March 2024 - Linux-stable-mirror

+ crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: crash: use macro to add crashk_res into iomem early for specific arch has been added to the -mm mm-hotfixes-unstable branch. Its filename is crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Baoquan He <bhe(a)redhat.com> Subject: crash: use macro to add crashk_res into iomem early for specific arch Date: Mon, 25 Mar 2024 09:50:50 +0800 There are regression reports[1][2] that crashkernel region on x86_64 can't be added into iomem tree sometime. This causes the later failure of kdump loading. This happened after commit 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") was merged. Even though, these reported issues are proved to be related to other component, they are just exposed after above commmit applied, I still would like to keep crashk_res and crashk_low_res being added into iomem early as before because the early adding has been always there on x86_64 and working very well. For safety of kdump, Let's change it back. Here, add a macro HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY to limit that only ARCH defining the macro can have the early adding crashk_res/_low_res into iomem. Then define HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY on x86 to enable it. Note: In reserve_crashkernel_low(), there's a remnant of crashk_low_res handling which was mistakenly added back in commit 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c"). [1] [PATCH V2] x86/kexec: do not update E820 kexec table for setup_data https://lore.kernel.org/all/Zfv8iCL6CT2JqLIC@darkstar.users.ipa.redhat.com/… [2] Question about Address Range Validation in Crash Kernel Allocation https://lore.kernel.org/all/4eeac1f733584855965a2ea62fa4da58@huawei.com/T/#u Link: https://lkml.kernel.org/r/ZgDYemRQ2jxjLkq+@MiWiFi-R3L-srv Fixes: 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") Signed-off-by: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Huacai Chen <chenhuacai(a)loongson.cn> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Jiri Bohac <jbohac(a)suse.cz> Cc: Li Huafei <lihuafei1(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/include/asm/crash_reserve.h | 2 ++ kernel/crash_reserve.c | 7 +++++++ 2 files changed, 9 insertions(+) --- a/arch/x86/include/asm/crash_reserve.h~crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch +++ a/arch/x86/include/asm/crash_reserve.h @@ -39,4 +39,6 @@ static inline unsigned long crash_low_si #endif } +#define HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY + #endif /* _X86_CRASH_RESERVE_H */ --- a/kernel/crash_reserve.c~crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch +++ a/kernel/crash_reserve.c @@ -366,8 +366,10 @@ static int __init reserve_crashkernel_lo crashk_low_res.start = low_base; crashk_low_res.end = low_base + low_size - 1; +#ifdef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY insert_resource(&iomem_resource, &crashk_low_res); #endif +#endif return 0; } @@ -448,8 +450,12 @@ retry: crashk_res.start = crash_base; crashk_res.end = crash_base + crash_size - 1; +#ifdef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY + insert_resource(&iomem_resource, &crashk_res); +#endif } +#ifndef HAVE_ARCH_ADD_CRASH_RES_TO_IOMEM_EARLY static __init int insert_crashkernel_resources(void) { if (crashk_res.start < crashk_res.end) @@ -462,3 +468,4 @@ static __init int insert_crashkernel_res } early_initcall(insert_crashkernel_resources); #endif +#endif _ Patches currently in -mm which might be from bhe(a)redhat.com are crash-use-macro-to-add-crashk_res-into-iomem-early-for-specific-arch.patch mm-vmallocc-optimize-to-reduce-arguments-of-alloc_vmap_area.patch x86-remove-unneeded-memblock_find_dma_reserve.patch mm-mm_initc-remove-the-useless-dma_reserve.patch mm-mm_initc-add-new-function-calc_nr_all_pages.patch mm-mm_initc-remove-meaningless-calculation-of-zone-managed_pages-in-free_area_init_core.patch mm-mm_initc-remove-unneeded-calc_memmap_size.patch mm-mm_initc-remove-arch_reserved_kernel_pages.patch

9 months, 2 weeks

1
0
0 0

+ mm-zswap-fix-data-loss-on-swp_synchronous_io-devices.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-zswap-fix-data-loss-on-swp_synchronous_io-devices.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: zswap: fix data loss on SWP_SYNCHRONOUS_IO devices Date: Sun, 24 Mar 2024 17:04:47 -0400 Zhongkun He reports data corruption when combining zswap with zram. The issue is the exclusive loads we're doing in zswap. They assume that all reads are going into the swapcache, which can assume authoritative ownership of the data and so the zswap copy can go. However, zram files are marked SWP_SYNCHRONOUS_IO, and faults will try to bypass the swapcache. This results in an optimistic read of the swap data into a page that will be dismissed if the fault fails due to races. In this case, zswap mustn't drop its authoritative copy. Link: https://lore.kernel.org/all/CACSyD1N+dUvsu8=zV9P691B9bVq33erwOXNTmEaUbi9DrD… Fixes: b9c91c43412f ("mm: zswap: support exclusive loads") Link: https://lkml.kernel.org/r/20240324210447.956973-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reported-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Tested-by: Zhongkun He <hezhongkun.hzk(a)bytedance.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) --- a/mm/zswap.c~mm-zswap-fix-data-loss-on-swp_synchronous_io-devices +++ a/mm/zswap.c @@ -1636,6 +1636,7 @@ bool zswap_load(struct folio *folio) swp_entry_t swp = folio->swap; pgoff_t offset = swp_offset(swp); struct page *page = &folio->page; + bool swapcache = folio_test_swapcache(folio); struct zswap_tree *tree = swap_zswap_tree(swp); struct zswap_entry *entry; u8 *dst; @@ -1648,7 +1649,20 @@ bool zswap_load(struct folio *folio) spin_unlock(&tree->lock); return false; } - zswap_rb_erase(&tree->rbroot, entry); + /* + * When reading into the swapcache, invalidate our entry. The + * swapcache can be the authoritative owner of the page and + * its mappings, and the pressure that results from having two + * in-memory copies outweighs any benefits of caching the + * compression work. + * + * (Most swapins go through the swapcache. The notable + * exception is the singleton fault on SWP_SYNCHRONOUS_IO + * files, which reads into a private page and may free it if + * the fault fails. We remain the primary owner of the entry.) + */ + if (swapcache) + zswap_rb_erase(&tree->rbroot, entry); spin_unlock(&tree->lock); if (entry->length) @@ -1663,9 +1677,10 @@ bool zswap_load(struct folio *folio) if (entry->objcg) count_objcg_event(entry->objcg, ZSWPIN); - zswap_entry_free(entry); - - folio_mark_dirty(folio); + if (swapcache) { + zswap_entry_free(entry); + folio_mark_dirty(folio); + } return true; } _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-cachestat-fix-two-shmem-bugs.patch mm-zswap-fix-writeback-shinker-gfp_noio-gfp_nofs-recursion.patch mm-zswap-fix-data-loss-on-swp_synchronous_io-devices.patch mm-zswap-optimize-zswap-pool-size-tracking.patch mm-zpool-return-pool-size-in-pages.patch mm-page_alloc-remove-pcppage-migratetype-caching.patch mm-page_alloc-optimize-free_unref_folios.patch mm-page_alloc-fix-up-block-types-when-merging-compatible-blocks.patch mm-page_alloc-move-free-pages-when-converting-block-during-isolation.patch mm-page_alloc-fix-move_freepages_block-range-error.patch mm-page_alloc-fix-freelist-movement-during-block-conversion.patch mm-page_alloc-close-migratetype-race-between-freeing-and-stealing.patch mm-page_isolation-prepare-for-hygienic-freelists.patch mm-page_isolation-prepare-for-hygienic-freelists-fix.patch mm-page_alloc-consolidate-free-page-accounting.patch

