.h index 37d97bef060f..b8b95b58d522 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -245,6 +245,8 @@ enum pci_dev_flags { PCI_DEV_FLAGS_NO_RELAXED_ORDERING = (__force pci_dev_flags_t) (1 << 11), /* Device does honor MSI masking despite saying otherwise */ PCI_DEV_FLAGS_HAS_MSI_MASKING = (__force pci_dev_flags_t) (1 << 12), + /* Device requires write to PCI_MSIX_ENTRY_DATA before any MSIX reads */ + PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST = (__force pci_dev_flags_t) (1 << 13), }; enum pci_irq_reroute_variant { -- 2.45.2

3 days, 11 hours

3
4
0 0

[PATCH] usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries

by Selvarasu Ganesan

The current implementation sets the wMaxPacketSize of bulk in/out endpoints to 1024 bytes at the end of the f_midi_bind function. However, in cases where there is a failure in the first midi bind attempt, consider rebinding. This scenario may encounter an f_midi_bind issue due to the previous bind setting the bulk endpoint's wMaxPacketSize to 1024 bytes, which exceeds the ep->maxpacket_limit where configured TX/RX FIFO's maxpacket size of 512 bytes for IN/OUT endpoints in support HS speed only. This commit addresses this issue by resetting the wMaxPacketSize before endpoint claim. Fixes: 46decc82ffd5 ("usb: gadget: unconditionally allocate hs/ss descriptor in bind operation") Cc: stable(a)vger.kernel.org Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> --- drivers/usb/gadget/function/f_midi.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c index 837fcdfa3840..5caa0e4eb07e 100644 --- a/drivers/usb/gadget/function/f_midi.c +++ b/drivers/usb/gadget/function/f_midi.c @@ -907,6 +907,15 @@ static int f_midi_bind(struct usb_configuration *c, struct usb_function *f) status = -ENODEV; + /* + * Reset wMaxPacketSize with maximum packet size of FS bulk transfer before + * endpoint claim. This ensures that the wMaxPacketSize does not exceed the + * limit during bind retries where configured TX/RX FIFO's maxpacket size + * of 512 bytes for IN/OUT endpoints in support HS speed only. + */ + bulk_in_desc.wMaxPacketSize = cpu_to_le16(64); + bulk_out_desc.wMaxPacketSize = cpu_to_le16(64); + /* allocate instance-specific endpoints */ midi->in_ep = usb_ep_autoconfig(cdev->gadget, &bulk_in_desc); if (!midi->in_ep) -- 2.17.1

