April 2024 - Linux-stable-mirror

[PATCH V2 1/8] clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL

by Ajit Pandey

In LUCID EVO PLL CAL_L_VAL and L_VAL bitfields are part of single PLL_L_VAL register. Update for L_VAL bitfield values in PLL_L_VAL register using regmap_write() API in __alpha_pll_trion_set_rate callback will override LUCID EVO PLL initial configuration related to PLL_CAL_L_VAL bit fields in PLL_L_VAL register. Observed random PLL lock failures during PLL enable due to such override in PLL calibration value. Use regmap_update_bits() with L_VAL bitfield mask instead of regmap_write() API to update only PLL_L_VAL bitfields in __alpha_pll_trion_set_rate callback. Fixes: 260e36606a03 ("clk: qcom: clk-alpha-pll: add Lucid EVO PLL configuration interfaces") Signed-off-by: Ajit Pandey <quic_ajipan(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/clk/qcom/clk-alpha-pll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index 8a412ef47e16..81cabd28eabe 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -1656,7 +1656,7 @@ static int __alpha_pll_trion_set_rate(struct clk_hw *hw, unsigned long rate, if (ret < 0) return ret; - regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + regmap_update_bits(pll->clkr.regmap, PLL_L_VAL(pll), LUCID_EVO_PLL_L_VAL_MASK, l); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); /* Latch the PLL input */ -- 2.25.1