9 months, 2 weeks

1
0
0 0

+ selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix ARM related issue with fork after pthread_create has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Edward Liaw <edliaw(a)google.com> Subject: selftests/mm: fix ARM related issue with fork after pthread_create Date: Mon, 25 Mar 2024 19:40:52 +0000 Following issue was observed while running the uffd-unit-tests selftest on ARM devices. On x86_64 no issues were detected: pthread_create followed by fork caused deadlock in certain cases wherein fork required some work to be completed by the created thread. Used synchronization to ensure that created thread's start function has started before invoking fork. [edliaw(a)google.com: refactored to use atomic_bool] Link: https://lkml.kernel.org/r/20240325194100.775052-1-edliaw@google.com Fixes: 760aee0b71e3 ("selftests/mm: add tests for RO pinning vs fork()") Signed-off-by: Lokesh Gidra <lokeshgidra(a)google.com> Signed-off-by: Edward Liaw <edliaw(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-common.c | 3 +++ tools/testing/selftests/mm/uffd-common.h | 2 ++ tools/testing/selftests/mm/uffd-unit-tests.c | 10 ++++++++++ 3 files changed, 15 insertions(+) --- a/tools/testing/selftests/mm/uffd-common.c~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-common.c @@ -18,6 +18,7 @@ bool test_uffdio_wp = true; unsigned long long *count_verify; uffd_test_ops_t *uffd_test_ops; uffd_test_case_ops_t *uffd_test_case_ops; +atomic_bool ready_for_fork; static int uffd_mem_fd_create(off_t mem_size, bool hugetlb) { @@ -518,6 +519,8 @@ void *uffd_poll_thread(void *arg) pollfd[1].fd = pipefd[cpu*2]; pollfd[1].events = POLLIN; + ready_for_fork = true; + for (;;) { ret = poll(pollfd, 2, -1); if (ret <= 0) { --- a/tools/testing/selftests/mm/uffd-common.h~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-common.h @@ -32,6 +32,7 @@ #include <inttypes.h> #include <stdint.h> #include <sys/random.h> +#include <stdatomic.h> #include "../kselftest.h" #include "vm_util.h" @@ -103,6 +104,7 @@ extern bool map_shared; extern bool test_uffdio_wp; extern unsigned long long *count_verify; extern volatile bool test_uffdio_copy_eexist; +extern atomic_bool ready_for_fork; extern uffd_test_ops_t anon_uffd_test_ops; extern uffd_test_ops_t shmem_uffd_test_ops; --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -775,6 +775,8 @@ static void uffd_sigbus_test_common(bool char c; struct uffd_args args = { 0 }; + ready_for_fork = false; + fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK); if (uffd_register(uffd, area_dst, nr_pages * page_size, @@ -790,6 +792,9 @@ static void uffd_sigbus_test_common(bool if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args)) err("uffd_poll_thread create"); + while (!ready_for_fork) + ; /* Wait for the poll_thread to start executing before forking */ + pid = fork(); if (pid < 0) err("fork"); @@ -829,6 +834,8 @@ static void uffd_events_test_common(bool char c; struct uffd_args args = { 0 }; + ready_for_fork = false; + fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK); if (uffd_register(uffd, area_dst, nr_pages * page_size, true, wp, false)) @@ -838,6 +845,9 @@ static void uffd_events_test_common(bool if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args)) err("uffd_poll_thread create"); + while (!ready_for_fork) + ; /* Wait for the poll_thread to start executing before forking */ + pid = fork(); if (pid < 0) err("fork"); _ Patches currently in -mm which might be from edliaw(a)google.com are selftests-mm-sigbus-wp-test-requires-uffd_feature_wp_hugetlbfs_shmem.patch selftests-mm-fix-arm-related-issue-with-fork-after-pthread_create.patch

