May 2024 - Linux-stable-mirror

[PATCH 5.4.y 0/2] net: qede: return value conflict resolution

by Asbjørn Sloth Tønnesen

Thanks Sasha, for picking these fixes up. I have reviewed all the queues and everything looks good. Just for completeness sake, I have fixed the conflict in v5.4, so it can also get the flower patch. Asbjørn Sloth Tønnesen (2): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower drivers/net/ethernet/qlogic/qede/qede_filter.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) -- 2.43.0

1 year, 5 months

2
3
0 0

[PATCH RESEND 5.15.y 0/3] Use access_width for _CPC package when provided by the platform firmware

by Easwar Hariharan

This series backports the original patch[1] and fixes to it[2][3], all marked for stable, that fix a kernel panic when using the wrong access size when platform firmware provides the access size to use for the _CPC ACPI package. This series was originally sent in response to an automated email notifying authors, reviewers, and maintainer of a failure to apply patch [3] to linux-5.15.y at [4]. [1] 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") [2] 92ee782ee ("ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro"). [3] f489c948028b ("ACPI: CPPC: Fix access width used for PCC registers") [4] https://lore.kernel.org/all/2024042905-puppy-heritage-e422@gregkh/ Easwar Hariharan (1): Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Jarred White (1): ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Vanshidhar Konda (1): ACPI: CPPC: Fix access width used for PCC registers drivers/acpi/cppc_acpi.c | 67 +++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 11 deletions(-) base-commit: 284087d4f7d57502b5a41b423b771f16cc6d157a -- 2.34.1

1 year, 5 months

2
4
0 0

[PATCH 6.1] MAINTAINERS: add leah to 6.1 MAINTAINERS file

by Leah Rumancik

I've been trying to get backports rolling to 6.1.y. Update MAINTAINERS file so backports requests / questions can get routed appropriately. Signed-off-by: Leah Rumancik <leah.rumancik(a)gmail.com> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index ecf4d0c8f446..4b19dfb5d2fd 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -22557,6 +22557,7 @@ F: include/xen/swiotlb-xen.h XFS FILESYSTEM C: irc://irc.oftc.net/xfs +M: Leah Rumancik <leah.rumancik(a)gmail.com> M: Darrick J. Wong <djwong(a)kernel.org> L: linux-xfs(a)vger.kernel.org S: Supported -- 2.45.0.118.g7fe29c98d7-goog

1 year, 5 months

3
2
0 0

DCN 3.5 hang on boot

by Mario Limonciello

Hi, APUs with DCN 3.5 are nominally supported with kernel 6.8 but are hitting a NULL pointer error at bootup. It’s because of a VBIOS change to bump to a newer version (but same structure definition). Can you please bring this to linux-6.8.y? 9a35d205f466 ("drm/amd/display: Atom Integrated System Info v2_2 for DCN35") Thanks!

1 year, 5 months

2
1
0 0

2 fixes for inclusion into linux-4.19.y

by Lee Jones

Dear Stable, Please could you apply the following fixes to the v4.19 Stable tree: 97af84a6bba2 af_unix: Do not use atomic ops for unix_sk(sk)->inflight. 47d8ac011fe1 af_unix: Fix garbage collector racing against connect() The former was only applied as far back as linux-5.4.y because the commit in the Fixes tag wasn't ever applied to linux-4.19.y, however it is a dependency for the latter, which fixes a real bug also found in linux-4.19.y. The assumption is that the latter was not applied to linux-4.19.y due to an conflict caused the missing dependency. When both are applied in order, they do so cleanly. Thank you. Kind regards, Lee -- Lee Jones [李琼斯]

1 year, 5 months

2
1
0 0

Re: Patch "nfc: nci: Fix kcov check in nci_rx_work()" has been added to the 6.1-stable tree

by Tetsuo Handa

On 2024/05/11 6:39, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > nfc: nci: Fix kcov check in nci_rx_work() > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > nfc-nci-fix-kcov-check-in-nci_rx_work.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > I think we should not add this patch to 6.1 and earlier kernels, for only 6.2 and later kernels call kcov_remote_stop() from nci_rx_work().

1 year, 5 months

2
1
0 0

[PATCH v1] Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot

by Zijun Hu

Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() during reboot, but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also be fixed by this change since serdev is still opened when send to serdev. Fixes: 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") Cc: stable(a)vger.kernel.org Reported-by: Wren Turkal <wt(a)penguintechs.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218726 Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Tested-by: Wren Turkal <wt(a)penguintechs.org> --- drivers/bluetooth/hci_qca.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 0c9c9ee56592..8e35c9091486 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -2450,13 +2450,12 @@ static void qca_serdev_shutdown(struct device *dev) struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev); struct hci_uart *hu = &qcadev->serdev_hu; struct hci_dev *hdev = hu->hdev; - struct qca_data *qca = hu->priv; const u8 ibs_wake_cmd[] = { 0xFD }; const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 }; if (qcadev->btsoc_type == QCA_QCA6390) { - if (test_bit(QCA_BT_OFF, &qca->flags) || - !test_bit(HCI_RUNNING, &hdev->flags)) + if (test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks) || + hci_dev_test_flag(hdev, HCI_SETUP)) return; serdev_device_write_flush(serdev); -- 2.7.4