5 days, 18 hours

3
17
0 0

[PATCH 6.6] KVM: x86: Make x2APIC ID 100% readonly

by Gavin Guo

From: Sean Christopherson <seanjc(a)google.com> [ Upstream commit 4b7c3f6d04bd53f2e5b228b6821fb8f5d1ba3071 ] Ignore the userspace provided x2APIC ID when fixing up APIC state for KVM_SET_LAPIC, i.e. make the x2APIC fully readonly in KVM. Commit a92e2543d6a8 ("KVM: x86: use hardware-compatible format for APIC ID register"), which added the fixup, didn't intend to allow userspace to modify the x2APIC ID. In fact, that commit is when KVM first started treating the x2APIC ID as readonly, apparently to fix some race: static inline u32 kvm_apic_id(struct kvm_lapic *apic) { - return (kvm_lapic_get_reg(apic, APIC_ID) >> 24) & 0xff; + /* To avoid a race between apic_base and following APIC_ID update when + * switching to x2apic_mode, the x2apic mode returns initial x2apic id. + */ + if (apic_x2apic_mode(apic)) + return apic->vcpu->vcpu_id; + + return kvm_lapic_get_reg(apic, APIC_ID) >> 24; } Furthermore, KVM doesn't support delivering interrupts to vCPUs with a modified x2APIC ID, but KVM *does* return the modified value on a guest RDMSR and for KVM_GET_LAPIC. I.e. no remotely sane setup can actually work with a modified x2APIC ID. Making the x2APIC ID fully readonly fixes a WARN in KVM's optimized map calculation, which expects the LDR to align with the x2APIC ID. WARNING: CPU: 2 PID: 958 at arch/x86/kvm/lapic.c:331 kvm_recalculate_apic_map+0x609/0xa00 [kvm] CPU: 2 PID: 958 Comm: recalc_apic_map Not tainted 6.4.0-rc3-vanilla+ #35 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.2-1-1 04/01/2014 RIP: 0010:kvm_recalculate_apic_map+0x609/0xa00 [kvm] Call Trace: <TASK> kvm_apic_set_state+0x1cf/0x5b0 [kvm] kvm_arch_vcpu_ioctl+0x1806/0x2100 [kvm] kvm_vcpu_ioctl+0x663/0x8a0 [kvm] __x64_sys_ioctl+0xb8/0xf0 do_syscall_64+0x56/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fade8b9dd6f Unfortunately, the WARN can still trigger for other CPUs than the current one by racing against KVM_SET_LAPIC, so remove it completely. Reported-by: Michal Luczaj <mhal(a)rbox.co> Closes: https://lore.kernel.org/all/814baa0c-1eaa-4503-129f-059917365e80@rbox.co Reported-by: Haoyu Wu <haoyuwu254(a)gmail.com> Closes: https://lore.kernel.org/all/20240126161633.62529-1-haoyuwu254@gmail.com Reported-by: syzbot+545f1326f405db4e1c3e(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000c2a6b9061cbca3c3@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-ID: <20240802202941.344889-2-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> --- arch/x86/kvm/lapic.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 34766abbabd8..cd9c1e1f6fd3 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -338,10 +338,8 @@ static void kvm_recalculate_logical_map(struct kvm_apic_map *new, * reversing the LDR calculation to get cluster of APICs, i.e. no * additional work is required. */ - if (apic_x2apic_mode(apic)) { - WARN_ON_ONCE(ldr != kvm_apic_calc_x2apic_ldr(kvm_x2apic_id(apic))); + if (apic_x2apic_mode(apic)) return; - } if (WARN_ON_ONCE(!kvm_apic_map_get_logical_dest(new, ldr, &cluster, &mask))) { @@ -2964,18 +2962,28 @@ static int kvm_apic_state_fixup(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s, bool set) { if (apic_x2apic_mode(vcpu->arch.apic)) { + u32 x2apic_id = kvm_x2apic_id(vcpu->arch.apic); u32 *id = (u32 *)(s->regs + APIC_ID); u32 *ldr = (u32 *)(s->regs + APIC_LDR); u64 icr; if (vcpu->kvm->arch.x2apic_format) { - if (*id != vcpu->vcpu_id) + if (*id != x2apic_id) return -EINVAL; } else { + /* + * Ignore the userspace value when setting APIC state. + * KVM's model is that the x2APIC ID is readonly, e.g. + * KVM only supports delivering interrupts to KVM's + * version of the x2APIC ID. However, for backwards + * compatibility, don't reject attempts to set a + * mismatched ID for userspace that hasn't opted into + * x2apic_format. + */ if (set) - *id >>= 24; + *id = x2apic_id; else - *id <<= 24; + *id = x2apic_id << 24; } /* @@ -2984,7 +2992,7 @@ static int kvm_apic_state_fixup(struct kvm_vcpu *vcpu, * split to ICR+ICR2 in userspace for backwards compatibility. */ if (set) { - *ldr = kvm_apic_calc_x2apic_ldr(*id); + *ldr = kvm_apic_calc_x2apic_ldr(x2apic_id); icr = __kvm_lapic_get_reg(s->regs, APIC_ICR) | (u64)__kvm_lapic_get_reg(s->regs, APIC_ICR2) << 32; -- 2.43.0