9 months, 2 weeks

1
0
0 0

[PATCH 5.10 000/237] 5.10.214-rc2 review

by Sasha Levin

This is the start of the stable review cycle for the 5.10.214 release. There are 237 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Mar 27 11:59:18 AM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Ajay Singh (1): wifi: wilc1000: fix multi-vif management when deleting a vif Alban Boyé (1): ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet Alex Bee (1): drm/rockchip: inno_hdmi: Fix video timing Alexander Gordeev (1): net/iucv: fix the allocation size of iucv_path_table array Alexander Stein (1): media: tc358743: register v4l2 async device only after successful setup Alexei Starovoitov (1): bpf: Factor out bpf_spin_lock into helpers. Alexis Lothoré (3): wifi: wilc1000: fix declarations ordering wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces Anastasia Belova (1): cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value Andrew Ballance (1): gen_compile_commands: fix invalid escape sequence warning Andy Shevchenko (1): serial: 8250_exar: Don't remove GPIO device on suspend AngeloGioacchino Del Regno (1): drm/mediatek: dsi: Fix DSI RGB666 formats and definitions Armin Wolf (1): ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() Arnaud Pouliquen (2): remoteproc: stm32: Fix incorrect type in assignment for va remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef Arnd Bergmann (12): fs/select: rework stack allocation hack for clang wifi: brcmsmac: avoid function pointer casts media: pvrusb2: fix pvr2_stream_callback casts crypto: arm/sha - fix function cast warnings mtd: rawnand: lpc32xx_mlc: fix irq handler prototype media: dvb-frontends: avoid stack overflow warnings with clang media: mediatek: vcodec: avoid -Wcast-function-type-strict warning scsi: csiostor: Avoid function pointer casts scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn remoteproc: stm32: use correct format strings on 64-bit soc: fsl: dpio: fix kcalloc() argument order remoteproc: stm32: fix phys_addr_t format string Arınç ÜNAL (1): net: dsa: mt7530: prevent possible incorrect XTAL frequency selection Athaariq Ardhiansyah (1): ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops Baokun Li (1): quota: simplify drop_dquot_ref() Baruch Siach (1): mtd: maps: physmap-core: fix flash size larger than 32-bit Ben Wolsieffer (1): watchdog: stm32_iwdg: initialize default timeout Bitterblue Smith (1): wifi: rtw88: 8821c: Fix false alarm count Borislav Petkov (AMD) (1): x86/paravirt: Fix build due to __text_gen_insn() backport Breno Leitao (1): net: blackhole_dev: fix build warning for ethh set but not used Bryan O'Donoghue (1): clk: Fix clk_core_get NULL dereference Cai Huoqing (1): drm/tegra: dsi: Make use of the helper function dev_err_probe() Chen Ni (2): sr9800: Add check for usbnet_get_endpoints drm/tegra: dsi: Add missing check for of_find_device_by_node Chen-Yu Tsai (1): pinctrl: mediatek: Drop bogus slew rate register range for MT8192 Christoph Hellwig (2): block: add a new set_read_only method md: implement ->set_read_only to hook into BLKROSET processing Christophe JAILLET (9): wireless: Remove redundant 'flush_workqueue()' calls mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() PCI: switchtec: Fix an error handling path in switchtec_pci_probe() clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() NFS: Fix an off by one in root_nfs_cat() Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts Colin Ian King (1): usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin Dan Carpenter (1): staging: greybus: fix get_channel_from_mode() failure path Daniel Thompson (3): backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: lp8788: Fully initialize backlight_properties during probe Daniil Dulov (2): media: go7007: add check of return value of go7007_read_addr() media: pvrusb2: remove redundant NULL check David Howells (1): afs: Revert "afs: Hide silly-rename files from userspace" Duoming Zhou (1): nfp: flower: handle acti_netdevs allocation failure Edward Adam Davis (1): media: pvrusb2: fix uaf in pvr2_context_set_notify Eric Dumazet (4): sock_diag: annotate data-races around sock_diag_handlers[family] inet_diag: annotate data-races around inet_diag_table[] net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() packet: annotate data-races around ignore_outgoing Ethan Zhao (2): PCI: Make pci_dev_is_disconnected() helper public for other drivers iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected Fedor Pchelkin (1): drm/tegra: put drm_gem_object ref on error in tegra_fb_create Fei Shao (1): spi: spi-mt65xx: Fix NULL pointer access in interrupt handler Felix Maurer (1): hsr: Handle failures in module init Filipe Manana (1): btrfs: add and use helper to check if block group is used Gavrilov Ilia (6): tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function net/x25: fix incorrect parameter validation in the x25_getsockopt() function Geert Uytterhoeven (2): ARM: dts: renesas: r8a73a4: Fix external clocks and clock rate ARM: dts: arm: realview: Fix development chip ROM compatible value George Stark (1): leds: aw2013: Unlock mutex before destroying it Greg Joyce (1): block: sed-opal: handle empty atoms when parsing response Gustavo A. R. Silva (3): net/ipv4: Replace one-element array with flexible-array member net/ipv4: Revert use of struct_size() helper net/ipv4/ipv6: Replace one-element arraya with flexible-array members Hans de Goede (1): ASoC: rt5645: Make LattePanda board DMI match more precise Harry Wentland (1): drm: Don't treat 0 as -1 in drm_fixp2int_ceil Hou Tao (3): bpf: Defer the free of inner map when necessary x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() Hsin-Yi Wang (1): drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip Hugo Villeneuve (1): serial: max310x: fix syntax error in IRQ error message Ian Rogers (1): perf stat: Avoid metric-only segv Ilpo Järvinen (1): PCI/DPC: Print all TLP Prefixes, not just the first Jakub Kicinski (1): selftests: tls: use exact comparison in recv_partial Jan Kara (1): quota: Fix rcu annotations of inode dquot pointers Jens Axboe (3): io_uring/unix: drop usage of io_uring socket io_uring: drop any code related to SCM_RIGHTS io_uring: don't save/restore iowait