December 2024 - Linux-stable-mirror

[PATCH] selftests/rseq: Fix rseq for cases without glibc support

by Raghavendra Rao Ananta

Currently the rseq constructor, rseq_init(), assumes that glibc always has the support for rseq symbols (__rseq_size for instance). However, glibc supports rseq from version 2.35 onwards. As a result, for the systems that run glibc less than 2.35, the global rseq_size remains initialized to -1U. When a thread then tries to register for rseq, get_rseq_min_alloc_size() would end up returning -1U, which is incorrect. Hence, initialize rseq_size for the cases where glibc doesn't have the support for rseq symbols. Cc: stable(a)vger.kernel.org Fixes: 73a4f5a704a2 ("selftests/rseq: Fix mm_cid test failure") Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com> --- tools/testing/selftests/rseq/rseq.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/rseq/rseq.c b/tools/testing/selftests/rseq/rseq.c index 5b9772cdf265..9eb5356f25fa 100644 --- a/tools/testing/selftests/rseq/rseq.c +++ b/tools/testing/selftests/rseq/rseq.c @@ -142,6 +142,16 @@ unsigned int get_rseq_kernel_feature_size(void) return ORIG_RSEQ_FEATURE_SIZE; } +static void set_default_rseq_size(void) +{ + unsigned int rseq_kernel_feature_size = get_rseq_kernel_feature_size(); + + if (rseq_kernel_feature_size < ORIG_RSEQ_ALLOC_SIZE) + rseq_size = rseq_kernel_feature_size; + else + rseq_size = ORIG_RSEQ_ALLOC_SIZE; +} + int rseq_register_current_thread(void) { int rc; @@ -219,12 +229,7 @@ void rseq_init(void) fallthrough; case ORIG_RSEQ_ALLOC_SIZE: { - unsigned int rseq_kernel_feature_size = get_rseq_kernel_feature_size(); - - if (rseq_kernel_feature_size < ORIG_RSEQ_ALLOC_SIZE) - rseq_size = rseq_kernel_feature_size; - else - rseq_size = ORIG_RSEQ_ALLOC_SIZE; + set_default_rseq_size(); break; } default: @@ -239,8 +244,10 @@ void rseq_init(void) rseq_size = 0; return; } + rseq_offset = (void *)&__rseq_abi - rseq_thread_pointer(); rseq_flags = 0; + set_default_rseq_size(); } static __attribute__((destructor)) base-commit: 40384c840ea1944d7c5a392e8975ed088ecf0b37 -- 2.47.0.338.g60cca15819-goog

7 months, 1 week

3
4
0 0

[PATCH v2] ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address

by Nobuhiro Iwamatsu

On SoCFPGA/Sodia board, mdio bus cannot be probed, so the PHY cannot be found and the network device does not work. ``` stmmaceth ff702000.ethernet eth0: __stmmac_open: Cannot attach to PHY (error: -19) ``` To probe the mdio bus, add "snps,dwmac-mdio" as compatible string of the mdio bus. Also the PHY address connected to this board is 4. Therefore, change to 4. Cc: stable(a)vger.kernel.org # 6.3+ Signed-off-by: Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> --- v2: Update commit message from 'ID' to 'address'. Drop Fixes tag, because that commit is not the cause. arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts b/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts index ce0d6514eeb571..e4794ccb8e413f 100644 --- a/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts +++ b/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts @@ -66,8 +66,10 @@ &gmac1 { mdio0 { #address-cells = <1>; #size-cells = <0>; - phy0: ethernet-phy@0 { - reg = <0>; + compatible = "snps,dwmac-mdio"; + + phy0: ethernet-phy@4 { + reg = <4>; rxd0-skew-ps = <0>; rxd1-skew-ps = <0>; rxd2-skew-ps = <0>; -- 2.45.2

7 months, 1 week

1
1
0 0

UBSAN array-index-out-of-bounds: cfg80211_scan_6ghz

by John Rowley

Hi, I'm experiencing UBSAN array-index-out-of-bounds errors while using my Framework 13" AMD laptop with its Mediatek MT7922 wifi adapter (mt7921e). It seems to happen only once on boot, and occurs with both kernel versions 6.12.7 and 6.13-rc4, both compiled from vanilla upstream kernel sources on Fedora 41 using the kernel.org LLVM toolchain (19.1.6). I can try some other kernel series if necessary, and also a bisect if I find a working version, but that may take me a while. I wasn't sure if I should mark this as a regression, as I'm not sure which/if there is a working kernel version at this point. Thanks. ---- [ 17.754417] UBSAN: array-index-out-of-bounds in /data/linux/net/wireless/scan.c:766:2 [ 17.754423] index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') [ 17.754427] CPU: 13 UID: 0 PID: 620 Comm: kworker/u64:10 Tainted: G T 6.13.0-rc4 #9 [ 17.754433] Tainted: [T]=RANDSTRUCT [ 17.754435] Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.05 03/29/2024 [ 17.754438] Workqueue: events_unbound cfg80211_wiphy_work [ 17.754446] Call Trace: [ 17.754449] <TASK> [ 17.754452] dump_stack_lvl+0x82/0xc0 [ 17.754459] __ubsan_handle_out_of_bounds+0xe7/0x110 [ 17.754464] ? srso_alias_return_thunk+0x5/0xfbef5 [ 17.754470] ? __kmalloc_noprof+0x1a7/0x280 [ 17.754477] cfg80211_scan_6ghz+0x3bb/0xfd0 [ 17.754482] ? srso_alias_return_thunk+0x5/0xfbef5 [ 17.754486] ? try_to_wake_up+0x368/0x4c0 [ 17.754491] ? try_to_wake_up+0x1a9/0x4c0 [ 17.754496] ___cfg80211_scan_done+0xa9/0x1e0 [ 17.754500] cfg80211_wiphy_work+0xb7/0xe0 [ 17.754504] process_scheduled_works+0x205/0x3a0 [ 17.754509] worker_thread+0x24a/0x300 [ 17.754514] ? __cfi_worker_thread+0x10/0x10 [ 17.754519] kthread+0x158/0x180 [ 17.754524] ? __cfi_kthread+0x10/0x10 [ 17.754528] ret_from_fork+0x40/0x50 [ 17.754534] ? __cfi_kthread+0x10/0x10 [ 17.754538] ret_from_fork_asm+0x11/0x30 [ 17.754544] </TASK>