1 year, 5 months

6
10
0 0

[PATCH 2/2] x86/sgx: Resolve EREMOVE page vs EAUG page data race

by Dmitrii Kuvaiskii

Two enclave threads may try to add and remove the same enclave page simultaneously (e.g., if the SGX runtime supports both lazy allocation and `MADV_DONTNEED` semantics). Consider this race: 1. T1 performs page removal in sgx_encl_remove_pages() and stops right after removing the page table entry and right before re-acquiring the enclave lock to EREMOVE and xa_erase(&encl->page_array) the page. 2. T2 tries to access the page, and #PF[not_present] is raised. The condition to EAUG in sgx_vma_fault() is not satisfied because the page is still present in encl->page_array, thus the SGX driver assumes that the fault happened because the page was swapped out. The driver continues on a code path that installs a page table entry *without* performing EAUG. 3. The enclave page metadata is in inconsistent state: the PTE is installed but there was no EAUG. Thus, T2 in userspace infinitely receives SIGSEGV on this page (and EACCEPT always fails). Fix this by making sure that T1 (the page-removing thread) always wins this data race. In particular, the page-being-removed is marked as such, and T2 retries until the page is fully removed. Fixes: 9849bb27152c ("x86/sgx: Support complete page removal") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 3 ++- arch/x86/kernel/cpu/sgx/encl.h | 3 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 41f14b1a3025..7ccd8b2fce5f 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -257,7 +257,8 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, /* Entry successfully located. */ if (entry->epc_page) { - if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) + if (entry->desc & (SGX_ENCL_PAGE_BEING_RECLAIMED | + SGX_ENCL_PAGE_BEING_REMOVED)) return ERR_PTR(-EBUSY); return entry; diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index f94ff14c9486..fff5f2293ae7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -25,6 +25,9 @@ /* 'desc' bit marking that the page is being reclaimed. */ #define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3) +/* 'desc' bit marking that the page is being removed. */ +#define SGX_ENCL_PAGE_BEING_REMOVED BIT(2) + struct sgx_encl_page { unsigned long desc; unsigned long vm_max_prot_bits:8; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index b65ab214bdf5..c542d4dd3e64 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -1142,6 +1142,7 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, * Do not keep encl->lock because of dependency on * mmap_lock acquired in sgx_zap_enclave_ptes(). */ + entry->desc |= SGX_ENCL_PAGE_BEING_REMOVED; mutex_unlock(&encl->lock); sgx_zap_enclave_ptes(encl, addr); -- 2.34.1

1 year, 5 months

3
3
0 0

[PATCH 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Two enclave threads may try to access the same non-present enclave page simultaneously (e.g., if the SGX runtime supports lazy allocation). The threads will end up in sgx_encl_eaug_page(), racing to acquire the enclave lock. The winning thread will perform EAUG, set up the page table entry, and insert the page into encl->page_array. The losing thread will then get -EBUSY on xa_insert(&encl->page_array) and proceed to error handling path. This error handling path contains two bugs: (1) SIGBUS is sent to userspace even though the enclave page is correctly installed by another thread, and (2) sgx_encl_free_epc_page() is called that performs EREMOVE even though the enclave page was never intended to be removed. The first bug is less severe because it impacts only the user space; the second bug is more severe because it also impacts the OS state by ripping the page (added by the winning thread) from the enclave. Fix these two bugs (1) by returning VM_FAULT_NOPAGE to the generic Linux fault handler so that no signal is sent to userspace, and (2) by replacing sgx_encl_free_epc_page() with sgx_free_epc_page() so that no EREMOVE is performed. Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

1 year, 5 months

3
5
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-powerpc-arch-check.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix powerpc ARCH check has been removed from the -mm tree. Its filename was selftests-mm-fix-powerpc-arch-check.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Michael Ellerman <mpe(a)ellerman.id.au> Subject: selftests/mm: fix powerpc ARCH check Date: Mon, 6 May 2024 21:58:25 +1000 In commit 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") the logic to detect the machine architecture in the Makefile was changed to use ARCH, and only fallback to uname -m if ARCH is unset. However the tests of ARCH were not updated to account for the fact that ARCH is "powerpc" for powerpc builds, not "ppc64". Fix it by changing the checks to look for "powerpc", and change the uname -m logic to convert "ppc64.*" into "powerpc". With that fixed the following tests now build for powerpc again: * protection_keys * va_high_addr_switch * virtual_address_range * write_to_hugetlbfs Link: https://lkml.kernel.org/r/20240506115825.66415-1-mpe@ellerman.id.au Fixes: 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Mark Brown <broonie(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.4+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/tools/testing/selftests/mm/Makefile~selftests-mm-fix-powerpc-arch-check +++ a/tools/testing/selftests/mm/Makefile @@ -12,7 +12,7 @@ uname_M := $(shell uname -m 2>/dev/null else uname_M := $(shell echo $(CROSS_COMPILE) | grep -o '^[a-z0-9]\+') endif -ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/ppc64/') +ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/powerpc/') endif # Without this, failed build products remain, with up-to-date timestamps, @@ -98,13 +98,13 @@ TEST_GEN_FILES += $(BINARIES_64) endif else -ifneq (,$(findstring $(ARCH),ppc64)) +ifneq (,$(findstring $(ARCH),powerpc)) TEST_GEN_FILES += protection_keys endif endif -ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 ppc64 riscv64 s390x sparc64 x86_64)) +ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64)) TEST_GEN_FILES += va_high_addr_switch TEST_GEN_FILES += virtual_address_range TEST_GEN_FILES += write_to_hugetlbfs _ Patches currently in -mm which might be from mpe(a)ellerman.id.au are drm-amd-display-only-use-hard-float-not-altivec-on-powerpc.patch

1 year, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2024