state Jernej Skrabec (3): media: sun8i-di: Fix coefficient writes media: sun8i-di: Fix power on/off sequences media: sun8i-di: Fix chroma difference threshold Jerome Brunet (4): ASoC: meson: aiu: fix function pointer type mismatch ASoC: meson: t9015: fix function pointer type mismatch ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs ASoC: meson: axg-tdm-interface: add frame rate constraint Jiaxun Yang (1): MIPS: Clear Cause.BD in instruction_pointer_set Jie Wang (1): net: hns3: fix port duplex configure error in IMP reset Jinjie Ruan (1): wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() Jiri Slaby (SUSE) (1): tty: vt: fix 20 vs 0x20 typo in EScsiignore Johan Carlsson (1): ALSA: usb-audio: Stop parsing channels bits when all channels are found. Johannes Berg (1): wifi: iwlwifi: dbg-tlv: ensure NUL termination Jonas Dreßler (1): Bluetooth: Remove superfluous call to hci_conn_check_pending() Jorge Mora (2): NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 NFSv4.2: fix listxattr maximum XDR buffer size Jörg Wedekind (1): PCI: Mark 3ware-9650SE Root Port Extended Tags as broken Kajol Jain (1): powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks Kamal Heib (1): net: ena: Remove ena_select_queue Kees Cook (1): x86, relocs: Ignore relocations in .notes section Konrad Dybcio (3): clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times Kuninori Morimoto (1): ASoC: meson: Use dev_err_probe() helper Kuniyuki Iwashima (1): af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). Kunwu Chan (1): x86/xen: Add some null pointer checking to smp.c Kévin L'hôpital (1): net: phy: fix phy_get_internal_delay accessing an empty array Leon Romanovsky (1): RDMA/mlx5: Fix fortify source warning while accessing Eth segment Li Nan (1): md: Don't clear MD_CLOSING when the raid is about to stop Linu Cherian (1): octeontx2-af: Use matching wake_up API variant in CGX command interface Luca Weiss (2): backlight: lm3630a: Initialize backlight_properties on init backlight: lm3630a: Don't set bl->props.brightness in get_brightness Lucas Stach (1): media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix possible buffer overflow Manuel Fombuena (1): HID: multitouch: Add required quirk for Synaptics 0xcddc device Marek Vasut (1): regmap: Add missing map->bus check Mario Limonciello (1): iommu/amd: Mark interrupt as managed Martin KaFai Lau (1): bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument Martin Kaistra (1): wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work Masahiro Yamada (1): kconfig: fix infinite loop when expanding a macro at the end of file Mathieu Poirier (2): remoteproc: Add new get_loaded_rsc_table() to rproc_ops remoteproc: stm32: Move resource table setup to rproc_ops Max Kellermann (1): parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check Mete Durlu (1): s390/vtime: fix average steal time calculation Michael Ellerman (1): powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. Michael Klein (1): ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2 Michal Vokáč (3): ARM: dts: imx6dl-yapp4: Move phy reset into switch node ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node Mikhail Khvainitski (1): HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd Mikulas Patocka (2): dm-verity, dm-crypt: align "struct bvec_iter" correctly dm: call the resume method on internal suspend Ming Lei (1): dm raid: fix false positive for requeue needed during reshape Miri Korenblit (1): wifi: iwlwifi: fix EWRD table validity check Navid Emamdoost (1): nbd: null check for nla_nest_start Nikita Zhandarovich (4): do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak media: em28xx: annotate unchecked call to media_device_register() drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() wireguard: receive: annotate data-race around receiving_counter.counter Ondrej Jirman (1): leds: sgm3140: Add missing timer cleanup and flash gpio control Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: release elements in clone only from destroy path netfilter: nf_tables: do not compare internal table flags on updates Paloma Arellano (1): drm/msm/dpu: add division of drm_display_mode's hskew parameter Paul E. McKenney (1): rcu-tasks: Provide rcu_trace_implies_rcu_gp() Peter Griffin (2): mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref Peter Hilber (3): timekeeping: Fix cross-timestamp interpolation on counter wrap timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation for non-x86 Peter Robinson (2): bus: tegra-aconnect: Update dependency to ARCH_TEGRA dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA Petr Mladek (1): printk: Disable passing console lock owner completely during panic() Quanyang Wang (1): crypto: xilinx - call finalize with bh disabled Quentin Schulz (2): drm/rockchip: lvds: do not overwrite error code drm/rockchip: lvds: do not print scary message when probing defer Rafael J. Wysocki (1): ACPI: scan: Fix device check notification handling Rafał Miłecki (2): arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes arm64: dts: marvell: reorder crypto interrupts on Armada SoCs Rahul Rameshbabu (4): wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Disable QoS for bcm4331 Randy Dunlap (1): rtc: mt6397: select IRQ_DOMAIN instead of depending on it Ranjan Kumar (1): scsi: mpt3sas: Prevent sending diag_reset when the controller is ready Rikard Falkeborn (1): remoteproc: stm32: Constify st_rproc_ops Roman Gushchin (1): bpf: Eliminate rlimit-based memory accounting for devmap maps Ruud Bos (1): igb: move PEROUT and EXTTS isr logic to separate functions Sam Ravnborg (1): sparc32: Fix section mismatch in leon_pci_grpci Sasha Levin (1): Linux 5.10.214-rc2 Sheng Yong (1): f2fs: compress: fix to check unreleased compressed cluster Shifeng Li (1): RDMA/device: Fix a race between mad_client and cm_client init Shigeru Yoshida (1): hsr: Fix uninit-value access in hsr_get_node() Shiming Cheng (1): ipv6: fib6_rules: flush route cache when rule is changed Shyam Sundar (1): scsi: fc: Update formal FPIN descriptor definitions Srinivasan Shanmugam (3): drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() Stephen Brennan (1): printk: Add panic_in_progress helper Stuart Henderson (3): ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll Subbaraya Sundeep (1): octeontx2-af: Use separate handlers for interrupts Takashi Iwai (1): ALSA: seq: fix function cast warnings Takashi Sakamoto (1): firewire: core: use long bus reset on gap count error Thinh Tran (1): net/bnx2x: Prevent access to a freed page in page_pool Tiezhu Yang (1): bpftool: Silence build warning about calloc() Tim Pambor (1): net: phy: dp83822: Fix RGMII TX delay configuration Toke Høiland-Jørgensen (4): wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix stackmap overflow check on 32-bit arches Tomi Valkeinen (1): drm/tidss: Fix initial plane zpos values Tommaso Merciai (1): net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii Tudor Ambarus (1): tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT Uwe Kleine-König (1): Input: gpio_keys_polled - suppress deferred probe error for gpio Vinicius Costa Gomes (1): igb: Fix missing time sync events Viresh Kumar (1): OPP: debugfs: Fix warning around icc_get_name() Wang Jianjian (1): quota: Fix potential NULL pointer dereference William Kucharski (1): RDMA/srpt: Do not register event handler until srpt device is fully setup Xingyuan Mo (1): wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() Yan Zhai (2): rcu: add a helper to report consolidated flavor QS bpf: report RCU QS in cpumap kthread Yang Jihong (3): perf record: Fix possible incorrect free in record__switch_output() perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() Yewon Choi (1): rds: introduce acquire/release ordering in acquire/release_in_xmit() Yishai Hadas (1): RDMA/mlx5: Relax DEVX access upon modify commands Yonghong Song (1): bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly Yuxuan Hu (1): Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security Zhipeng Lu (8): wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() SUNRPC: fix some memleaks in gssx_dec_option_array drm/lima: fix a memleak in lima_heap_alloc media: v4l2-tpg: fix some memleaks in tpg_alloc media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: edia: dvbdev: fix a use-after-free media: go7007: fix a memleak in go7007_load_encoder media: ttpci: fix two memleaks in budget_av_attach Makefile | 4 +- arch/arm/boot/dts/arm-realview-pb1176.dts | 2 +- arch/arm/boot/dts/imx6dl-yapp4-common.dtsi | 28 ++- arch/arm/boot/dts/r8a73a4-ape6evm.dts | 12 + arch/arm/boot/dts/r8a73a4.dtsi | 9 +- .../dts/sun8i-h2-plus-bananapi-m2-zero.dts | 24 ++ arch/arm/crypto/sha256_glue.c | 13 +- arch/arm/crypto/sha512-glue.c | 12 +- arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 10 +- arch/arm64/boot/dts/marvell/armada-cp11x.dtsi | 10 +- .../dts/mediatek/mt7622-bananapi-bpi-r64.dts | 1 + arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 1 + arch/mips/include/asm/ptrace.h | 1 + arch/parisc/kernel/ftrace.c | 2 +- arch/powerpc/perf/hv-gpci.c | 29 ++- .../platforms/embedded6xx/linkstation.c | 3 - arch/powerpc/platforms/embedded6xx/mpc10x.h | 3 + arch/s390/kernel/vtime.c | 4 +- arch/sparc/kernel/leon_pci_grpci1.c | 2 +- arch/sparc/kernel/leon_pci_grpci2.c | 2 +- arch/x86/include/asm/vsyscall.h | 10 + arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/fault.c | 9 - arch/x86/mm/maccess.c | 10 + arch/x86/tools/relocs.c | 8 + arch/x86/xen/smp.c | 12 + block/ioctl.c | 5 + block/opal_proto.h | 1 + block/sed-opal.c | 6 +- drivers/acpi/processor_idle.c | 2 + drivers/acpi/scan.c | 8 +- drivers/base/regmap/regmap.c | 2 +- drivers/block/aoe/aoecmd.c | 12 +- drivers/block/aoe/aoenet.c | 1 + drivers/block/nbd.c | 6 + drivers/bus/Kconfig | 5 +- drivers/clk/clk.c | 3 + drivers/clk/hisilicon/clk-hi3519.c | 2 +- drivers/clk/qcom/dispcc-sdm845.c | 2 + drivers/clk/qcom/reset.c | 27 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 2 + drivers/crypto/xilinx/zynqmp-aes-gcm.c | 3 + drivers/dma/Kconfig | 14 +- drivers/firewire/core-card.c | 14 +- drivers/gpu/drm/amd/amdgpu/atom.c | 2 +- .../amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- .../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 7 +- drivers/gpu/drm/lima/lima_gem.c | 23 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 12 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 10 +- .../drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 6 +- drivers/gpu/drm/radeon/ni.c | 2 +- drivers/gpu/drm/rockchip/inno_hdmi.c | 4 +- drivers/gpu/drm/rockchip/rockchip_lvds.c | 3 +- drivers/gpu/drm/tegra/dsi.c | 47 ++-- drivers/gpu/drm/tegra/fb.c | 1 + drivers/gpu/drm/tegra/output.c | 16 +- drivers/gpu/drm/tidss/tidss_plane.c | 2 +- drivers/hid/hid-lenovo.c | 57 +++-- drivers/hid/hid-multitouch.c | 4 + drivers/infiniband/core/device.c | 37 +-- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/wr.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +- drivers/input/keyboard/gpio_keys_polled.c | 10 +- drivers/iommu/amd/init.c | 3 + drivers/iommu/intel/pasid.c | 3 + drivers/leds/leds-aw2013.c | 1 + drivers/leds/leds-sgm3140.c | 3 + drivers/md/dm-crypt.c | 4 +- drivers/md/dm-raid.c | 4 +- drivers/md/dm-verity.h | 4 +- drivers/md/dm.c | 26 +- drivers/md/md.c | 76 +++--- drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 52 +++- drivers/media/dvb-core/dvbdev.c | 5 + drivers/media/dvb-frontends/stv0367.c | 34 +-- drivers/media/i2c/tc358743.c | 7 +- drivers/media/pci/ttpci/budget-av.c | 8 +- drivers/media/platform/mtk-mdp/mtk_mdp_vpu.c | 2 +- .../platform/mtk-vcodec/mtk_vcodec_fw_vpu.c | 10 +- drivers/media/platform/mtk-vpu/mtk_vpu.c | 2 +- drivers/media/platform/mtk-vpu/mtk_vpu.h | 2 +- .../media/platform/sunxi/sun8i-di/sun8i-di.c | 69 +++--- drivers/media/usb/em28xx/em28xx-cards.c | 4 + drivers/media/usb/go7007/go7007-driver.c | 8 +- drivers/media/usb/go7007/go7007-usb.c | 4 +- drivers/media/usb/pvrusb2/pvrusb2-context.c | 10 +- drivers/media/usb/pvrusb2/pvrusb2-dvb.c | 6 +- drivers/media/usb/pvrusb2/pvrusb2-v4l2.c | 11 +- drivers/media/v4l2-core/v4l2-mem2mem.c | 10 +- drivers/mfd/altera-sysmgr.c | 4 +- drivers/mfd/syscon.c | 4 +- drivers/mmc/host/wmt-sdmmc.c | 4 - drivers/mtd/maps/physmap-core.c | 2 +- drivers/mtd/nand/raw/lpc32xx_mlc.c | 5 +- drivers/net/dsa/mt7530.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 -- .../net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 6 +- .../hisilicon/hns3/hns3pf/hclge_main.c | 5 +- drivers/net/ethernet/intel/igb/igb_main.c | 112 ++++----- .../net/ethernet/marvell/octeontx2/af/cgx.