7 months, 1 week

3
3
0 0

[GIT PULL 4/5] xfs: realtime reverse-mapping support

by Darrick J. Wong

Hi Carlos, Please pull this branch with changes for xfs. As usual, I did a test-merge with the main upstream branch as of a few minutes ago, and didn't see any conflicts. Please let me know if you encounter any problems. --D The following changes since commit 05290bd5c6236b8ad659157edb36bd2d38f46d3e: xfs: allow inode-based btrees to reserve space in the data device (2024-12-23 13:06:03 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git tags/realtime-rmap_2024-12-23 for you to fetch changes up to c2358439af374cad47f771797875d0beb8256738: xfs: enable realtime rmap btree (2024-12-23 13:06:09 -0800) ---------------------------------------------------------------- xfs: realtime reverse-mapping support [v6.2 04/14] This is the latest revision of a patchset that adds to XFS kernel support for reverse mapping for the realtime device. This time around I've fixed some of the bitrot that I've noticed over the past few months, and most notably have converted rtrmapbt to use the metadata inode directory feature instead of burning more space in the superblock. At the beginning of the set are patches to implement storing B+tree leaves in an inode root, since the realtime rmapbt is rooted in an inode, unlike the regular rmapbt which is rooted in an AG block. Prior to this, the only btree that could be rooted in the inode fork was the block mapping btree; if all the extent records fit in the inode, format would be switched from 'btree' to 'extents'. The next few patches enhance the reverse mapping routines to handle the parts that are specific to rtgroups -- adding the new btree type, adding a new log intent item type, and wiring up the metadata directory tree entries. Finally, implement GETFSMAP with the rtrmapbt and scrub functionality for the rtrmapbt and rtbitmap and online fsck functionality. This has been running on the djcloud for months with no problems. Enjoy! Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> ---------------------------------------------------------------- Darrick J. Wong (37): xfs: add some rtgroup inode helpers xfs: prepare rmap btree cursor tracepoints for realtime xfs: simplify the xfs_rmap_{alloc,free}_extent calling conventions xfs: introduce realtime rmap btree ondisk definitions xfs: realtime rmap btree transaction reservations xfs: add realtime rmap btree operations xfs: prepare rmap functions to deal with rtrmapbt xfs: add a realtime flag to the rmap update log redo items xfs: support recovering rmap intent items targetting realtime extents xfs: pretty print metadata file types in error messages xfs: support file data forks containing metadata btrees xfs: add realtime reverse map inode to metadata directory xfs: add metadata reservations for realtime rmap btrees xfs: wire up a new metafile type for the realtime rmap xfs: wire up rmap map and unmap to the realtime rmapbt xfs: create routine to allocate and initialize a realtime rmap btree inode xfs: wire up getfsmap to the realtime reverse mapping btree xfs: check that the rtrmapbt maxlevels doesn't increase when growing fs xfs: report realtime rmap btree corruption errors to the health system xfs: allow queued realtime intents to drain before scrubbing xfs: scrub the realtime rmapbt xfs: cross-reference realtime bitmap to realtime rmapbt scrubber xfs: cross-reference the realtime rmapbt xfs: scan rt rmap when we're doing an intense rmap check of bmbt mappings xfs: scrub the metadir path of rt rmap btree files xfs: walk the rt reverse mapping tree when rebuilding rmap xfs: online repair of realtime file bmaps xfs: repair inodes that have realtime extents xfs: repair rmap btree inodes xfs: online repair of realtime bitmaps for a realtime group xfs: support repairing metadata btrees rooted in metadir inodes xfs: online repair of the realtime rmap btree xfs: create a shadow rmap btree during realtime rmap repair xfs: hook live realtime rmap operations during a repair operation xfs: don't shut down the filesystem for media failures beyond end of log xfs: react to fsdax failure notifications on the rt device xfs: enable realtime rmap btree fs/xfs/Makefile | 3 + fs/xfs/libxfs/xfs_btree.c | 73 +++ fs/xfs/libxfs/xfs_btree.h | 8 +- fs/xfs/libxfs/xfs_btree_mem.c | 1 + fs/xfs/libxfs/xfs_btree_staging.c | 1 + fs/xfs/libxfs/xfs_defer.h | 1 + fs/xfs/libxfs/xfs_exchmaps.c | 4 +- fs/xfs/libxfs/xfs_format.h | 28 +- fs/xfs/libxfs/xfs_fs.h | 7 +- fs/xfs/libxfs/xfs_health.h | 4 +- fs/xfs/libxfs/xfs_inode_buf.c | 32 +- fs/xfs/libxfs/xfs_inode_fork.c | 25 + fs/xfs/libxfs/xfs_log_format.h | 6 +- fs/xfs/libxfs/xfs_log_recover.h | 2 + fs/xfs/libxfs/xfs_metafile.c | 18 + fs/xfs/libxfs/xfs_metafile.h | 2 + fs/xfs/libxfs/xfs_ondisk.h | 2 + fs/xfs/libxfs/xfs_refcount.c | 6 +- fs/xfs/libxfs/xfs_rmap.c | 171 +++++-- fs/xfs/libxfs/xfs_rmap.h | 12 +- fs/xfs/libxfs/xfs_rtbitmap.c | 2 +- fs/xfs/libxfs/xfs_rtbitmap.h | 9 + fs/xfs/libxfs/xfs_rtgroup.c | 53 +- fs/xfs/libxfs/xfs_rtgroup.h | 49 +- fs/xfs/libxfs/xfs_rtrmap_btree.c | 1011 +++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_rtrmap_btree.h | 210 ++++++++ fs/xfs/libxfs/xfs_sb.c | 6 + fs/xfs/libxfs/xfs_shared.h | 14 + fs/xfs/libxfs/xfs_trans_resv.c | 12 +- fs/xfs/libxfs/xfs_trans_space.h | 13 + fs/xfs/scrub/alloc_repair.c | 5 +- fs/xfs/scrub/bmap.c | 108 +++- fs/xfs/scrub/bmap_repair.c | 129 ++++- fs/xfs/scrub/common.c | 160 +++++- fs/xfs/scrub/common.h | 23 +- fs/xfs/scrub/health.c | 1 + fs/xfs/scrub/inode.c | 10 +- fs/xfs/scrub/inode_repair.c | 136 ++++- fs/xfs/scrub/metapath.c | 3 + fs/xfs/scrub/newbt.c | 42 ++ fs/xfs/scrub/newbt.h | 1 + fs/xfs/scrub/reap.c | 41 ++ fs/xfs/scrub/reap.h | 2 + fs/xfs/scrub/repair.c | 191 +++++++ fs/xfs/scrub/repair.h | 17 + fs/xfs/scrub/rgsuper.c | 6 +- fs/xfs/scrub/rmap_repair.c | 84 ++- fs/xfs/scrub/rtbitmap.c | 75 ++- fs/xfs/scrub/rtbitmap.h | 55 ++ fs/xfs/scrub/rtbitmap_repair.c | 429 +++++++++++++++- fs/xfs/scrub/rtrmap.c | 271 ++++++++++ fs/xfs/scrub/rtrmap_repair.c | 903 +++++++++++++++++++++++++++++++++ fs/xfs/scrub/rtsummary.c | 17 +- fs/xfs/scrub/rtsummary_repair.c | 3 +- fs/xfs/scrub/scrub.c | 11 +- fs/xfs/scrub/scrub.h | 14 + fs/xfs/scrub/stats.c | 1 + fs/xfs/scrub/tempexch.h | 2 +- fs/xfs/scrub/tempfile.c | 20 +- fs/xfs/scrub/trace.c | 1 + fs/xfs/scrub/trace.h | 228 ++++++++- fs/xfs/xfs_buf.c | 1 + fs/xfs/xfs_buf_item_recover.c | 4 + fs/xfs/xfs_drain.c | 20 +- fs/xfs/xfs_drain.h | 7 +- fs/xfs/xfs_fsmap.c | 174 ++++++- fs/xfs/xfs_fsops.c | 11 + fs/xfs/xfs_health.c | 1 + fs/xfs/xfs_inode.c | 19 +- fs/xfs/xfs_inode_item.c | 2 + fs/xfs/xfs_inode_item_recover.c | 44 +- fs/xfs/xfs_log_recover.c | 2 + fs/xfs/xfs_mount.c | 5 +- fs/xfs/xfs_mount.h | 9 + fs/xfs/xfs_notify_failure.c | 230 +++++---- fs/xfs/xfs_notify_failure.h | 11 + fs/xfs/xfs_qm.c | 8 +- fs/xfs/xfs_rmap_item.c | 216 +++++++- fs/xfs/xfs_rtalloc.c | 82 ++- fs/xfs/xfs_rtalloc.h | 10 + fs/xfs/xfs_stats.c | 4 +- fs/xfs/xfs_stats.h | 2 + fs/xfs/xfs_super.c | 6 - fs/xfs/xfs_super.h | 1 - fs/xfs/xfs_trace.h | 104 ++-- 85 files changed, 5381 insertions(+), 366 deletions(-) create mode 100644 fs/xfs/libxfs/xfs_rtrmap_btree.c create mode 100644 fs/xfs/libxfs/xfs_rtrmap_btree.h create mode 100644 fs/xfs/scrub/rtrmap.c create mode 100644 fs/xfs/scrub/rtrmap_repair.c create mode 100644 fs/xfs/xfs_notify_failure.h