8 months, 4 weeks

2
1
0 0

[PATCH 6.8 000/172] 6.8.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.7 release. There are 172 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 17 Apr 2024 14:19:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.7-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.7-rc1 Fudongwang <fudong.wang(a)amd.com> drm/amd/display: fix disable otg wa logic in DCN316 Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: always reset ODM mode in context when adding first plane Alex Hung <alex.hung(a)amd.com> drm/amd/display: Return max resolution supported by DWB Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Do not recursively call manual trigger programming Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: differentiate external rev id for gfx 11.5.0 Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix incorrect number of active RBs for gfx11 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: always force full reset for SOC21 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Reset dGPU if suspend got aborted Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable live M/N updates when using bigjoiner Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disable port sync when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/psr: Disable PSR when bigjoiner is used Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/cdclk: Fix CDCLK programming order when pipes are active Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI handling of RRSBA Ingo Molnar <mingo(a)kernel.org> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Fix BHI documentation Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Fix return type of spectre_bhi_state() Amir Goldstein <amir73il(a)gmail.com> kernfs: annotate different lockdep class for of->mutex of writable files Oleg Nesterov <oleg(a)redhat.com> selftests: kselftest: Fix build failure with NOLIBC Arnd Bergmann <arnd(a)arndb.de> irqflags: Explicitly ignore lockdep_hrtimer_exit() argument Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction Nathan Chancellor <nathan(a)kernel.org> selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test John Stultz <jstultz(a)google.com> selftests: timers: Fix posix_timers ksft_print_msg() warning Oleg Nesterov <oleg(a)redhat.com> selftests/timers/posix_timers: Reimplement check_timer_distribution() Sean Christopherson <seanjc(a)google.com> x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix out of range data Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_enable_notify() Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix spi lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-lsio: fix pwm lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix pwm lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usb lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix adc lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-dma: fix can lpcg indices Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8qm-ss-dma: fix can lpcg indices Lang Yu <Lang.Yu(a)amd.com> drm/amdgpu/umsch: reinitialize write pointer in hw init Johan Hovold <johan+linaro(a)kernel.org> drm/msm/dp: fix runtime PM leak on connect failure Johan Hovold <johan+linaro(a)kernel.org> drm/msm/dp: fix runtime PM leak on disconnect Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Brezillon <boris.brezillon(a)collabora.com> drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Jammy Huang <jammy_huang(a)aspeedtech.com> drm/ast: Fix soft lockup Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Reset GPU on queue preemption failure Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/vrr: Disable VRR when using bigjoiner Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Enable DMA mappings with SEV Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix deadlock in context_xa Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Put NPU back to D3hot after failed resume Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Fix PCI D0 state entry in resume Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Check return code of ipc->lock init Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid race in error handling & drop bogus warn Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Masami Hiramatsu <mhiramat(a)kernel.org> fs/proc: Skip bootloader comment if no embedded kernel parameters Zhenhua Huang <quic_zhenhuah(a)quicinc.com> fs/proc: remove redundant comments from /proc/bootconfig Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: restore msg_control on sendzc retry Boris Burkov <boris(a)bur.io> btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Boris Burkov <boris(a)bur.io> btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert Jens Axboe <axboe(a)kernel.dk> io_uring: disable io-wq execution of multishot NOWAIT requests Pavel Begunkov <asml.silence(a)gmail.com> io_uring: refactor DEFER_TASKRUN multishot checks Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix WARN_ON in iommu probe path Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Allocate local memory for page request queue Xuchun Shang <xuchun.shang(a)linux.alibaba.com> iommu/vt-d: Fix wrong use of pasid config Arnd Bergmann <arnd(a)arndb.de> tracing: hide unused ftrace_event_id_fops Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Cast result to output precision on left shift of operand Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix double mutex initialization David Arinzon <darinzon(a)amazon.com> net: ena: Set tx_info->xdpf value to NULL David Arinzon <darinzon(a)amazon.com> net: ena: Fix incorrect descriptor free behavior David Arinzon <darinzon(a)amazon.com> net: ena: Wrong missing IO completions check order David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: trap link-local frames regardless of ST Port State Gerd Bayer <gbayer(a)linux.ibm.com> Revert "s390/ism: fix receive message buffer allocation" Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix wrong config being used when reconfiguring PCS Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: HTB, Fix inconsistencies with QoS SQs number Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix mlx5e_priv_init() cleanup flow Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: RSS, Block changing channels number when RXFH is configured Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Correctly compare pkt reformat ids Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Michael Liang <mliang(a)purestorage.com> net/mlx5: offset comp irq index in name by one Shay Drory <shayd(a)nvidia.com> net/mlx5: Register devlink first under devlink lock Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: SF, Stop waiting for FW as teardown was called Eric Dumazet <edumazet(a)google.com> netfilter: complete validation of user input Archie Pusaka <apusaka(a)chromium.org> Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sock: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Use QoS to determine which PHY to scan Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Don't reject BT_ISO_QOS if parameters are unset Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Align broadcast sync_timeout with connection timeout Brett Creeley <brett.creeley(a)amd.com> pds_core: Fix pdsc_check_pci_health function to use work thread Shannon Nelson <shannon.nelson(a)amd.com> pds_core: use pci_reset_function for health reset Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix NIX SQ mode and BP config Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Clear stale u->oob_skb. Marek Vasut <marex(a)denx.de> net: ks8851: Handle softirqs at the end of IRQ thread to fix hang Marek Vasut <marex(a)denx.de> net: ks8851: Inline ks8851_rx_skb() Dave Jiang <dave.jiang(a)intel.com> cxl: Fix retrieving of access_coordinates in PCIe path Dave Jiang <dave.jiang(a)intel.com> cxl: Remove checking of iter in cxl_endpoint_get_perf_coordinates() Dave Jiang <dave.jiang(a)intel.com> cxl: Split out host bridge access coordinates Dave Jiang <dave.jiang(a)intel.com> cxl: Split out combine_coordinates() for common shared usage Dave Jiang <dave.jiang(a)intel.com> ACPI: HMAT / cxl: Add retrieval of generic port coordinates for both access classes Dave Jiang <dave.jiang(a)intel.com> ACPI: HMAT: Introduce 2 levels of generic port access class Dave Jiang <dave.jiang(a)intel.com> base/node / ACPI: Enumerate node access class for 'struct access_coordinate' Raag Jadav <raag.jadav(a)intel.com> ACPI: bus: allow _UID matching for integer zero Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Reset PTP tx_avail after possible firmware reset Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix error recovery for RoCE ulp client Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() Gerd Bayer <gbayer(a)linux.ibm.com> s390/ism: fix receive message buffer allocation Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Arnd Bergmann <arnd(a)arndb.de> lib: checksum: hide unused expected_csum_ipv6_magic[] Ming Lei <ming.lei(a)redhat.com> block: fix q->blkg_list corruption during disk rebind Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix transmit scheduler resource leak Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() Luca Weiss <luca.weiss(a)fairphone.com> drm/msm/adreno: Set highest_bank_bit for A619 Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Alex Constantino <dreaming.about.electric.sheep(a)gmail.com> Revert "drm/qxl: simplify qxl_fence_wait" Kwangjin Ko <kwangjin.ko(a)sk.com> cxl/core: Fix initialization of mbox_cmd.size_out in get event Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> dt-bindings: display/msm: sm8150-mdss: add DP node Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't allow overriding data from catalog Stephen Boyd <swboyd(a)chromium.org> drm/msm: Add newlines to some debug prints Tim Harvey <tharvey(a)gateworks.com> arm64: dts: freescale: imx8mp-venice-gw73xx-2x: fix USB vbus regulator Tim Harvey <tharvey(a)gateworks.com> arm64: dts: freescale: imx8mp-venice-gw72xx-2x: fix USB vbus regulator Dave Jiang <dave.jiang(a)intel.com> cxl/core/regs: Fix usage of map->reg_type in cxl_decode_regblock() before assigned Yuquan Wang <wangyuquan1236(a)phytium.com.cn> cxl/mem: Fix for the index of Clear Event Record Handle Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Make raw debugfs entries non-seekable Jens Wiklander <jens.wiklander(a)linaro.org> firmware: arm_ffa: Fix the partition ID check in ffa_notification_info_get() Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix USB regression on Nokia N8x0 Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: restore original power up/down steps Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: fix deferred probe Aaro Koskinen <aaro.koskinen(a)iki.fi> mmc: omap: fix broken slot switch lookup Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix N810 MMC gpiod table Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP2+: fix bogus MMC GPIO labels on Nokia N8x0 David Sterba <dsterba(a)suse.com> btrfs: tests: allocate dummy fs_info and root in test_find_delalloc() Nini Song <nini.song(a)mediatek.com> media: cec: core: remove length check of Timer Status Anna-Maria Behnsen <anna-maria(a)linutronix.de> PM: s2idle: Make sure CPUs will wakeup directly on resume Hans de Goede <hdegoede(a)redhat.com> ACPI: scan: Do not increase dep_unmet for already met dependencies Noah Loomans <noah(a)noahloomans.com> platform/chrome: cros_ec_uart: properly fix race condition Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Only update pages_touched when a new page is touched Yu Kuai <yukuai3(a)huawei.com> raid1: fix use-after-free for original bio in raid1_write_request() Fabio Estevam <festevam(a)denx.de> ARM: dts: imx7s-warp: Pass OV2680 link-frequencies Gavin Shan <gshan(a)redhat.com> arm64: tlb: Fix TLBI RANGE operand Breno Leitao <leitao(a)debian.org> virtio_net: Do not send RSS key if it is not supported Xiubo Li <xiubli(a)redhat.com> ceph: switch to use cap_delay_lock for the unlink delay list NeilBrown <neilb(a)suse.de> ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT Peyton Lee <peytolee(a)amd.com> drm/amdgpu/vpe: power on vpe when hw_init Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_scsi_dev_rescan() error path Igor Pylypiv <ipylypiv(a)google.com> ata: libata-core: Allow command duration limits detection for ACS-4 drives Steve French <stfrench(a)microsoft.com> smb3: fix Open files on server counter going negative ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 22 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- .../bindings/display/msm/qcom,sm8150-mdss.yaml | 9 + Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imx7s-warp.dts | 1 + arch/arm/mach-omap2/board-n8x0.c | 23 +-- arch/arm64/boot/dts/freescale/imx8-ss-conn.dtsi | 16 +- arch/arm64/boot/dts/freescale/imx8-ss-dma.dtsi | 40 ++-- arch/arm64/boot/dts/freescale/imx8-ss-lsio.dtsi | 16 +- .../boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 2 +- .../boot/dts/freescale/imx8mp-venice-gw73xx.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8qm-ss-dma.dtsi | 8 +- arch/arm64/include/asm/tlbflush.h | 20 +- arch/x86/Kconfig | 21 +- arch/x86/events/core.c | 1 + arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/apic/apic.c | 6 +- arch/x86/kernel/cpu/bugs.c | 82 ++++---- arch/x86/kernel/cpu/common.c | 48 ++--- block/blk-cgroup.c | 9 +- block/blk-cgroup.h | 2 + block/blk-core.c | 2 + drivers/accel/ivpu/ivpu_drv.c | 20 +- drivers/accel/ivpu/ivpu_hw.h | 6 + drivers/accel/ivpu/ivpu_hw_37xx.c | 7 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 6 + drivers/accel/ivpu/ivpu_ipc.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 7 +- drivers/acpi/numa/hmat.c | 43 ++-- drivers/acpi/scan.c | 3 +- drivers/ata/libata-core.c | 2 +- drivers/ata/libata-scsi.c | 9 +- drivers/base/node.c | 6 +- drivers/cxl/acpi.c | 8 +- drivers/cxl/core/cdat.c | 58 ++++-- drivers/cxl/core/mbox.c | 5 +- drivers/cxl/core/port.c | 76 ++++--- drivers/cxl/core/regs.c | 5 +- drivers/cxl/cxl.h | 8 +- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/raw_mode.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vpe.c | 6 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc21.c | 32 ++- drivers/gpu/drm/amd/amdgpu/umsch_mm_v4_0.c | 2 + .