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu.c | 17 +- .../ethernet/netronome/nfp/flower/lag_conf.c | 5 + drivers/net/phy/dp83822.c | 38 +-- drivers/net/phy/phy_device.c | 2 +- drivers/net/usb/sr9800.c | 4 +- drivers/net/wireguard/receive.c | 6 +- drivers/net/wireless/ath/ath10k/core.c | 3 - drivers/net/wireless/ath/ath10k/sdio.c | 1 - drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 + drivers/net/wireless/ath/ath9k/htc.h | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_init.c | 4 + drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 4 - drivers/net/wireless/ath/ath9k/wmi.c | 10 +- drivers/net/wireless/broadcom/b43/b43.h | 16 ++ drivers/net/wireless/broadcom/b43/dma.c | 4 +- drivers/net/wireless/broadcom/b43/main.c | 16 +- drivers/net/wireless/broadcom/b43/pio.c | 6 +- .../broadcom/brcm80211/brcmsmac/phy/phy_cmn.c | 3 +- .../broadcom/brcm80211/brcmsmac/phy_shim.c | 5 +- .../broadcom/brcm80211/brcmsmac/phy_shim.h | 2 +- .../net/wireless/intel/iwlegacy/3945-mac.c | 1 - .../net/wireless/intel/iwlegacy/4965-mac.c | 1 - drivers/net/wireless/intel/iwlwifi/dvm/main.c | 1 - drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 2 +- .../net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 6 + drivers/net/wireless/marvell/libertas/cmd.c | 13 +- .../net/wireless/marvell/mwifiex/cfg80211.c | 2 - .../net/wireless/marvell/mwifiex/debugfs.c | 3 - drivers/net/wireless/marvell/mwifiex/main.c | 2 - .../wireless/microchip/wilc1000/cfg80211.c | 1 - drivers/net/wireless/microchip/wilc1000/hif.c | 40 +-- .../net/wireless/microchip/wilc1000/netdev.c | 29 +-- drivers/net/wireless/quantenna/qtnfmac/core.c | 2 - .../wireless/quantenna/qtnfmac/pcie/pcie.c | 2 - .../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 1 + drivers/net/wireless/realtek/rtlwifi/pci.c | 1 - drivers/net/wireless/realtek/rtw88/rtw8821c.c | 2 +- drivers/net/wireless/rndis_wlan.c | 2 - drivers/net/wireless/st/cw1200/bh.c | 2 - drivers/opp/debugfs.c | 6 +- drivers/pci/pci.h | 5 - drivers/pci/pcie/dpc.c | 2 +- drivers/pci/quirks.c | 1 + drivers/pci/switch/switchtec.c | 4 +- drivers/pinctrl/mediatek/pinctrl-mt8192.c | 1 - drivers/remoteproc/Kconfig | 2 +- drivers/remoteproc/remoteproc_core.c | 32 +++ drivers/remoteproc/remoteproc_internal.h | 10 + drivers/remoteproc/stm32_rproc.c | 151 ++++++----- drivers/rtc/Kconfig | 3 +- drivers/scsi/bfa/bfa.h | 9 +- drivers/scsi/bfa/bfa_core.c | 4 +- drivers/scsi/bfa/bfa_ioc.h | 8 +- drivers/scsi/bfa/bfad_bsg.c | 11 +- drivers/scsi/csiostor/csio_defs.h | 18 +- drivers/scsi/csiostor/csio_lnode.c | 8 +- drivers/scsi/csiostor/csio_lnode.h | 13 - drivers/scsi/mpt3sas/mpt3sas_base.c | 4 +- drivers/soc/fsl/dpio/dpio-service.c | 2 +- drivers/spi/spi-mt65xx.c | 22 +- drivers/staging/greybus/light.c | 8 +- .../staging/media/imx/imx-media-csc-scaler.c | 1 + drivers/tty/serial/8250/8250_exar.c | 5 +- drivers/tty/serial/max310x.c | 2 +- drivers/tty/serial/samsung_tty.c | 5 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/gadget/udc/net2272.c | 2 +- drivers/video/backlight/da9052_bl.c | 1 + drivers/video/backlight/lm3630a_bl.c | 15 +- drivers/video/backlight/lm3639_bl.c | 1 + drivers/video/backlight/lp8788_bl.c | 1 + drivers/watchdog/stm32_iwdg.c | 3 + fs/afs/dir.c | 10 - fs/btrfs/block-group.c | 3 +- fs/btrfs/block-group.h | 7 + fs/f2fs/file.c | 13 +- fs/fhandle.c | 2 +- fs/nfs/nfs42.h | 7 +- fs/nfs/nfs4proc.c | 16 +- fs/nfs/nfsroot.c | 4 +- fs/quota/dquot.c | 226 ++++++++--------- fs/select.c | 2 +- include/drm/drm_fixed.h | 2 +- include/linux/blkdev.h | 1 + include/linux/bpf.h | 7 +- include/linux/filter.h | 21 +- include/linux/igmp.h | 4 +- include/linux/io_uring.h | 10 +- include/linux/mlx5/qp.h | 5 +- include/linux/mroute.h | 6 +- include/linux/pci.h | 5 + include/linux/poll.h | 4 - include/linux/rcupdate.h | 43 ++++ include/linux/remoteproc.h | 6 +- include/net/compat.h | 27 +- include/uapi/linux/in.h | 42 +++- include/uapi/scsi/fc/fc_els.h | 114 ++++++++- io_uring/io_uring.c | 234 +----------------- kernel/bpf/cpumap.c | 3 + kernel/bpf/devmap.c | 27 +- kernel/bpf/hashtab.c | 14 +- kernel/bpf/helpers.c | 18 +- kernel/bpf/map_in_map.c | 11 +- kernel/bpf/stackmap.c | 9 +- kernel/bpf/syscall.c | 26 +- kernel/printk/printk.c | 34 +++ kernel/rcu/tasks.h | 2 + kernel/time/timekeeping.c | 24 +- lib/test_blackhole_dev.c | 3 +- net/bluetooth/hci_core.c | 2 +- net/bluetooth/hci_event.c | 2 - net/bluetooth/rfcomm/core.c | 2 +- net/core/dev.c | 2 +- net/core/scm.c | 2 +- net/core/sock_diag.c | 10 +- net/hsr/hsr_framereg.c | 4 + net/hsr/hsr_main.c | 15 +- net/ipv4/igmp.c | 28 ++- net/ipv4/inet_diag.c | 6 +- net/ipv4/ip_sockglue.c | 100 ++++---- net/ipv4/ip_tunnel.c | 15 +- net/ipv4/ipmr.c | 13 +- net/ipv4/tcp.c | 4 +- net/ipv4/udp.c | 4 +- net/ipv6/fib6_rules.c | 6 + net/ipv6/ipv6_sockglue.c | 18 +- net/iucv/iucv.c | 4 +- net/kcm/kcmsock.c | 3 +- net/l2tp/l2tp_ppp.c | 4 +- net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nft_set_pipapo.c | 5 +- net/packet/af_packet.c | 4 +- net/rds/send.c | 5 +- net/sunrpc/addr.c | 4 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 27 +- net/unix/garbage.c | 2 +- net/unix/scm.c | 4 +- net/x25/af_x25.c | 4 +- scripts/clang-tools/gen_compile_commands.py | 2 +- scripts/kconfig/lexer.l | 7 +- sound/core/seq/seq_midi.c | 8 +- sound/core/seq/seq_virmidi.c | 9 +- sound/pci/hda/patch_realtek.c | 63 +++++ sound/soc/codecs/rt5645.c | 10 + sound/soc/codecs/wm8962.c | 29 ++- sound/soc/intel/boards/bytcr_rt5640.c | 12 + sound/soc/meson/aiu.c | 49 +--- sound/soc/meson/aiu.h | 1 - sound/soc/meson/axg-fifo.c | 16 +- sound/soc/meson/axg-pdm.c | 25 +- sound/soc/meson/axg-spdifin.c | 17 +- sound/soc/meson/axg-spdifout.c | 17 +- sound/soc/meson/axg-tdm-formatter.c | 50 +--- sound/soc/meson/axg-tdm-interface.c | 54 ++-- sound/soc/meson/meson-card-utils.c | 8 +- sound/soc/meson/t9015.c | 30 +-- sound/usb/stream.c | 5 +- tools/bpf/bpftool/prog.c | 2 +- tools/perf/builtin-record.c | 2 +- tools/perf/util/evsel.c | 1 - tools/perf/util/stat-display.c | 2 +- tools/perf/util/thread_map.c | 2 +- tools/testing/selftests/net/tls.c | 8 +- 265 files changed, 1957 insertions(+), 1518 deletions(-) -- 2.43.0