7 months, 1 week

2
1
0 0

[GIT PULL 1/5] xfs: bug fixes for 6.13

by Darrick J. Wong

Hi Carlos, Please pull this branch with changes for xfs. As usual, I did a test-merge with the main upstream branch as of a few minutes ago, and didn't see any conflicts. Please let me know if you encounter any problems. --D The following changes since commit 4bbf9020becbfd8fc2c3da790855b7042fad455b: Linux 6.13-rc4 (2024-12-22 13:22:21 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git tags/xfs-6.13-fixes_2024-12-23 for you to fetch changes up to 1aacd3fac248902ea1f7607f2d12b93929a4833b: xfs: release the dquot buf outside of qli_lock (2024-12-23 13:06:01 -0800) ---------------------------------------------------------------- xfs: bug fixes for 6.13 [01/14] Bug fixes for 6.13. This has been running on the djcloud for months with no problems. Enjoy! Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> ---------------------------------------------------------------- Darrick J. Wong (2): xfs: don't over-report free space or inodes in statvfs xfs: release the dquot buf outside of qli_lock fs/xfs/xfs_dquot.c | 12 ++++++++---- fs/xfs/xfs_qm_bhv.c | 27 +++++++++++++++++---------- 2 files changed, 25 insertions(+), 14 deletions(-)

7 months, 1 week

2
1
0 0

[PATCH] wifi: mac80211: fix interger overflow in hwmp_route_info_get()

by Gavrilov Ilia

Since the new_metric and last_hop_metric variables can reach the MAX_METRIC(0xffffffff) value, an integer overflow may occur when multiplying them by 10/9. It can lead to incorrect behavior. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. Fixes: a8d418d9ac25 ("mac80211: mesh: only switch path when new metric is at least 10% better") Cc: stable(a)vger.kernel.org Signed-off-by: Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> --- net/mac80211/mesh_hwmp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c index 4e9546e998b6..7d367ff1efc2 100644 --- a/net/mac80211/mesh_hwmp.c +++ b/net/mac80211/mesh_hwmp.c @@ -458,7 +458,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata, (mpath->sn == orig_sn && (rcu_access_pointer(mpath->next_hop) != sta ? - mult_frac(new_metric, 10, 9) : + mult_frac((u64)new_metric, 10, 9) : new_metric) >= mpath->metric)) { process = false; fresh_info = false; @@ -533,7 +533,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata, if ((mpath->flags & MESH_PATH_FIXED) || ((mpath->flags & MESH_PATH_ACTIVE) && ((rcu_access_pointer(mpath->next_hop) != sta ? - mult_frac(last_hop_metric, 10, 9) : + mult_frac((u64)last_hop_metric, 10, 9) : last_hop_metric) > mpath->metric))) fresh_info = false; } else { -- 2.39.5

