July 2024 - Linux-stable-mirror

[PATCH 2/2] f2fs: use meta inode for GC of COW file

by Sunmin Jeong

In case of the COW file, new updates and GC writes are already separated to page caches of the atomic file and COW file. As some cases that use the meta inode for GC, there are some race issues between a foreground thread and GC thread. To handle them, we need to take care when to invalidate and wait writeback of GC pages in COW files as the case of using the meta inode. Also, a pointer from the COW inode to the original inode is required to check the state of original pages. For the former, we can solve the problem by using the meta inode for GC of COW files. Then let's get a page from the original inode in move_data_block when GCing the COW file to avoid race condition. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> --- fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 7 ++++++- fs/f2fs/file.c | 3 +++ fs/f2fs/gc.c | 12 ++++++++++-- fs/f2fs/inline.c | 2 +- fs/f2fs/inode.c | 3 ++- 6 files changed, 23 insertions(+), 6 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 05158f89ef32..90ff0f6f7f7f 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2651,7 +2651,7 @@ bool f2fs_should_update_outplace(struct inode *inode, struct f2fs_io_info *fio) return true; if (IS_NOQUOTA(inode)) return true; - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return true; /* rewrite low ratio compress data w/ OPU mode to avoid fragmentation */ if (f2fs_compressed_file(inode) && diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 59c5117e54b1..4f9fd1c1d024 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4267,9 +4267,14 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_used_in_atomic_write(struct inode *inode) +{ + return f2fs_is_atomic_file(inode) || f2fs_is_cow_file(inode); +} + static inline bool f2fs_meta_inode_gc_required(struct inode *inode) { - return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); + return f2fs_post_read_required(inode) || f2fs_used_in_atomic_write(inode); } /* diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 25b119cf3499..c9f0ba658cfd 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2116,6 +2116,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) set_inode_flag(fi->cow_inode, FI_COW_FILE); clear_inode_flag(fi->cow_inode, FI_INLINE_DATA); + + /* Set the COW inode's cow_inode to the atomic inode */ + F2FS_I(fi->cow_inode)->cow_inode = inode; } else { /* Reuse the already created COW inode */ ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true); diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index 136b9e8180a3..76854e732b35 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1188,7 +1188,11 @@ static int ra_data_block(struct inode *inode, pgoff_t index) }; int err; - page = f2fs_grab_cache_page(mapping, index, true); + if (f2fs_is_cow_file(inode)) + page = f2fs_grab_cache_page(F2FS_I(inode)->cow_inode->i_mapping, + index, true); + else + page = f2fs_grab_cache_page(mapping, index, true); if (!page) return -ENOMEM; @@ -1287,7 +1291,11 @@ static int move_data_block(struct inode *inode, block_t bidx, CURSEG_ALL_DATA_ATGC : CURSEG_COLD_DATA; /* do not read out */ - page = f2fs_grab_cache_page(inode->i_mapping, bidx, false); + if (f2fs_is_cow_file(inode)) + page = f2fs_grab_cache_page(F2FS_I(inode)->cow_inode->i_mapping, + bidx, false); + else + page = f2fs_grab_cache_page(inode->i_mapping, bidx, false); if (!page) return -ENOMEM; diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index ac00423f117b..0186ec049db6 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -16,7 +16,7 @@ static bool support_inline_data(struct inode *inode) { - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return false; if (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode)) return false; diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index c26effdce9aa..c810304e2681 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -807,8 +807,9 @@ void f2fs_evict_inode(struct inode *inode) f2fs_abort_atomic_write(inode, true); - if (fi->cow_inode) { + if (fi->cow_inode && f2fs_is_cow_file(fi->cow_inode)) { clear_inode_flag(fi->cow_inode, FI_COW_FILE); + F2FS_I(fi->cow_inode)->cow_inode = NULL; iput(fi->cow_inode); fi->cow_inode = NULL; } -- 2.25.1