9 months, 2 weeks

4
3
0 0

+ mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/secretmem: fix GUP-fast succeeding on secretmem folios has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/secretmem: fix GUP-fast succeeding on secretmem folios Date: Mon, 25 Mar 2024 14:41:12 +0100 folio_is_secretmem() states that secretmem folios cannot be LRU folios: so we may only exit early if we find an LRU folio. Yet, we exit early if we find a folio that is not a secretmem folio. Consequently, folio_is_secretmem() fails to detect secretmem folios and, therefore, we can succeed in grabbing a secretmem folio during GUP-fast, crashing the kernel when we later try reading/writing to the folio, because the folio has been unmapped from the directmap. Link: https://lkml.kernel.org/r/20240325134114.257544-2-david@redhat.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: "Mike Rapoport (IBM)" <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/secretmem.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/secretmem.h~mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios +++ a/include/linux/secretmem.h @@ -16,7 +16,7 @@ static inline bool folio_is_secretmem(st * We know that secretmem pages are not compound and LRU so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio) || folio_test_lru(folio)) return false; mapping = (struct address_space *) _ Patches currently in -mm which might be from david(a)redhat.com are mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch mm-madvise-dont-perform-madvise-vma-walk-for-madv_populate_readwrite.patch mm-userfaultfd-dont-place-zeropages-when-zeropages-are-disallowed.patch s390-mm-re-enable-the-shared-zeropage-for-pv-and-skeys-kvm-guests.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch

9 months, 2 weeks

1
0
0 0

[PATCH v3 1/2] driver core: Introduce device_{add,remove}_of_node()

by Herve Codina

An of_node can be duplicated from an existing device using device_set_of_node_from_dev() or initialized using device_set_node() In both cases, these functions have to be called before the device_add() call in order to have the of_node link created in the device sysfs directory. Further more, these function cannot prevent any of_node and/or fwnode overwrites. When adding an of_node on an already present device, the following operations need to be done: - Attach the of_node if no of_node were already attached - Attach the of_node as a fwnode if no fwnode were already attached - Create the of_node sysfs link if needed This is the purpose of device_add_of_node(). device_remove_of_node() reverts the operations done by device_add_of_node(). Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/base/core.c | 74 ++++++++++++++++++++++++++++++++++++++++++ include/linux/device.h | 2 ++ 2 files changed, 76 insertions(+) diff --git a/drivers/base/core.c b/drivers/base/core.c index 521757408fc0..7e3af0ad770a 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -5127,6 +5127,80 @@ void set_secondary_fwnode(struct device *dev, struct fwnode_handle *fwnode) } EXPORT_SYMBOL_GPL(set_secondary_fwnode); +/** + * device_remove_of_node - Remove an of_node from a device + * @dev: device whose device-tree node is being removed + */ +void device_remove_of_node(struct device *dev) +{ + dev = get_device(dev); + if (!dev) + return; + + if (!dev->of_node) + goto end; + + sysfs_remove_link(&dev->kobj, "of_node"); + + if (dev->fwnode == of_fwnode_handle(dev->of_node)) + dev->fwnode = NULL; + + of_node_put(dev->of_node); + dev->of_node = NULL; + +end: + put_device(dev); +} +EXPORT_SYMBOL_GPL(device_remove_of_node); + +/** + * device_add_of_node - Add an of_node to an existing device + * @dev: device whose device-tree node is being added + * @of_node: of_node to add + */ +void device_add_of_node(struct device *dev, struct device_node *of_node) +{ + int ret; + + if (!of_node) + return; + + dev = get_device(dev); + if (!dev) + return; + + if (dev->of_node) { + dev_warn(dev, "Replace node %pOF with %pOF\n", dev->of_node, of_node); + device_remove_of_node(dev); + } + + dev->of_node = of_node_get(of_node); + + if (!dev->fwnode) + dev->fwnode = of_fwnode_handle(of_node); + + if (!dev->p) { + /* + * device_add() was not previously called. + * The of_node link will be created when device_add() is called. + */ + goto end; + } + + /* + * device_add() was previously called and so the of_node link was not + * created by device_add_class_symlinks(). + * Create this link now. + */ + ret = sysfs_create_link(&dev->kobj, of_node_kobj(of_node), "of_node"); + if (ret) + dev_warn(dev, "Error %d creating of_node link\n", ret); + +end: + put_device(dev); +} +EXPORT_SYMBOL_GPL(device_add_of_node); + /** * device_set_of_node_from_dev - reuse device-tree node of another device * @dev: device whose device-tree node is being set diff --git a/include/linux/device.h b/include/linux/device.h index 97c4b046c09d..1795121dee9a 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -1127,6 +1127,8 @@ int device_offline(struct device *dev); int device_online(struct device *dev); void set_primary_fwnode(struct device *dev, struct fwnode_handle *fwnode); void set_secondary_fwnode(struct device *dev, struct fwnode_handle *fwnode); +void device_add_of_node(struct device *dev, struct device_node *of_node); +void device_remove_of_node(struct device *dev); void device_set_of_node_from_dev(struct device *dev, const struct device *dev2); void device_set_node(struct device *dev, struct fwnode_handle *fwnode); -- 2.44.0

9 months, 2 weeks

1
0
0 0

[PATCH v6 2/2] of: dynamic: Synchronize of_changeset_destroy() with the devlink removals

by Herve Codina

In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_changeset_destroy() with the devlink removals. Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Reviewed-by: Saravana Kannan <saravanak(a)google.com> Tested-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> --- drivers/of/dynamic.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/of/dynamic.c b/drivers/of/dynamic.c index 3bf27052832f..4d57a4e34105 100644 --- a/drivers/of/dynamic.c +++ b/drivers/of/dynamic.c @@ -9,6 +9,7 @@ #define pr_fmt(fmt) "OF: " fmt +#include <linux/device.h> #include <linux/of.h> #include <linux/spinlock.h> #include <linux/slab.h> @@ -667,6 +668,17 @@ void of_changeset_destroy(struct of_changeset *ocs) { struct of_changeset_entry *ce, *cen; + /* + * When a device is deleted, the device links to/from it are also queued + * for deletion. Until these device links are freed, the devices + * themselves aren't freed. If the device being deleted is due to an + * overlay change, this device might be holding a reference to a device + * node that will be freed. So, wait until all already pending device + * links are deleted before freeing a device node. This ensures we don't + * free any device node that has a non-zero reference count. + */ + device_link_wait_removal(); + list_for_each_entry_safe_reverse(ce, cen, &ocs->entries, node) __of_changeset_entry_destroy(ce); } -- 2.44.0