7 months, 1 week

2
1
0 0

[PATCH v2] Bluetooth: qca: Support downloading board ID specific NVM for WCN6855

by Zijun Hu

For WCN6855, board ID specific NVM needs to be downloaded once board ID is available, but the default NVM is always downloaded currently, and the wrong NVM causes poor RF performance which effects user experience. Fix by downloading board ID specific NVM if board ID is available. Cc: Bjorn Andersson <bjorande(a)quicinc.com> Cc: Aiqun Yu (Maria) <quic_aiquny(a)quicinc.com> Cc: Cheng Jiang <quic_chejiang(a)quicinc.com> Cc: Johan Hovold <johan(a)kernel.org> Cc: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Cc: Steev Klimaszewski <steev(a)kali.org> Cc: Paul Menzel <pmenzel(a)molgen.mpg.de> Fixes: 095327fede00 ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855") Cc: stable(a)vger.kernel.org # 6.4 Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Steev Klimaszewski <steev(a)kali.org> Tested-by: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Thank you Paul, Jens, Steev, Johan, Luiz for code review, various verification, comments and suggestions. these comments and suggestions are very good, and all of them are taken by this v2 patch. Regarding the variant 'g', sorry for that i can say nothing due to confidential information (CCI), but fortunately, we don't need to care about its difference against one without 'g' from BT host perspective, qca_get_hsp_nvm_name_generic() shows how to map BT chip to firmware. I will help to backport it to LTS kernels ASAP once this commit is mainlined. --- Changes in v2: - Correct subject and commit message - Temporarily add nvm fallback logic to speed up backport. — Add fix/stable tags as suggested by Luiz and Johan - Link to v1: https://lore.kernel.org/r/20241113-x13s_wcn6855_fix-v1-1-15af0aa2549c@quici… --- drivers/bluetooth/btqca.c | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index dfbbac92242a..ddfe7e3c9b50 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -717,6 +717,29 @@ static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, snprintf(fwname, max_size, "qca/hpnv%02x%s.%x", rom_ver, variant, bid); } +static void qca_get_hsp_nvm_name_generic(struct qca_fw_config *cfg, + struct qca_btsoc_version ver, + u8 rom_ver, u16 bid) +{ + const char *variant; + + /* hsp gf chip */ + if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID) + variant = "g"; + else + variant = ""; + + if (bid == 0x0) + snprintf(cfg->fwname, sizeof(cfg->fwname), "qca/hpnv%02x%s.bin", + rom_ver, variant); + else if (bid & 0xff00) + snprintf(cfg->fwname, sizeof(cfg->fwname), "qca/hpnv%02x%s.b%x", + rom_ver, variant, bid); + else + snprintf(cfg->fwname, sizeof(cfg->fwname), "qca/hpnv%02x%s.b%02x", + rom_ver, variant, bid); +} + static inline void qca_get_nvm_name_generic(struct qca_fw_config *cfg, const char *stem, u8 rom_ver, u16 bid) { @@ -810,8 +833,15 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, /* Give the controller some time to get ready to receive the NVM */ msleep(10); - if (soc_type == QCA_QCA2066 || soc_type == QCA_WCN7850) + switch (soc_type) { + case QCA_QCA2066: + case QCA_WCN6855: + case QCA_WCN7850: qca_read_fw_board_id(hdev, &boardid); + break; + default: + break; + } /* Download NVM configuration */ config.type = TLV_TYPE_NVM; @@ -848,8 +878,7 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, "qca/msnv%02x.bin", rom_ver); break; case QCA_WCN6855: - snprintf(config.fwname, sizeof(config.fwname), - "qca/hpnv%02x.bin", rom_ver); + qca_get_hsp_nvm_name_generic(&config, ver, rom_ver, boardid); break; case QCA_WCN7850: qca_get_nvm_name_generic(&config, "hmt", rom_ver, boardid); @@ -861,9 +890,18 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, } } +download_nvm: err = qca_download_firmware(hdev, &config, soc_type, rom_ver); if (err < 0) { bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err); + if (err == -ENOENT && boardid != 0 && + soc_type == QCA_WCN6855) { + boardid = 0; + qca_get_hsp_nvm_name_generic(&config, ver, + rom_ver, boardid); + bt_dev_warn(hdev, "QCA fallback to default NVM"); + goto download_nvm; + } return err; } --- base-commit: e88b020190bf5bc3e7ce5bd8003fc39b23cc95fe change-id: 20241113-x13s_wcn6855_fix-53c573ff7878 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