6 days, 5 hours

3
5
0 0

[REGRESSION] Distorted sound on Acer Aspire A115-31 laptop

by Evgeny Kapun

I am using an Acer Aspire A115-31 laptop. When running newer kernel versions, sound played through headphones is distorted, but when running older versions, it is not. Kernel version: Linux version 6.12.5 (user@hostname) (gcc (Debian 14.2.0-8) 14.2.0, GNU ld (GNU Binutils for Debian) 2.43.50.20241210) #1 SMP PREEMPT_DYNAMIC Sun Dec 15 05:09:16 IST 2024 Operating System: Debian GNU/Linux trixie/sid No special actions are needed to reproduce the issue. The sound is distorted all the time, and it doesn't depend on anything besides using an affected kernel version. It seems to be caused by commit 34ab5bbc6e82214d7f7393eba26d164b303ebb4e (ALSA: hda/realtek - Add Headset Mic supported Acer NB platform). Indeed, if I remove the entry that this commit adds, the issue disappears. lspci output for the device in question: 00:0e.0 Multimedia audio controller [0401]: Intel Corporation Celeron/Pentium Silver Processor High Definition Audio [8086:3198] (rev 06) Subsystem: Acer Incorporated [ALI] Device [1025:1360] Flags: bus master, fast devsel, latency 0, IRQ 130 Memory at a1214000 (64-bit, non-prefetchable) [size=16K] Memory at a1000000 (64-bit, non-prefetchable) [size=1M] Capabilities: [50] Power Management version 3 Capabilities: [80] Vendor Specific Information: Len=14 <?> Capabilities: [60] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [70] Express Root Complex Integrated Endpoint, IntMsgNum 0 Kernel driver in use: snd_hda_intel Kernel modules: snd_hda_intel, snd_soc_avs, snd_sof_pci_intel_apl

6 days, 14 hours

3
15
0 0

[PATCH v2] mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe()

by Uros Bizjak

struct zynqmp_ipi_pdata __percpu *pdata is not a per-cpu variable, so it should not be annotated with __percpu annotation. Remove invalid __percpu annotation to fix several zynqmp-ipi-mailbox.c:920:15: warning: incorrect type in assignment (different address spaces) zynqmp-ipi-mailbox.c:920:15: expected struct zynqmp_ipi_pdata [noderef] __percpu *pdata zynqmp-ipi-mailbox.c:920:15: got void * zynqmp-ipi-mailbox.c:927:56: warning: incorrect type in argument 3 (different address spaces) zynqmp-ipi-mailbox.c:927:56: expected unsigned int [usertype] *out_value zynqmp-ipi-mailbox.c:927:56: got unsigned int [noderef] __percpu * ... and several drivers/mailbox/zynqmp-ipi-mailbox.c:924:9: warning: dereference of noderef expression ... sparse warnings. There were no changes in the resulting object file. Cc: stable(a)vger.kernel.org Fixes: 6ffb1635341b ("mailbox: zynqmp: handle SGI for shared IPI") Signed-off-by: Uros Bizjak <ubizjak(a)gmail.com> Cc: Jassi Brar <jassisinghbrar(a)gmail.com> Cc: Michal Simek <michal.simek(a)amd.com> Cc: Tanmay Shah <tanmay.shah(a)amd.com> --- v2: - Fix typo in commit message - Add Fixes and Cc: stable. --- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mailbox/zynqmp-ipi-mailbox.c b/drivers/mailbox/zynqmp-ipi-mailbox.c index aa5249da59b2..0c143beaafda 100644 --- a/drivers/mailbox/zynqmp-ipi-mailbox.c +++ b/drivers/mailbox/zynqmp-ipi-mailbox.c @@ -905,7 +905,7 @@ static int zynqmp_ipi_probe(struct platform_device *pdev) { struct device *dev = &pdev->dev; struct device_node *nc, *np = pdev->dev.of_node; - struct zynqmp_ipi_pdata __percpu *pdata; + struct zynqmp_ipi_pdata *pdata; struct of_phandle_args out_irq; struct zynqmp_ipi_mbox *mbox; int num_mboxes, ret = -EINVAL; -- 2.42.0