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_wb.c | 6 +- .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 19 +- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 9 + .../gpu/drm/amd/display/dc/optc/dcn32/dcn32_optc.c | 3 - .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 12 +- drivers/gpu/drm/ast/ast_dp.c | 3 + drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/i915/display/intel_cdclk.c | 7 +- drivers/gpu/drm/i915/display/intel_cdclk.h | 3 + drivers/gpu/drm/i915/display/intel_ddi.c | 5 + drivers/gpu/drm/i915/display/intel_dp.c | 6 +- drivers/gpu/drm/i915/display/intel_psr.c | 11 + drivers/gpu/drm/i915/display/intel_vrr.c | 7 + drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 4 + drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 10 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 8 +- drivers/gpu/drm/msm/dp/dp_display.c | 2 + drivers/gpu/drm/msm/msm_fb.c | 6 +- drivers/gpu/drm/msm/msm_kms.c | 4 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/panfrost/panfrost_mmu.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 ++++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 +- drivers/gpu/drm/xe/xe_display.c | 5 - drivers/gpu/drm/xe/xe_hwmon.c | 4 +- drivers/iommu/intel/iommu.c | 11 +- drivers/iommu/intel/perfmon.c | 2 +- drivers/iommu/intel/svm.c | 2 +- drivers/md/raid1.c | 2 +- drivers/media/cec/core/cec-adap.c | 14 -- drivers/mmc/host/omap.c | 48 +++-- drivers/net/dsa/mt7530.c | 229 ++++++++++++++++++--- drivers/net/dsa/mt7530.h | 5 + drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 35 ++-- drivers/net/ethernet/amazon/ena/ena_xdp.c | 4 +- drivers/net/ethernet/amd/pds_core/core.c | 14 +- drivers/net/ethernet/amd/pds_core/core.h | 5 +- drivers/net/ethernet/amd/pds_core/dev.c | 3 + drivers/net/ethernet/amd/pds_core/main.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 6 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 22 +- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en/ptp.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 33 +-- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c | 2 + .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 17 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 - drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 17 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 37 ++-- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 4 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 22 +- drivers/net/ethernet/micrel/ks8851.h | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/micrel/ks8851_par.c | 11 - drivers/net/ethernet/micrel/ks8851_spi.c | 11 - .../net/ethernet/microchip/sparx5/sparx5_port.c | 4 +- drivers/net/geneve.c | 4 +- drivers/net/virtio_net.c | 28 ++- drivers/platform/chrome/cros_ec_uart.c | 28 +-- drivers/scsi/hisi_sas/hisi_sas_main.c | 2 +- drivers/scsi/qla2xxx/qla_edif.c | 2 +- drivers/scsi/sg.c | 20 +- drivers/vhost/vhost.c | 28 ++- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/inode.c | 13 +- fs/btrfs/ioctl.c | 37 +++- fs/btrfs/qgroup.c | 2 + fs/btrfs/root-tree.c | 10 - fs/btrfs/root-tree.h | 2 - fs/btrfs/tests/extent-io-tests.c | 28 ++- fs/btrfs/transaction.c | 17 +- fs/ceph/addr.c | 4 +- fs/ceph/caps.c | 4 +- fs/ceph/mds_client.c | 9 +- fs/ceph/mds_client.h | 3 +- fs/kernfs/file.c | 9 +- fs/proc/bootconfig.c | 12 +- fs/smb/client/cached_dir.c | 4 +- include/acpi/acpi_bus.h | 8 +- include/linux/bootconfig.h | 1 + include/linux/dma-fence.h | 7 + include/linux/irqflags.h | 2 +- include/linux/node.h | 18 +- include/linux/u64_stats_sync.h | 9 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 2 +- include/net/bluetooth/bluetooth.h | 11 + include/net/ip_tunnels.h | 33 +++ init/main.c | 5 + io_uring/io_uring.c | 25 +++ io_uring/net.c | 22 +- io_uring/rw.c | 2 - kernel/cpu.c | 3 +- kernel/kprobes.c | 18 +- kernel/power/suspend.c | 6 + kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace_events.c | 4 + lib/checksum_kunit.c | 5 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/hci_sock.c | 21 +- net/bluetooth/hci_sync.c | 66 +++++- net/bluetooth/iso.c | 50 ++--- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/l2cap_sock.c | 52 ++--- net/bluetooth/rfcomm/sock.c | 14 +- net/bluetooth/sco.c | 23 +-- net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/route.c | 4 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/netfilter/ip6_tables.c | 4 + net/openvswitch/conntrack.c | 5 +- net/unix/af_unix.c | 8 +- net/unix/garbage.c | 35 +++- net/unix/scm.c | 8 +- net/xdp/xsk.c | 2 + tools/testing/selftests/kselftest.h | 33 ++- tools/testing/selftests/timers/posix_timers.c | 105 +++++----- 170 files changed, 1559 insertions(+), 882 deletions(-)