7 months, 1 week

5
8
0 0

[PATCH 6.12 000/172] 6.12.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.6 release. There are 172 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Dec 2024 17:05:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.6-rc1 Juergen Gross <jgross(a)suse.com> x86/xen: remove hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: use new hypercall functions instead of hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: add central hypercall functions Juergen Gross <jgross(a)suse.com> x86/xen: don't do PV iret hypercall through hypercall page Juergen Gross <jgross(a)suse.com> x86/static-call: provide a way to do very early static-call updates Juergen Gross <jgross(a)suse.com> objtool/x86: allow syscall instruction Juergen Gross <jgross(a)suse.com> x86: make get_cpu_vendor() accessible from Xen code Juergen Gross <jgross(a)suse.com> xen/netfront: fix crash when removing device James Morse <james.morse(a)arm.com> KVM: arm64: Disable MPAM visibility by default and ignore VMM writes Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: set `bindgen`'s Rust target version Nilay Shroff <nilay(a)linux.ibm.com> block: Fix potential deadlock while freezing queue and acquiring sysfs_lock Ming Lei <ming.lei(a)redhat.com> blk-mq: move cpuhp callback registering out of q->sysfs_lock Weizhao Ouyang <o451686892(a)gmail.com> kselftest/arm64: abi: fix SVCR detection Nathan Chancellor <nathan(a)kernel.org> blk-iocost: Avoid using clamp() on inuse in __propagate_weights() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/reg_sr: Remove register pool Mirsad Todorovac <mtodorovac69(a)gmail.com> drm/xe: fix the ERR_PTR() returned on failure to allocate tiny pt Robert Hodaszi <robert.hodaszi(a)digi.com> net: dsa: tag_ocelot_8021q: fix broken reception Jesse Van Gavere <jesseevg(a)gmail.com> net: dsa: microchip: KSZ9896 register regmap alignment to 32 bit boundaries Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix initial MPIC register setting Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Bluetooth: btmtk: avoid UAF in btmtk_process_coredump Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix circular lock in iso_conn_big_sync Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix circular lock in iso_listen_bis Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: SCO: Add support for 16 bits transparent voice setting Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix recursive locking warning Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Always release hdev at the end of iso_listen_bis Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array Daniel Borkmann <daniel(a)iogearbox.net> team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> team: Fix initial vlan_feature set in __team_compute_features Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features Daniel Borkmann <daniel(a)iogearbox.net> net, team, bonding: Add netdev_base_features helper Martin Ottens <martin.ottens(a)fau.de> net/sched: netem: account for backlog updates from child qdisc Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix stuck CPU-injected packets with short taprio windows Maxim Levitsky <mlevitsk(a)redhat.com> net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs Maxim Levitsky <mlevitsk(a)redhat.com> net: mana: Fix memory leak in mana_gd_setup_irqs Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: do not defer rule destruction via call_rcu Phil Sutter <phil(a)nwl.cc> netfilter: IDLETIMER: Fix for possible ABBA deadlock Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Stabilize rpath.sh Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_spdif: change IFACE_PCM to IFACE_MIXER Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: change IFACE_PCM to IFACE_MIXER James Clark <james.clark(a)linaro.org> libperf: evlist: Fix --cpu argument on hybrid platform Michal Luczaj <mhal(a)rbox.co> Bluetooth: Improve setsockopt() handling of malformed user input Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2781: Fix calibration issue in stress test Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: handle stop vs interrupt race Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: avoid use-after-put for a device tree node Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix leaked pointer on error path Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix race window between tx start and complete Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix possible early skb release David Howells <dhowells(a)redhat.com> cifs: Fix rmdir failure due to ongoing I/O on deleted file Petr Machata <petrm(a)nvidia.com> Documentation: networking: Add a caveat to nexthop_compat_mode sysctl Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips LongPing Wei <weilongping(a)oppo.com> block: get wp_offset by bdev_offset_from_zone_start Paul Barker <paul.barker.ct(a)bp.renesas.com> Documentation: PM: Clarify pm_runtime_resume_and_get() return value Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: yc: Fix the wrong return value Takashi Iwai <tiwai(a)suse.de> ALSA: control: Avoid WARN() for symlink errors Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make driver probing reliable Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix clock speed for multiple QCA7000 Anumula Murali Mohan Reddy <anumula(a)chelsio.com> cxgb4: use port number to set mac addr Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> ACPI: resource: Fix memory resource type union access Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix the maximum frame length register Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix FDMA performance issue Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() Philippe Simons <simons.philippe(a)gmail.com> regulator: axp20x: AXP717: set ramp_delay Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: be resilient to loss of PTP packets during transmission Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: ocelot->ts_id_lock and ocelot_port->tx_skbs.lock are IRQ-safe Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: improve handling of TX timestamp for unknown skb Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix memory leak on ocelot_port_add_txtstamp_skb() Eric Dumazet <edumazet(a)google.com> net: defer final 'struct net' free in netns dismantle Eric Dumazet <edumazet(a)google.com> net: lapb: increase LAPB_HEADER_LEN Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix GSO type for HW GRO packets on 5750X chips Thomas Weißschuh <linux(a)weissschuh.net> ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init() Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Ensure no extra packets are counted Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove duplicate test cases Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove h1 ingress test case Haoyu Li <lihaoyu499(a)gmail.com> wifi: cfg80211: sme: init n_channels before channels[] access Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx5: DR, prevent potential error pointer dereference Eric Dumazet <edumazet(a)google.com> tipc: fix NULL deref in cleanup_bearer() Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not let TT changes list grows indefinitely Remi Pommarel <repk(a)triplefau.lt> batman-adv: Remove uninitialized data in