1 week

3
4
0 0

[PATCH v2 7/7] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> Commit 11c60f23ed13 ("integrity: Remove unused macro IMA_ACTION_RULE_FLAGS") removed the IMA_ACTION_RULE_FLAGS mask, due to it not being used after commit 0d73a55208e9 ("ima: re-introduce own integrity cache lock"). However, it seems that the latter commit mistakenly used the wrong mask when moving the code from ima_inode_post_setattr() to process_measurement(). There is no mention in the commit message about this change and it looks quite important, since changing from IMA_ACTIONS_FLAGS (later renamed to IMA_NONACTION_FLAGS) to IMA_ACTION_RULE_FLAGS was done by commit 42a4c603198f0 ("ima: fix ima_inode_post_setattr"). Restore the original change, but with new mask 0xfb000000 since the policy-specific flags changed meanwhile, and rename IMA_ACTION_RULE_FLAGS to IMA_NONACTION_RULE_FLAGS, to be consistent with IMA_NONACTION_FLAGS. Cc: stable(a)vger.kernel.org # v4.16.x Fixes: 11c60f23ed13 ("integrity: Remove unused macro IMA_ACTION_RULE_FLAGS") Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_main.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 22c3b87cfcac..32ffef2cc92a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -141,6 +141,7 @@ struct ima_kexec_hdr { /* IMA iint policy rule cache flags */ #define IMA_NONACTION_FLAGS 0xff000000 +#define IMA_NONACTION_RULE_FLAGS 0xfb000000 #define IMA_DIGSIG_REQUIRED 0x01000000 #define IMA_PERMIT_DIRECTIO 0x02000000 #define IMA_NEW_FILE 0x04000000 diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 712c3a522e6c..83e467ad18d4 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -277,7 +277,7 @@ static int process_measurement(struct file *file, const struct cred *cred, /* reset appraisal flags if ima_inode_post_setattr was called */ iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | - IMA_NONACTION_FLAGS); + IMA_NONACTION_RULE_FLAGS); /* * Re-evaulate the file if either the xattr has changed or the -- 2.47.0.118.gfd3785337b