8 months, 4 weeks

8
179
0 0

[PATCH] block: Fix BLKRRPART regression

by Saranya Muruganandam

The BLKRRPART ioctl used to report errors such as EIO before we changed the blkdev_reread_part() logic. Lets add a flag and capture the errors returned by bdev_disk_changed() when the flag is set. Setting this flag for the BLKRRPART path when we want the errors to be reported when rereading partitions on the disk. Link: https://lore.kernel.org/all/20240320015134.GA14267@lst.de/ Suggested-by: Christoph Hellwig <hch(a)lst.de> Tested: Tested by simulating failure to the block device and will propose a new test to blktests. Fixes: 4601b4b130de ("block: reopen the device in blkdev_reread_part") Reported-by: Saranya Muruganandam <saranyamohan(a)google.com> Signed-off-by: Saranya Muruganandam <saranyamohan(a)google.com> Change-Id: Idf3d97390ed78061556f8468d10d6cab24ae20b1 --- block/bdev.c | 31 +++++++++++++++++++++---------- block/ioctl.c | 3 ++- include/linux/blkdev.h | 3 +++ 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/block/bdev.c b/block/bdev.c index 77fa77cd29bee..71478f8865546 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -632,6 +632,14 @@ static void blkdev_flush_mapping(struct block_device *bdev) bdev_write_inode(bdev); } +static void blkdev_put_whole(struct block_device *bdev) +{ + if (atomic_dec_and_test(&bdev->bd_openers)) + blkdev_flush_mapping(bdev); + if (bdev->bd_disk->fops->release) + bdev->bd_disk->fops->release(bdev->bd_disk); +} + static int blkdev_get_whole(struct block_device *bdev, blk_mode_t mode) { struct gendisk *disk = bdev->bd_disk; @@ -650,18 +658,21 @@ static int blkdev_get_whole(struct block_device *bdev, blk_mode_t mode) if (!atomic_read(&bdev->bd_openers)) set_init_blocksize(bdev); - if (test_bit(GD_NEED_PART_SCAN, &disk->state)) - bdev_disk_changed(disk, false); atomic_inc(&bdev->bd_openers); - return 0; -} -static void blkdev_put_whole(struct block_device *bdev) -{ - if (atomic_dec_and_test(&bdev->bd_openers)) - blkdev_flush_mapping(bdev); - if (bdev->bd_disk->fops->release) - bdev->bd_disk->fops->release(bdev->bd_disk); + if (test_bit(GD_NEED_PART_SCAN, &disk->state)) { + /* + * Only return scanning errors if we are called from contexts + * that explicitly want them, e.g. the BLKRRPART ioctl. + */ + ret = bdev_disk_changed(disk, false); + if (ret && (mode & BLK_OPEN_STRICT_SCAN)) { + blkdev_put_whole(bdev); + return ret; + } + } + + return 0; } static int blkdev_get_part(struct block_device *part, blk_mode_t mode) diff --git a/block/ioctl.c b/block/ioctl.c index aa46f3761c3ed..e8d72d9f327fd 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -557,7 +557,8 @@ static int blkdev_common_ioctl(struct block_device *bdev, blk_mode_t mode, return -EACCES; if (bdev_is_partition(bdev)) return -EINVAL; - return disk_scan_partitions(bdev->bd_disk, mode); + return disk_scan_partitions(bdev->bd_disk, + mode | BLK_OPEN_STRICT_SCAN); case BLKTRACESTART: case BLKTRACESTOP: case BLKTRACETEARDOWN: diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 01983eece8f2a..d0104dc839b0d 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -151,6 +151,9 @@ struct access_rules_head { int max_rules; }; +/* return partition scanning errors */ +#define BLK_OPEN_STRICT_SCAN ((__force blk_mode_t)(1 << 5)) + struct gendisk { /* * major/first_minor/minors should not be set by any new driver, the -- 2.44.0.478.gd926399ef9-goog

8 months, 4 weeks

6
11
0 0

[PATCH] mmc: sdhci-msm: pervent access to suspended controller

by Mantas Pucka

Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. Cc: stable(a)vger.kernel.org Fixes: 67e6db113c90 ("mmc: sdhci-msm: Add pm_runtime and system PM support") Signed-off-by: Mantas Pucka <mantas(a)8devices.com> --- drivers/mmc/host/sdhci-msm.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..e113b99a3eab 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -2694,6 +2694,11 @@ static __maybe_unused int sdhci_msm_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = true; + spin_unlock_irqrestore(&host->lock, flags); /* Drop the performance vote */ dev_pm_opp_set_rate(dev, 0); @@ -2708,6 +2713,7 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + unsigned long flags; int ret; ret = clk_bulk_prepare_enable(ARRAY_SIZE(msm_host->bulk_clks), @@ -2726,7 +2732,15 @@ static __maybe_unused int sdhci_msm_runtime_resume(struct device *dev) dev_pm_opp_set_rate(dev, msm_host->clk_rate); - return sdhci_msm_ice_resume(msm_host); + ret = sdhci_msm_ice_resume(msm_host); + if (ret) + return ret; + + spin_lock_irqsave(&host->lock, flags); + host->runtime_suspended = false; + spin_unlock_irqrestore(&host->lock, flags); + + return ret; } static const struct dev_pm_ops sdhci_msm_pm_ops = { --- base-commit: e8f897f4afef0031fe618a8e94127a0934896aba change-id: 20240321-sdhci-mmc-suspend-34f4af1d0286 Best regards, -- Mantas Pucka <mantas(a)8devices.com>