full table TT response Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not send uninitialized TT changes David (Ming Qiang) Wu <David.Wu3(a)amd.com> amdgpu/uvd: get ring reference from rq scheduler Suraj Sonawane <surajsonawane0215(a)gmail.com> acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Arnaldo Carvalho de Melo <acme(a)kernel.org> perf machine: Initialize machine->env to address a segfault Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mac80211: fix station NSS capability initialization order Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: fix a queue stall in certain cases of CSA Haoyu Li <lihaoyu499(a)gmail.com> wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon Lin Ma <linma(a)zju.edu.cn> wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix build-id event recording Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Augment raw_tp arguments with PTR_MAYBE_NULL Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix update element with same Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix race between element replace and close() Jiri Olsa <jolsa(a)kernel.org> bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Jann Horn <jannh(a)google.com> bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Check size for BTF-based ctx access of pointer members Darrick J. Wong <djwong(a)kernel.org> xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Darrick J. Wong <djwong(a)kernel.org> xfs: only run precommits once per transaction object Darrick J. Wong <djwong(a)kernel.org> xfs: fix scrub tracepoints when inode-rooted btrees are involved Darrick J. Wong <djwong(a)kernel.org> xfs: return from xfs_symlink_verify early on V4 filesystems Darrick J. Wong <djwong(a)kernel.org> xfs: fix null bno_hint handling in xfs_rtallocate_rtg Darrick J. Wong <djwong(a)kernel.org> xfs: return a 64-bit block count from xfs_btree_count_blocks Darrick J. Wong <djwong(a)kernel.org> xfs: don't drop errno values when we fail to ficlone the entire range Darrick J. Wong <djwong(a)kernel.org> xfs: update btree keys correctly when _insrec splits an inode root block Darrick J. Wong <djwong(a)kernel.org> xfs: set XFS_SICK_INO_SYMLINK_ZAPPED explicitly when zapping a symlink Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: hard-code MALL cacheline size for gfx11, gfx12 Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: hard-code cacheline size for gfx11 Andrew Martin <Andrew.Martin(a)amd.com> drm/amdkfd: Dereference null return value Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix when the cleaner shader is emitted Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: Set SMU v13.0.7 default workload type Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix UVD contiguous CS mapping problem Eugene Kobyak <eugene.kobyak(a)intel.com> drm/i915: Fix NULL pointer dereference in capture_engine Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/color: Stop using non-posted DSB writes for legacy LUT Jiasheng Jiang <jiashengjiangcool(a)outlook.com> drm/i915: Fix memory leak by correcting cache object name in error handler Jesse.zhang(a)amd.com <Jesse.zhang(a)amd.com> drm/amdkfd: pause autosuspend when creating pdd Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe: Call invalidation_fence_fini for PT inval fences in error state Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Remove cache tags before disabling ATS Luis Claudio R. Goncalves <lgoncalv(a)redhat.com> iommu/tegra241-cmdqv: do not use smp_processor_id in preemptible context Neal Frager <neal.frager(a)amd.com> usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode Łukasz Bartosik <ukaszb(a)chromium.org> usb: typec: ucsi: Fix completion notifications Lianqin Hu <hulianqin(a)vivo.com> usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() Xu Yang <xu.yang_2(a)nxp.com> usb: dwc3: imx8mp: fix software node kernel dump Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: typec: anx7411: fix fwnode_handle reference leak Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-hcd: fix call balance of clocks handling routines Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix interpretation of is_midi1 bits liuderong <liuderong(a)oppo.com> scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD port connection race Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD resume Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL" Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: only check primary hcd skip_phy_initialization Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Check if GPIO line can be used for IRQs Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Determine if GPIO pad can be used by driver Shankar Bandal <shankar.bandal(a)intel.com> gpio: graniterapids: Fix invalid RXEVCFG register bitmask Shankar Bandal <shankar.bandal(a)intel.com> gpio: graniterapids: Fix invalid GPI_IS register offset Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix incorrect BAR assignment Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix vGPIO driver crash Damien Le Moal <dlemoal(a)kernel.org> block: Ignore REQ_NOWAIT for zone reset and zone finish operations Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> usb: host: max3421-hcd: Correctly abort a USB request. Miguel Ojeda <ojeda(a)kernel.org> drm/panic: remove spurious empty line to clean warning Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/debugfs - fix the struct pointer incorrectly offset problem Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix IPIs usage in kfence_protect_page() Hridesh MG <hridesh699(a)gmail.com> ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 Jaakko Salo <jaakkos(a)gmail.com> ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 Haoyu Li <lihaoyu499(a)gmail.com> gpio: ljca: Initialize num before accessing item in ljca_gpio_config Christian Loehle <christian.loehle(a)arm.com> spi: rockchip: Fix PM runtime count on no-op cs Shakeel Butt <shakeel.butt(a)linux.dev> memcg: slub: fix SUnreclaim for post charged objects Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix GPIO Ack functionality Damien Le Moal <dlemoal(a)kernel.org> block: Prevent potential deadlocks in zone write plug error recovery Damien Le Moal <dlemoal(a)kernel.org> dm: Fix dm-zoned-reclaim zone write pointer alignment Damien Le Moal <dlemoal(a)kernel.org> block: Use a zone write plug BIO work for REQ_NOWAIT BIOs Damien Le Moal <dlemoal(a)kernel.org> block: Switch to using refcount_t for zone write plugs Tejun Heo <tj(a)kernel.org> blk-cgroup: Fix UAF in blkcg_unpin_online() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix wrong usage of __pa() on a fixmap address Björn Töpel <bjorn(a)rivosinc.com> riscv: mm: Do not call pmd dtor on vmemmap page table teardown Koichiro Den <koichiro.den(a)canonical.com> virtio_net: ensure netdev_tx_reset_queue is called on tx ring resize Koichiro Den <koichiro.den(a)canonical.com> virtio_ring: add a func argument 'recycle_done' to virtqueue_resize() Koichiro Den <koichiro.den(a)canonical.com> virtio_net: correct netdev_tx_reset_queue() invocation point Kuan-Wei Chiu <visitorckw(a)gmail.com> perf ftrace: Fix undefined behavior in cmp_profile_data() MoYuanhao <moyuanhao3676(a)163.com> tcp: check space before adding MPTCP SYN options Frederik Deweerdt <deweerdt.lkml(a)gmail.com> splice: do not checksum AF_UNIX sockets Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue from session lookup and expire Christian Marangi <ansuelsmth(a)gmail.com> clk: en7523: Fix wrong BUS clock for EN7581 Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix replenish_dl_new_period dl_server condition Jann Horn <jannh(a)google.com> bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check if TX data was written to device in .tx_empty() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> usb: misc: onboard_usb_dev: skip suspend/resume sequence for USB5744 SMBus support ------------- Diffstat: Documentation/networking/ip-sysctl.rst | 6 + Documentation/power/runtime_pm.rst | 4 +- Makefile | 4 +- arch/arm64/kvm/sys_regs.c | 55 ++- arch/riscv/include/asm/kfence.h | 4 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/mm/init.c | 7 +- arch/x86/events/intel/ds.c | 2 +- arch/x86/include/asm/processor.h | 2 + arch/x86/include/asm/static_call.h | 15 + arch/x86/include/asm/sync_core.h | 6 +- arch/x86/include/asm/xen/hypercall.h | 36 +- arch/x86/kernel/callthunks.c | 5 - arch/x86/kernel/cpu/common.c | 38 +- arch/x86/kernel/static_call.c | 9 + arch/x86/xen/enlighten.c | 64 ++- arch/x86/xen/enlighten_hvm.c | 13 +- arch/x86/xen/enlighten_pv.c | 4 +- arch/x86/xen/enlighten_pvh.c | 7 - arch/x86/xen/xen-asm.S | 50 +- arch/x86/xen/xen-head.S | 106 ++++- arch/x86/xen/xen-ops.h | 9 + block/blk-cgroup.c | 6 +- block/blk-iocost.c | 9 +- block/blk-mq-sysfs.c | 16 +- block/blk-mq.c | 127 ++++- block/blk-sysfs.c | 4 +- block/blk-zoned.c | 526 +++++++++------------ drivers/acpi/acpica/evxfregn.c | 2 - drivers/acpi/nfit/core.c | 7 +- drivers/acpi/resource.c | 6 +- drivers/ata/sata_highbank.c | 1 + drivers/bluetooth/btmtk.c | 20 +- drivers/clk/clk-en7523.c | 5 +- drivers/crypto/hisilicon/debugfs.c | 4 +- drivers/gpio/gpio-graniterapids.c | 52 +- drivers/gpio/gpio-ljca.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 13 +- drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 24 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 23 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 12 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 1 + drivers/gpu/drm/drm_panic_qr.rs | 1 - drivers/gpu/drm/i915/display/intel_color.c | 30 +- drivers/gpu/drm/i915/i915_gpu_error.c | 18 +- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- drivers/gpu/drm/xe/tests/xe_migrate.c | 4 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 + drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h | 1 + drivers/gpu/drm/xe/xe_pt.c | 3 +- drivers/gpu/drm/xe/xe_reg_sr.c | 31 +- drivers/gpu/drm/xe/xe_reg_sr_types.h | 6 - drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 2 +- drivers/iommu/intel/cache.c | 34 +- drivers/iommu/intel/iommu.c | 4 +- drivers/md/dm-zoned-reclaim.c | 6 +- drivers/net/bonding/bond_main.c | 10 +- drivers/net/dsa/microchip/ksz_common.c | 42 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 17 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 14 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 9 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 5 +- .../mellanox/mlx5/core/steering/dr_domain.c | 4 +- .../net/ethernet/microchip/sparx5/sparx5_main.c | 11 +- .../net/ethernet/microchip/sparx5/sparx5_port.c | 2 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 6 +- drivers/net/ethernet/mscc/ocelot_ptp.c | 207 ++++---- drivers/net/ethernet/qualcomm/qca_spi.c | 26 +- drivers/net/ethernet/qualcomm/qca_spi.h | 1 - drivers/net/ethernet/renesas/rswitch.c | 95 ++-- drivers/net/ethernet/renesas/rswitch.h | 14 +- drivers/net/team/team_core.c | 11 +- drivers/net/virtio_net.c | 24 +- drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +- drivers/net/xen-netfront.c | 5 +- drivers/ptp/ptp_kvm_x86.c | 6 +- drivers/regulator/axp20x-regulator.c | 36 +- drivers/spi/spi-aspeed-smc.c | 10 +- drivers/spi/spi-rockchip.c | 14 + drivers/tty/serial/sh-sci.c | 29 ++ drivers/ufs/core/ufshcd.c | 1 + drivers/usb/core/hcd.c | 8 +- drivers/usb/dwc2/hcd.c | 19 +- drivers/usb/dwc3/dwc3-imx8mp.c | 30 +- drivers/usb/dwc3/dwc3-xilinx.c | 5 +- drivers/usb/gadget/function/f_midi2.c | 6 +- drivers/usb/gadget/function/u_serial.c | 9 +- drivers/usb/host/ehci-sh.c | 9 +- drivers/usb/host/max3421-hcd.c | 16 +- drivers/usb/misc/onboard_usb_dev.c | 4 +- drivers/usb/typec/anx7411.c | 66 ++- drivers/usb/typec/ucsi/ucsi.c | 6 +- drivers/virtio/virtio_ring.c | 6 +- fs/smb/client/inode.c | 5 +- fs/smb/server/auth.c | 2 + fs/smb/server/mgmt/user_session.c | 6 +- fs/smb/server/server.c | 4 +- fs/smb/server/smb2pdu.c | 27 +- fs/xfs/libxfs/xfs_btree.c | 33 +- fs/xfs/libxfs/xfs_btree.h | 2 +- fs/xfs/libxfs/xfs_ialloc_btree.c | 4 +- fs/xfs/libxfs/xfs_symlink_remote.c | 4 +- fs/xfs/scrub/agheader.c | 6 +- fs/xfs/scrub/agheader_repair.c | 6 +- fs/xfs/scrub/fscounters.c | 2 +- fs/xfs/scrub/ialloc.c | 4 +- fs/xfs/scrub/refcount.c | 2 +- fs/xfs/scrub/symlink_repair.c | 3 +- fs/xfs/scrub/trace.h | 2 +- fs/xfs/xfs_bmap_util.c | 2 +- fs/xfs/xfs_file.c | 8 + fs/xfs/xfs_rtalloc.c | 2 +- fs/xfs/xfs_trans.c | 19 +- include/linux/blkdev.h | 5 +- include/linux/bpf.h | 19 +- include/linux/compiler.h | 39 +- include/linux/dsa/ocelot.h | 1 + include/linux/netdev_features.h | 7 + include/linux/static_call.h | 1 + include/linux/virtio.h | 3 +- include/net/bluetooth/bluetooth.h | 10 +- include/net/lapb.h | 2 +- include/net/mac80211.h | 4 +- include/net/net_namespace.h | 1 + include/net/netfilter/nf_tables.h | 4 - include/soc/mscc/ocelot.h | 2 - kernel/bpf/btf.c | 149 +++++- kernel/bpf/verifier.c | 79 +--- kernel/sched/deadline.c | 2 +- kernel/static_call_inline.c | 2 +- kernel/trace/bpf_trace.c | 11 + kernel/trace/trace_uprobe.c | 6 +- mm/slub.c | 21 +- net/batman-adv/translation-table.c | 58 ++- net/bluetooth/hci_event.c | 33 +- net/bluetooth/hci_sock.c | 14 +- net/bluetooth/iso.c | 71 ++- net/bluetooth/l2cap_sock.c | 20 +- net/bluetooth/rfcomm/sock.c | 9 +- net/bluetooth/sco.c | 40 +- net/core/net_namespace.c | 20 +- net/core/sock_map.c | 6 +- net/dsa/tag_ocelot_8021q.c | 2 +- net/ipv4/tcp_output.c | 6 +- net/mac80211/cfg.c | 9 +- net/mac80211/ieee80211_i.h | 49 +- net/mac80211/iface.c | 12 +- net/mac80211/mlme.c | 2 - net/mac80211/util.c | 23 +- net/netfilter/nf_tables_api.c | 32 +- net/netfilter/xt_IDLETIMER.c | 52 +- net/sched/sch_netem.c | 22 +- net/tipc/udp_media.c | 7 +- net/unix/af_unix.c | 1 + net/wireless/nl80211.c | 2 +- net/wireless/sme.c | 1 + rust/Makefile | 15 +- sound/core/control_led.c | 14 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 13 +- sound/soc/codecs/tas2781-i2c.c | 2 +- sound/soc/fsl/fsl_spdif.c | 2 +- sound/soc/fsl/fsl_xcvr.c | 2 +- sound/soc/intel/boards/sof_sdw.c | 8 +- sound/usb/quirks.c | 2 + tools/lib/perf/evlist.c | 18 +- tools/objtool/check.c | 9 +- tools/perf/builtin-ftrace.c | 3 +- tools/perf/util/build-id.c | 4 +- tools/perf/util/machine.c | 2 + .../testing/selftests/arm64/abi/syscall-abi-asm.S | 32 +- .../selftests/bpf/progs/test_tp_btf_nullable.c | 6 +- .../selftests/bpf/progs/verifier_btf_ctx_access.c | 4 +- .../testing/selftests/bpf/progs/verifier_d_path.c | 4 +- .../selftests/drivers/net/mlxsw/sharedbuffer.sh | 55 ++- tools/testing/selftests/net/netfilter/rpath.sh | 18 +- 182 files changed, 2200 insertions(+), 1299 deletions(-)