1 week

2
1
0 0

[PATCH 6.12 000/114] 6.12.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.8 release. There are 114 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 01 Jan 2025 15:41:48 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.8-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.8-rc1 Takashi Iwai <tiwai(a)suse.de> ALSA: sh: Fix wrong argument order for copy_from_iter() Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Shut up truncated string warning Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: mediatek: change the conditions for ISO interface Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: mediatek: add intf release flow when usb disconnect Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: mediatek: add callback function in btusb_disconnect Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btusb: mediatek: move Bluetooth power off command position Boris Burkov <boris(a)bur.io> btrfs: check folio mapping after unlock in relocate_one_folio() Boris Burkov <boris(a)bur.io> btrfs: check folio mapping after unlock in put_file_data() Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when COWing tree bock and tracing is enabled Qu Wenruo <wqu(a)suse.com> btrfs: sysfs: fix direct super block member reads Julian Sun <sunjunchao2870(a)gmail.com> btrfs: fix transaction atomicity bug when enabling simple quotas Filipe Manana <fdmanana(a)suse.com> btrfs: fix swap file activation failure due to extents that used to be shared Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Filipe Manana <fdmanana(a)suse.com> btrfs: fix race with memory mapped writes when activating swap file Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> power: supply: gpio-charger: Fix set charge current limits Thomas Weißschuh <linux(a)weissschuh.net> power: supply: cros_charge-control: hide start threshold on v2 cmd Thomas Weißschuh <linux(a)weissschuh.net> power: supply: cros_charge-control: allow start_threshold == end_threshold Thomas Weißschuh <linux(a)weissschuh.net> power: supply: cros_charge-control: add mutex for driver data Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Add PEBS format 6 Conor Dooley <conor.dooley(a)microchip.com> i2c: microchip-core: fix "ghost" detections Carlos Song <carlos.song(a)nxp.com> i2c: imx: add imx7d compatible string for applying erratum ERR007805 Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix bitmask of OCR and FRONTEND events for LNC Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Handle lack of irqdomain gracefully Li RongQing <lirongqing(a)baidu.com> virt: tdx-guest: Just leak decrypted memory on unrecoverable errors Xin Li (Intel) <xin(a)zytor.com> x86/fred: Clear WFE in missing-ENDBRANCH #CPs Conor Dooley <conor.dooley(a)microchip.com> i2c: microchip-core: actually use repeated sends Pavel Begunkov <asml.silence(a)gmail.com> io_uring/sqpoll: fix sqpoll error handling races Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat: Fix histogram ALL for zero samples Lizhi Xu <lizhi.xu(a)windriver.com> tracing: Prevent bad count for tracing_cpumask_write Christian Göttsche <cgzones(a)googlemail.com> tracing: Constify string literal data member in struct trace_event_call Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Add Clearwater Forest support Binbin Zhou <zhoubinbin(a)loongson.cn> dmaengine: loongson2-apb: Change GENMASK to GENMASK_ULL Chen Ridong <chenridong(a)huawei.com> freezer, sched: Report frozen tasks as 'D' instead of 'R' chenchangcheng <ccc194101(a)163.com> objtool: Add bch2_trans_unlocked_error() to bcachefs noreturns John Harrison <John.C.Harrison(a)Intel.com> drm/xe: Move the coredump registration to the worker thread Matthew Brost <matthew.brost(a)intel.com> drm/xe: Take PM ref in delayed snapshot capture worker Ming Lei <ming.lei(a)redhat.com> ublk: detach gendisk from ublk device if add_disk() fails Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: be less noisy if the NIC is dead in S3 Ming Lei <ming.lei(a)redhat.com> blk-mq: register cpuhp callback after hctx is added to xarray table Ming Lei <ming.lei(a)redhat.com> virtio-blk: don't keep queue frozen during system suspend Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() Purushothama Siddaiah <psiddaiah(a)mvista.com> spi: omap2-mcspi: Fix the IS_ERR() bug for devm_clk_get_optional_enabled() Qinxin Xia <xiaqinxin(a)huawei.com> ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A Cathy Avery <cavery(a)redhat.com> scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Handling of fault code for insufficient power Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Start controller indexing from 0 Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Synchronize access to ioctl data buffer Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time Aapo Vienamo <aapo.vienamo(a)iki.fi> spi: intel: Add Panther Lake SPI controller support Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Zero index arg error string for dynptr and iter Armin Wolf <W_Armin(a)gmx.de> platform/x86: asus-nb-wmi: Ignore