8 months, 4 weeks

3
7
0 0

[PATCH] dm: Change the default value of rq_affinity from 0 into 1

by Bart Van Assche

The following behavior is inconsistent: * For request-based dm queues the default value of rq_affinity is 1. * For bio-based dm queues the default value of rq_affinity is 0. The default value for request-based dm queues is 1 because of the following code in blk_mq_init_allocated_queue(): q->queue_flags |= QUEUE_FLAG_MQ_DEFAULT; From <linux/blkdev.h>: #define QUEUE_FLAG_MQ_DEFAULT ((1UL << QUEUE_FLAG_IO_STAT) | \ (1UL << QUEUE_FLAG_SAME_COMP) | \ (1UL << QUEUE_FLAG_NOWAIT)) The default value of rq_affinity for bio-based dm queues is 0 because the dm alloc_dev() function does not set any of the QUEUE_FLAG_SAME_* flags. I think the different default values are the result of an oversight when blk-mq support was added in the device mapper code. Hence this patch that changes the default value of rq_affinity from 0 to 1 for bio-based dm queues. This patch reduces the boot time from 12.23 to 12.20 seconds on my test setup, a Pixel 2023 development board. The storage controller on that test setup supports a single completion interrupt and hence benefits from redirecting I/O completions to a CPU core that is closer to the submitter. Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Eric Biggers <ebiggers(a)kernel.org> Cc: Jaegeuk Kim <jaegeuk(a)kernel.org> Cc: Daniel Lee <chullee(a)google.com> Cc: stable(a)vger.kernel.org Fixes: bfebd1cdb497 ("dm: add full blk-mq support to request-based DM") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/md/dm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 56aa2a8b9d71..9af216c11cf7 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2106,6 +2106,7 @@ static struct mapped_device *alloc_dev(int minor) if (IS_ERR(md->disk)) goto bad; md->queue = md->disk->queue; + blk_queue_flag_set(QUEUE_FLAG_SAME_COMP, md->queue); init_waitqueue_head(&md->wait); INIT_WORK(&md->work, dm_wq_work);

8 months, 4 weeks

2
3
0 0

[PATCH 1/2] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm() happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> # for arm64 Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> # for x86 Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: linux-arch(a)vger.kernel.org Cc: linux-mm(a)kvack.org Cc: x86(a)kernel.org --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index fe1e7e3cc844..63bdc6b85219 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> #endif /* _ASM_X86_BARRIER_H */ diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 0c0695763bea..dc32b96140c1 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -294,5 +294,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index d2242679239e..d2895d264196 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3445,13 +3447,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.39.2

8 months, 4 weeks

2
1
0 0

[PATCH 0/7] kdb: Refactor and fix bugs in kdb_read()

by Daniel Thompson

Inspired by a patch from [Justin][1] I took a closer look at kdb_read(). Despite Justin's patch being a (correct) one-line manipulation it was a tough patch to review because the surrounding code was hard to read and it looked like there were unfixed problems. This series isn't enough to make kdb_read() beautiful but it does make it shorter, easier to reason about and fixes a buffer overflow and a screen redraw problem! [1]: https://lore.kernel.org/all/20240403-strncpy-kernel-debug-kdb-kdb_io-c-v1-1… Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> --- Daniel Thompson (7): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Replace double memcpy() with memmove() in kdb_read() kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() kdb: Simplify management of tmpbuffer in kdb_read() kernel/debug/kdb/kdb_io.c | 133 ++++++++++++++++++++-------------------------- 1 file changed, 58 insertions(+), 75 deletions(-) --- base-commit: dccce9b8780618986962ba37c373668bcf426866 change-id: 20240415-kgdb_read_refactor-2ea2dfc15dbb Best regards, -- Daniel Thompson <daniel.thompson(a)linaro.org>