7 months, 1 week

18
194
0 0

[PATCH 5.10 1/1] Bluetooth: L2CAP: Fix uaf in l2cap_connect

by d.privalov

From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> commit 333b4fd11e89b29c84c269123f871883a30be586 upstream. [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54 CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: hci2 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline] l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline] l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline] l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825 l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514 hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline] hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 ... Freed by task 5245: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2256 [inline] slab_free mm/slub.c:4477 [inline] kfree+0x12a/0x3b0 mm/slub.c:4598 l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline] kref_put include/linux/kref.h:65 [inline] l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline] l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802 l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241 hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline] hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265 hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583 abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917 hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Reported-by: syzbot+c12e2f941af1feb5632c(a)syzkaller.appspotmail.com Tested-by: syzbot+c12e2f941af1feb5632c(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c12e2f941af1feb5632c Fixes: 7b064edae38d ("Bluetooth: Fix authentication if acl data comes before remote feature evt") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- net/bluetooth/hci_core.c | 2 ++ net/bluetooth/hci_event.c | 2 +- net/bluetooth/l2cap_core.c | 9 --------- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 9787a4c55113..c4c86407b920 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -4769,6 +4769,8 @@ static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) hci_dev_lock(hdev); conn = hci_conn_hash_lookup_handle(hdev, handle); + if (conn && hci_dev_test_flag(hdev, HCI_MGMT)) + mgmt_device_connected(hdev, conn, 0, NULL, 0); hci_dev_unlock(hdev); if (conn) { diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 58c029958759..634b12b19b32 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -3245,7 +3245,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev, goto unlock; } - if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { + if (!ev->status) { struct hci_cp_remote_name_req cp; memset(&cp, 0, sizeof(cp)); bacpy(&cp.bdaddr, &conn->dst); diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 23fc03f7bf31..cad0e535ff81 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -4272,18 +4272,9 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, static int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) { - struct hci_dev *hdev = conn->hcon->hdev; - struct hci_conn *hcon = conn->hcon; - if (cmd_len < sizeof(struct l2cap_conn_req)) return -EPROTO; - hci_dev_lock(hdev); - if (hci_dev_test_flag(hdev, HCI_MGMT) && - !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags)) - mgmt_device_connected(hdev, hcon, 0, NULL, 0); - hci_dev_unlock(hdev); - l2cap_connect(conn, cmd, data, L2CAP_CONN_RSP, 0); return 0; } -- 2.34.1

7 months, 1 week

2
3
0 0

[PATCH] drm/amdgpu: fix backport of commit 73dae652dcac

by Alex Deucher

Commit 73dae652dcac ("drm/amdgpu: rework resume handling for display (v2)") missed a small code change when it was backported resulting in an automatic backlight control breakage. Fix the backport. Note that this patch is not in Linus' tree as it is not required there; the bug was introduced in the backport. Fixes: 99a02eab8251 ("drm/amdgpu: rework resume handling for display (v2)") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3853 Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 6.11.x --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index 51904906545e..45e28726e148 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -3721,8 +3721,12 @@ static int amdgpu_device_ip_resume_phase3(struct amdgpu_device *adev) continue; if (adev->ip_blocks[i].version->type == AMD_IP_BLOCK_TYPE_DCE) { r = adev->ip_blocks[i].version->funcs->resume(adev); - if (r) + if (r) { + DRM_ERROR("resume of IP block <%s> failed %d\n", + adev->ip_blocks[i].version->funcs->name, r); return r; + } + adev->ip_blocks[i].status.hw = true; } } -- 2.47.1

7 months, 2 weeks

5
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2024