unknown event 0xCF Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: BPF: Adjust the parameter of emit_jirl() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix reserving screen info memory for above-4G firmware Mark Brown <broonie(a)kernel.org> regmap: Use correct format specifier for logging range errors Brahmajit Das <brahmajit.xyz(a)gmail.com> smb: server: Fix building with GCC 15 Takashi Iwai <tiwai(a)suse.de> ALSA: sh: Use standard helper for buffer accesses bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: fix Z60MR100 startup pop issue Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Update legacy substream names upon FB info update Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Indicate the inactive group in legacy substream names Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Don't open legacy substream for an inactive group Jan Kara <jack(a)suse.cz> udf: Verify inode link counts before performing rename Jan Kara <jack(a)suse.cz> udf: Skip parent dir link count update if corrupted Tomas Henzl <thenzl(a)redhat.com> scsi: megaraid_sas: Fix for a potential deadlock Magnus Lindholm <linmag7(a)gmail.com> scsi: qla1280: Fix hw revision numbering for ISP1020/1040 Yassine Oudjana <y.oudjana(a)protonmail.com> watchdog: mediatek: Add support for MT6735 TOPRGU/WDT Peter Griffin <peter.griffin(a)linaro.org> Revert "watchdog: s3c2410_wdt: use exynos_get_pmu_regmap_by_phandle() for PMU regs" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler James Hilliard <james.hilliard1(a)gmail.com> watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/kprobe: Make trace_kprobe's module callback called after jump_label update Alexander Lobakin <aleksander.lobakin(a)intel.com> stddef: make __struct_group() UAPI C++-friendly Hans de Goede <hdegoede(a)redhat.com> power: supply: bq24190: Fix BQ24296 Vbus regulator support Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries/vas: Add close() callback in vas_vm_ops struct Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 21Q6 and 21Q7 Chen-Yu Tsai <wenst(a)chromium.org> ASoC: dt-bindings: realtek,rt5645: Fix CPVDD voltage comment Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 21QA and 21QB Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: ps: Fix for enabling DMIC on acp63 platform via _DSD entry Dan Carpenter <dan.carpenter(a)linaro.org> mtd: rawnand: fix double free in atmel_pmecc_create_user() Dustin L. Howett <dustin(a)howett.net> platform/chrome: cros_ec_lpc: fix product identity for early Framework Laptops Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP Chen Ridong <chenridong(a)huawei.com> dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset Sasha Finkelstein <fnkl.kernel(a)gmail.com> dmaengine: apple-admac: Avoid accessing registers in probe Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: fsl-edma: implement the cleanup path of fsl_edma3_attach_pd() Lizhi Hou <lizhi.hou(a)amd.com> dmaengine: amd: qdma: Remove using the private get and set dma_ops APIs Akhil R <akhilrajeev(a)nvidia.com> dmaengine: tegra: Return correct DMA status when paused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> dmaengine: dw: Select only supported masters for ACPI devices Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dmaengine: mv_xor: fix child node refcount handling in early exit Fedor Pchelkin <pchelkin(a)ispras.ru> ALSA: memalloc: prefer dma_mapping_error() over explicit address checking Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: fix phy reset Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM Justin Chen <justin.chen(a)broadcom.com> phy: usb: Toggle the PHY power during init Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix that API devm_phy_destroy() fails to destroy the phy Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix that API devm_phy_put() fails to release the phy Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix an OF node refcount leakage in _of_phy_get() Krishna Kurapati <quic_kriskura(a)quicinc.com> phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP Maciej Andrzejewski <maciej.andrzejewski(a)m-works.net> mtd: rawnand: arasan: Fix missing de-registration of NAND Maciej Andrzejewski <maciej.andrzejewski(a)m-works.net> mtd: rawnand: arasan: Fix double assertion of chip-select Zichen Xie <zichenxie0106(a)gmail.com> mtd: diskonchip: Cast an operand to prevent potential overflow NeilBrown <neilb(a)suse.de> nfsd: restore callback functionality for NFSv4.0 Yang Erkun <yangerkun(a)huawei.com> nfsd: Revert "nfsd: release svc_expkey/svc_export with rcu_work" Cong Wang <cong.wang(a)bytedance.com> bpf: Check negative offsets in __bpf_skb_min_len() Zijian Zhang <zijianzhang(a)bytedance.com> tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() Bharath SM <bharathsm.hsk(a)gmail.com> smb: fix bytes written value in /proc/fs/cifs/Stats Dragan Simic <dsimic(a)manjaro.org> smb: client: Deduplicate "select NETFS_SUPPORT" in Kconfig Jerome Marchand <jmarchan(a)redhat.com> selftests/bpf: Fix compilation error in get_uprobe_offset() Bart