8 months, 4 weeks

1
3
0 0

[PATCH] Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"

by Johan Hovold

This reverts commit 7dcd3e014aa7faeeaf4047190b22d8a19a0db696. Qualcomm Bluetooth controllers like WCN6855 do not have persistent storage for the Bluetooth address and must therefore start as unconfigured to allow the user to set a valid address unless one has been provided by the boot firmware in the devicetree. A recent change snuck into v6.8-rc7 and incorrectly started marking the default (non-unique) address as valid. This specifically also breaks the Bluetooth setup for some user of the Lenovo ThinkPad X13s. Note that this is the second time Qualcomm breaks the driver this way and that this was fixed last year by commit 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk"), which also has some further details. Fixes: 7dcd3e014aa7 ("Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT") Cc: stable(a)vger.kernel.org # 6.8 Cc: Janaki Ramaiah Thota <quic_janathot(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/bluetooth/hci_qca.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index edd2a81b4d5e..f989c05f8177 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -7,7 +7,6 @@ * * Copyright (C) 2007 Texas Instruments, Inc. * Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved. - * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved. * * Acknowledgements: * This file is based on hci_ll.c, which was... @@ -1904,17 +1903,7 @@ static int qca_setup(struct hci_uart *hu) case QCA_WCN6750: case QCA_WCN6855: case QCA_WCN7850: - - /* Set BDA quirk bit for reading BDA value from fwnode property - * only if that property exist in DT. - */ - if (fwnode_property_present(dev_fwnode(hdev->dev.parent), "local-bd-address")) { - set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); - bt_dev_info(hdev, "setting quirk bit to read BDA from fwnode later"); - } else { - bt_dev_dbg(hdev, "local-bd-address` is not present in the devicetree so not setting quirk bit for BDA"); - } - + set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); hci_set_aosp_capable(hdev); ret = qca_read_soc_version(hdev, &ver, soc_type); -- 2.43.2

8 months, 4 weeks

7
26
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041526-whisking-flyover-825a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") 9840cfcb97fc ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

8 months, 4 weeks

2
1
0 0

FAILED: patch "[PATCH] kprobes: Fix possible use-after-free issue on kprobe" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041525-compel-delta-953a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 325f3fb551f8 ("kprobes: Fix possible use-after-free issue on kprobe registration") 1efda38d6f9b ("kprobes: Prohibit probes in gate area") 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") 223a76b268c9 ("kprobes: Fix coding style issues") 9c89bb8e3272 ("kprobes: treewide: Cleanup the error messages for kprobes") 02afb8d6048d ("kprobe: Simplify prepare_kprobe() by dropping redundant version") 9840cfcb97fc ("Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Wed, 10 Apr 2024 09:58:02 +0800 Subject: [PATCH] kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/ Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas") Cc: stable(a)vger.kernel.org Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 9d9095e81792..65adc815fc6e 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1567,10 +1567,17 @@ static int check_kprobe_address_safe(struct kprobe *p, jump_label_lock(); preempt_disable(); - /* Ensure it is not in reserved area nor out of text */ - if (!(core_kernel_text((unsigned long) p->addr) || - is_module_text_address((unsigned long) p->addr)) || - in_gate_area_no_mm((unsigned long) p->addr) || + /* Ensure the address is in a text area, and find a module if exists. */ + *probed_mod = NULL; + if (!core_kernel_text((unsigned long) p->addr)) { + *probed_mod = __module_text_address((unsigned long) p->addr); + if (!(*probed_mod)) { + ret = -EINVAL; + goto out; + } + } + /* Ensure it is not in reserved area. */ + if (in_gate_area_no_mm((unsigned long) p->addr) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || @@ -1580,8 +1587,7 @@ static int check_kprobe_address_safe(struct kprobe *p, goto out; } - /* Check if 'p' is probing a module. */ - *probed_mod = __module_text_address((unsigned long) p->addr); + /* Get module refcount and reject __init functions for loaded modules. */ if (*probed_mod) { /* * We must hold a refcount of the probed module while updating

8 months, 4 weeks

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2024