5 months, 3 weeks

2
2
0 0

[PATCH 1/2] f2fs: use meta inode for GC of atomic file

by Sunmin Jeong

The page cache of the atomic file keeps new data pages which will be stored in the COW file. It can also keep old data pages when GCing the atomic file. In this case, new data can be overwritten by old data if a GC thread sets the old data page as dirty after new data page was evicted. Also, since all writes to the atomic file are redirected to COW inodes, GC for the atomic file is not working well as below. f2fs_gc(gc_type=FG_GC) - select A as a victim segment do_garbage_collect - iget atomic file's inode for block B move_data_page f2fs_do_write_data_page - use dn of cow inode - set fio->old_blkaddr from cow inode - seg_freed is 0 since block B is still valid - goto gc_more and A is selected as victim again To solve the problem, let's separate GC writes and updates in the atomic file by using the meta inode for GC writes. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> --- fs/f2fs/f2fs.h | 5 +++++ fs/f2fs/gc.c | 6 +++--- fs/f2fs/segment.c | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index a000cb024dbe..59c5117e54b1 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4267,6 +4267,11 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_meta_inode_gc_required(struct inode *inode) +{ + return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); +} + /* * compress.c */ diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index a079eebfb080..136b9e8180a3 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1580,7 +1580,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, start_bidx = f2fs_start_bidx_of_node(nofs, inode) + ofs_in_node; - if (f2fs_post_read_required(inode)) { + if (f2fs_meta_inode_gc_required(inode)) { int err = ra_data_block(inode, start_bidx); f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); @@ -1631,7 +1631,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, start_bidx = f2fs_start_bidx_of_node(nofs, inode) + ofs_in_node; - if (f2fs_post_read_required(inode)) + if (f2fs_meta_inode_gc_required(inode)) err = move_data_block(inode, start_bidx, gc_type, segno, off); else @@ -1639,7 +1639,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, segno, off); if (!err && (gc_type == FG_GC || - f2fs_post_read_required(inode))) + f2fs_meta_inode_gc_required(inode))) submitted++; if (locked) { diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 7e47b8054413..b55fc4bd416a 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -3823,7 +3823,7 @@ void f2fs_wait_on_block_writeback(struct inode *inode, block_t blkaddr) struct f2fs_sb_info *sbi = F2FS_I_SB(inode); struct page *cpage; - if (!f2fs_post_read_required(inode)) + if (!f2fs_meta_inode_gc_required(inode)) return; if (!__is_valid_data_blkaddr(blkaddr)) @@ -3842,7 +3842,7 @@ void f2fs_wait_on_block_writeback_range(struct inode *inode, block_t blkaddr, struct f2fs_sb_info *sbi = F2FS_I_SB(inode); block_t i; - if (!f2fs_post_read_required(inode)) + if (!f2fs_meta_inode_gc_required(inode)) return; for (i = 0; i < len; i++) -- 2.25.1

5 months, 3 weeks

2
3
0 0

[merged mm-stable] hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: hugetlb: force allocating surplus hugepages on mempolicy allowed nodes has been removed from the -mm tree. Its filename was hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Aristeu Rozanski <aris(a)redhat.com> Subject: hugetlb: force allocating surplus hugepages on mempolicy allowed nodes Date: Fri, 21 Jun 2024 15:00:50 -0400 When trying to allocate a hugepage with no reserved ones free, it may be allowed in case a number of overcommit hugepages was configured (using /proc/sys/vm/nr_overcommit_hugepages) and that number wasn't reached. This allows for a behavior of having extra hugepages allocated dynamically, if there're resources for it. Some sysadmins even prefer not reserving any hugepages and setting a big number of overcommit hugepages. But while attempting to allocate overcommit hugepages in a multi node system (either NUMA or mempolicy/cpuset) said allocations might randomly fail even when there're resources available for the allocation. This happens due to allowed_mems_nr() only accounting for the number of free hugepages in the nodes the current process belongs to and the surplus hugepage allocation is done so it can be allocated in any node. In case one or more of the requested surplus hugepages are allocated in a different node, the whole allocation will fail due allowed_mems_nr() returning a lower value. So allocate surplus hugepages in one of the nodes the current process belongs to. Easy way to reproduce this issue is to use a 2+ NUMA nodes system: # echo 0 >/proc/sys/vm/nr_hugepages # echo 1 >/proc/sys/vm/nr_overcommit_hugepages # numactl -m0 ./tools/testing/selftests/mm/map_hugetlb 2 Repeating the execution of map_hugetlb test application will eventually fail when the hugepage ends up allocated in a different node. [aris(a)ruivo.org: v2] Link: https://lkml.kernel.org/r/20240701212343.GG844599@cathedrallabs.org Link: https://lkml.kernel.org/r/20240621190050.mhxwb65zn37doegp@redhat.com Signed-off-by: Aristeu Rozanski <aris(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Aristeu Rozanski <aris(a)ruivo.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Vishal Moola <vishal.moola(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) --- a/mm/hugetlb.c~hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes +++ a/mm/hugetlb.c @@ -2620,6 +2620,23 @@ struct folio *alloc_hugetlb_folio_nodema return alloc_migrate_hugetlb_folio(h, gfp_mask, preferred_nid, nmask); } +static nodemask_t *policy_mbind_nodemask(gfp_t gfp) +{ +#ifdef CONFIG_NUMA + struct mempolicy *mpol = get_task_policy(current); + + /* + * Only enforce MPOL_BIND policy which overlaps with cpuset policy + * (from policy_nodemask) specifically for hugetlb case + */ + if (mpol->mode == MPOL_BIND && + (apply_policy_zone(mpol, gfp_zone(gfp)) && + cpuset_nodemask_valid_mems_allowed(&mpol->nodes))) + return &mpol->nodes; +#endif + return NULL; +} + /* * Increase the hugetlb pool such that it can accommodate a reservation * of size 'delta'. @@ -2633,6 +2650,8 @@ static int gather_surplus_pages(struct h long i; long needed, allocated; bool alloc_ok = true; + int node; + nodemask_t *mbind_nodemask = policy_mbind_nodemask(htlb_alloc_mask(h)); lockdep_assert_held(&hugetlb_lock); needed = (h->resv_huge_pages + delta) - h->free_huge_pages; @@ -2647,8 +2666,15 @@ static int gather_surplus_pages(struct h retry: spin_unlock_irq(&hugetlb_lock); for (i = 0; i < needed; i++) { - folio = alloc_surplus_hugetlb_folio(h, htlb_alloc_mask(h), - NUMA_NO_NODE, NULL); + folio = NULL; + for_each_node_mask(node, cpuset_current_mems_allowed) { + if (!mbind_nodemask || node_isset(node, *mbind_nodemask)) { + folio = alloc_surplus_hugetlb_folio(h, htlb_alloc_mask(h), + node, NULL); + if (folio) + break; + } + } if (!folio) { alloc_ok = false; break; @@ -4878,23 +4904,6 @@ static int __init default_hugepagesz_set } __setup("default_hugepagesz=", default_hugepagesz_setup); -static nodemask_t *policy_mbind_nodemask(gfp_t gfp) -{ -#ifdef CONFIG_NUMA - struct mempolicy *mpol = get_task_policy(current); - - /* - * Only enforce MPOL_BIND policy which overlaps with cpuset policy - * (from policy_nodemask) specifically for hugetlb case - */ - if (mpol->mode == MPOL_BIND && - (apply_policy_zone(mpol, gfp_zone(gfp)) && - cpuset_nodemask_valid_mems_allowed(&mpol->nodes))) - return &mpol->nodes; -#endif - return NULL; -} - static unsigned int allowed_mems_nr(struct hstate *h) { int node; _ Patches currently in -mm which might be from aris(a)redhat.com are