Van Assche <bvanassche(a)acm.org> mm/vmstat: fix a W=1 clang compiler warning Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> fork: avoid inappropriate uprobe access to invalid mm Andrea Righi <arighi(a)nvidia.com> bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP Willow Cunningham <willow.e.cunningham(a)gmail.com> arm64: dts: broadcom: Fix L2 linesize for Raspberry Pi 5 Ilya Dryomov <idryomov(a)gmail.com> ceph: allocate sparse_ext map only for sparse reads Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg ------------- Diffstat: Documentation/arch/arm64/silicon-errata.rst | 5 +- .../devicetree/bindings/sound/realtek,rt5645.yaml | 2 +- Makefile | 4 +- arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 8 +- arch/loongarch/include/asm/inst.h | 12 +- arch/loongarch/kernel/efi.c | 2 +- arch/loongarch/kernel/inst.c | 2 +- arch/loongarch/net/bpf_jit.c | 6 +- arch/powerpc/platforms/book3s/vas-api.c | 36 +++++ arch/x86/events/intel/core.c | 12 +- arch/x86/events/intel/ds.c | 1 + arch/x86/events/intel/uncore.c | 1 + arch/x86/kernel/cet.c | 30 ++++ block/blk-mq.c | 15 +- drivers/acpi/arm64/iort.c | 2 + drivers/base/regmap/regmap.c | 4 +- drivers/block/ublk_drv.c | 26 +-- drivers/block/virtio_blk.c | 7 +- drivers/bluetooth/btusb.c | 41 +++-- drivers/dma/amd/qdma/qdma.c | 28 ++-- drivers/dma/apple-admac.c | 7 +- drivers/dma/at_xdmac.c | 2 + drivers/dma/dw/acpi.c | 6 +- drivers/dma/dw/internal.h | 8 + drivers/dma/dw/pci.c | 4 +- drivers/dma/fsl-edma-common.h | 1 + drivers/dma/fsl-edma-main.c | 41 ++++- drivers/dma/ls2x-apb-dma.c | 2 +- drivers/dma/mv_xor.c | 2 + drivers/dma/tegra186-gpc-dma.c | 10 ++ drivers/gpu/drm/display/drm_dp_mst_topology.c | 24 ++- drivers/gpu/drm/xe/xe_devcoredump.c | 69 ++++---- drivers/i2c/busses/i2c-imx.c | 1 + drivers/i2c/busses/i2c-microchip-corei2c.c | 126 +++++++++++---- drivers/media/dvb-frontends/dib3000mb.c | 2 +- drivers/mtd/nand/raw/arasan-nand-controller.c | 11 +- drivers/mtd/nand/raw/atmel/pmecc.c | 4 +- drivers/mtd/nand/raw/diskonchip.c | 2 +- drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 13 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 28 +++- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 2 + drivers/pci/msi/irqdomain.c | 7 +- drivers/pci/msi/msi.c | 4 + drivers/phy/broadcom/phy-brcm-usb-init-synopsys.c | 6 + drivers/phy/phy-core.c | 21 ++- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 2 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 2 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 3 +- drivers/platform/chrome/cros_ec_lpc.c | 4 +- drivers/platform/x86/asus-nb-wmi.c | 1 + drivers/power/supply/bq24190_charger.c | 12 +- drivers/power/supply/cros_charge-control.c | 36 +++-- drivers/power/supply/gpio-charger.c | 8 + drivers/scsi/megaraid/megaraid_sas_base.c | 5 +- drivers/scsi/mpi3mr/mpi3mr.h | 9 -- drivers/scsi/mpi3mr/mpi3mr_app.c | 36 +++-- drivers/scsi/mpi3mr/mpi3mr_fw.c | 121 ++++++-------- drivers/scsi/mpi3mr/mpi3mr_os.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 7 +- drivers/scsi/qla1280.h | 12 +- drivers/scsi/storvsc_drv.c | 7 +- drivers/spi/spi-intel-pci.c | 2 + drivers/spi/spi-omap2-mcspi.c | 6 +- drivers/virt/coco/tdx-guest/tdx-guest.c | 4 +- drivers/watchdog/Kconfig | 1 + drivers/watchdog/it87_wdt.c | 39 +++++ drivers/watchdog/mtk_wdt.c | 6 + drivers/watchdog/rzg2l_wdt.c | 20 ++- drivers/watchdog/s3c2410_wdt.c | 8 +- fs/btrfs/ctree.c | 11 +- fs/btrfs/inode.c | 129 +++++++++++---- fs/btrfs/qgroup.c | 3 +- fs/btrfs/relocation.c | 6 + fs/btrfs/send.c | 6 + fs/btrfs/sysfs.c | 6 +- fs/ceph/file.c | 2 +- fs/nfsd/export.c | 31 +--- fs/nfsd/export.h | 4 +- fs/nfsd/nfs4callback.c | 4 +- fs/smb/client/Kconfig | 1 - fs/smb/client/smb2pdu.c | 3 + fs/smb/server/smb_common.c | 4 +- fs/udf/namei.c | 16 +- include/linux/platform_data/amd_qdma.h | 2 + include/linux/sched.h | 3 +- include/linux/skmsg.h | 11 +- include/linux/trace_events.h | 2 +- include/linux/vmstat.h | 2 +- include/net/sock.h | 10 +- include/uapi/linux/stddef.h | 13 +- io_uring/sqpoll.c | 6 + kernel/bpf/verifier.c | 18 ++- kernel/fork.c | 13 +- kernel/trace/trace.c | 3 + kernel/trace/trace_kprobe.c | 2 +- net/ceph/osd_client.c | 2 + net/core/filter.c | 21 ++- net/core/skmsg.c | 6 +- net/ipv4/tcp_bpf.c | 6 +- sound/core/memalloc.c | 2 +- sound/core/ump.c | 26 ++- sound/pci/hda/patch_conexant.c | 28 ++++ sound/sh/sh_dac_audio.c | 5 +- sound/soc/amd/ps/pci-ps.c | 17 +- sound/soc/intel/boards/sof_sdw.c | 23 ++- sound/soc/sof/intel/hda-dai.c | 25 ++- sound/soc/sof/intel/hda.h | 2 - tools/include/uapi/linux/stddef.h | 15 +- tools/objtool/noreturns.h | 1 + tools/testing/selftests/bpf/progs/dynptr_fail.c | 22 +-- .../selftests/bpf/progs/iters_state_safety.c | 14 +- .../selftests/bpf/progs/iters_testmod_seq.c | 4 +- .../selftests/bpf/progs/test_kfunc_dynptr_param.c | 2 +- .../selftests/bpf/progs/verifier_bits_iter.c | 4 +- tools/testing/selftests/bpf/trace_helpers.c | 4 + tools/tracing/rtla/src/timerlat_hist.c | 177 +++++++++++---------- 116 files changed, 1169 insertions(+), 548 deletions(-)