9 months, 2 weeks

1
0
0 0

[PATCH 1/2] mmc core block.c: initialize mmc_blk_ioc_data

by mikko.rapeli＠linaro.org

From: Mikko Rapeli <mikko.rapeli(a)linaro.org> Commit "mmc: core: Use mrq.sbc in close-ended ffu" adds flags uint to struct mmc_blk_ioc_data but it does not get initialized for RPMB ioctls which now fail. Fix this by always initializing the struct and flags to zero. Fixes access to RPMB storage. Fixes: 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218587 Link: https://lore.kernel.org/all/20231129092535.3278-1-avri.altman@wdc.com/ Cc: Avri Altman <avri.altman(a)wdc.com> Cc: Ulf Hansson <ulf.hansson(a)linaro.org> Cc: Adrian Hunter <adrian.hunter(a)intel.com> Cc: linux-mmc(a)vger.kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Mikko Rapeli <mikko.rapeli(a)linaro.org> --- drivers/mmc/core/block.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 32d49100dff5..0df627de9cee 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -413,7 +413,7 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user( struct mmc_blk_ioc_data *idata; int err; - idata = kmalloc(sizeof(*idata), GFP_KERNEL); + idata = kzalloc(sizeof(*idata), GFP_KERNEL); if (!idata) { err = -ENOMEM; goto out; -- 2.34.1

9 months, 2 weeks

6
12
0 0

[PATCH] virtio_net: Do not send RSS key if it is not supported

by Breno Leitao

There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_commit_rss_command() 3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather 4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size; 5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function): if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed"); 6) virtio_error() (also QEMU function) set the device as broken vdev->broken = true; 7) Qemu bails out, and do not repond this crazy kernel. 8) The kernel is waiting for the response to come back (function virtnet_send_command()) 9) The kernel is waiting doing the following : while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) cpu_relax(); 10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu `vdev->broken`, so, it never realizes that the vitio is broken at QEMU side. Fix it by not sending the key scatter-gatter key if it is not set. Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") Signed-off-by: Breno Leitao <leitao(a)debian.org> Cc: stable(a)vger.kernel.org Cc: qemu-devel(a)nongnu.org --- drivers/net/virtio_net.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index d7ce4a1011ea..5a7700b103f8 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3041,11 +3041,16 @@ static int virtnet_set_ringparam(struct net_device *dev, static bool virtnet_commit_rss_command(struct virtnet_info *vi) { struct net_device *dev = vi->dev; + int has_key = vi->rss_key_size; struct scatterlist sgs[4]; unsigned int sg_buf_size; + int nents = 3; + + if (has_key) + nents += 1; /* prepare sgs */ - sg_init_table(sgs, 4); + sg_init_table(sgs, nents); sg_buf_size = offsetof(struct virtio_net_ctrl_rss, indirection_table); sg_set_buf(&sgs[0], &vi->ctrl->rss, sg_buf_size); @@ -3057,8 +3062,13 @@ static bool virtnet_commit_rss_command(struct virtnet_info *vi) - offsetof(struct virtio_net_ctrl_rss, max_tx_vq); sg_set_buf(&sgs[2], &vi->ctrl->rss.max_tx_vq, sg_buf_size); - sg_buf_size = vi->rss_key_size; - sg_set_buf(&sgs[3], vi->ctrl->rss.key, sg_buf_size); + if (has_key) { + /* Only populate if key is available, otherwise + * populating a buffer with zero size breaks virtio + */ + sg_buf_size = vi->rss_key_size; + sg_set_buf(&sgs[3], vi->ctrl->rss.key, sg_buf_size); + } if (!virtnet_send_command(vi, VIRTIO_NET_CTRL_MQ, vi->has_rss ? VIRTIO_NET_CTRL_MQ_RSS_CONFIG -- 2.43.0

9 months, 2 weeks

3
6
0 0

[tip: x86/urgent] Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."

by tip-bot2 for Ingo Molnar

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: c567f2948f57bdc03ed03403ae0234085f376b7d Gitweb: https://git.kernel.org/tip/c567f2948f57bdc03ed03403ae0234085f376b7d Author: Ingo Molnar <mingo(a)kernel.org> AuthorDate: Mon, 25 Mar 2024 11:47:51 +01:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Mon, 25 Mar 2024 11:54:35 +01:00 Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." This reverts commit d794734c9bbfe22f86686dc2909c25f5ffe1a572. While the original change tries to fix a bug, it also unintentionally broke existing systems, see the regressions reported at: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Since d794734c9bbf was also marked for -stable, let's back it out before causing more damage. Note that due to another upstream change the revert was not 100% automatic: 0a845e0f6348 mm/treewide: replace pud_large() with pud_leaf() Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Russ Anderson <rja(a)hpe.com> Cc: Steve Wahl <steve.wahl(a)hpe.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Link: https://lore.kernel.org/all/3a1b9909-45ac-4f97-ad68-d16ef1ce99db@pavinjosep… Fixes: d794734c9bbf ("x86/mm/ident_map: Use gbpages only where full GB page should be mapped.") --- arch/x86/mm/ident_map.c | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index a204a33..968d700 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,31 +26,18 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; - bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - /* if this is already a gbpage, this portion is already mapped */ - if (pud_leaf(*pud)) - continue; - - /* Is using a gbpage allowed? */ - use_gbpage = info->direct_gbpages; - - /* Don't use gbpage if it maps more than the requested region. */ - /* at the begining: */ - use_gbpage &= ((addr & ~PUD_MASK) == 0); - /* ... or at the end: */ - use_gbpage &= ((next & ~PUD_MASK) == 0); - - /* Never overwrite existing mappings */ - use_gbpage &= !pud_present(*pud); - - if (use_gbpage) { + if (info->direct_gbpages) { pud_t pudval; + if (pud_present(*pud)) + continue; + + addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

9 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2024