1 week

12
127
0 0

[PATCH v2 6/7] ima: Discard files opened with O_PATH

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> According to man open.2, files opened with O_PATH are not really opened. The obtained file descriptor is used to indicate a location in the filesystem tree and to perform operations that act purely at the file descriptor level. Thus, ignore open() syscalls with O_PATH, since IMA cares about file data. Cc: stable(a)vger.kernel.org # v2.6.39.x Fixes: 1abf0c718f15a ("New kind of open files - "location only".") Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> --- security/integrity/ima/ima_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 50b37420ea2c..712c3a522e6c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -202,7 +202,8 @@ static void ima_file_free(struct file *file) struct inode *inode = file_inode(file); struct ima_iint_cache *iint; - if (!ima_policy_flag || !S_ISREG(inode->i_mode)) + if (!ima_policy_flag || !S_ISREG(inode->i_mode) || + (file->f_flags & O_PATH)) return; iint = ima_iint_find(inode); @@ -232,7 +233,8 @@ static int process_measurement(struct file *file, const struct cred *cred, enum hash_algo hash_algo; unsigned int allowed_algos = 0; - if (!ima_policy_flag || !S_ISREG(inode->i_mode)) + if (!ima_policy_flag || !S_ISREG(inode->i_mode) || + (file->f_flags & O_PATH)) return 0; /* Return an IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT action -- 2.47.0.118.gfd3785337b

1 week

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2024