5 months, 3 weeks

1
0
0 0

[folded-merged] hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes-v2.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: hugetlb: force allocating surplus hugepages on mempolicy allowed nodes has been removed from the -mm tree. Its filename was hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes-v2.patch This patch was dropped because it was folded into hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes.patch ------------------------------------------------------ From: Aristeu Rozanski <aris(a)ruivo.org> Subject: hugetlb: force allocating surplus hugepages on mempolicy allowed nodes Date: Mon, 1 Jul 2024 17:23:43 -0400 v2: - attempt to make the description more clear - prevent uninitialized usage of folio in case current process isn't part of any nodes with memory Link: https://lkml.kernel.org/r/20240701212343.GG844599@cathedrallabs.org Signed-off-by: Aristeu Rozanski <aris(a)ruivo.org> Cc: Vishal Moola <vishal.moola(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Aristeu Rozanski <aris(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/hugetlb.c~hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes-v2 +++ a/mm/hugetlb.c @@ -2631,6 +2631,7 @@ static int gather_surplus_pages(struct h retry: spin_unlock_irq(&hugetlb_lock); for (i = 0; i < needed; i++) { + folio = NULL; for_each_node_mask(node, cpuset_current_mems_allowed) { if (!mbind_nodemask || node_isset(node, *mbind_nodemask)) { folio = alloc_surplus_hugetlb_folio(h, htlb_alloc_mask(h), _ Patches currently in -mm which might be from aris(a)ruivo.org are hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes.patch

5 months, 3 weeks

1
0
0 0

[PATCH] ks8851: Fix deadlock with the SPI chip variant

by Ronald Wahl

From: Ronald Wahl <ronald.wahl(a)raritan.com> When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. This commit moves the netif_wake_queue call outside the spinlock protected area. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> --- drivers/net/ethernet/micrel/ks8851_common.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 6453c92f0fa7..60b959126b26 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -348,15 +348,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); + bool need_wake_queue; netif_dbg(ks, intr, ks->netdev, "%s: txspace %d\n", __func__, tx_space); spin_lock(&ks->statelock); ks->tx_space = tx_space; - if (netif_queue_stopped(ks->netdev)) - netif_wake_queue(ks->netdev); + need_wake_queue = netif_queue_stopped(ks->netdev); spin_unlock(&ks->statelock); + if (need_wake_queue) + netif_wake_queue(ks->netdev); } if (status & IRQ_SPIBEI) { -- 2.45.2

5 months, 3 weeks

3
2
0 0

[PATCH 6.9 000/222] 6.9.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.8 release. There are 222 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Jul 2024 17:01:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.8-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.8-rc1 David Howells <dhowells(a)redhat.com> netfs: Fix netfs_page_mkwrite() to flush conflicting data, not wait David Howells <dhowells(a)redhat.com> netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid Yao Xingtao <yaoxt.fnst(a)fujitsu.com> cxl/region: check interleave capability Alison Schofield <alison.schofield(a)intel.com> cxl/region: Avoid null pointer dereference in region lookup Alison Schofield <alison.schofield(a)intel.com> cxl/region: Move cxl_dpa_to_region() work to the region driver Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi 4B Mark Brown <broonie(a)kernel.org> reset: gpio: Fix missing gpiolib dependency for GPIO reset controller FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E Li Ming <ming4.li(a)intel.com> cxl/mem: Fix no cxl_nvd during pmem region auto-assembling Dan Williams <dan.j.williams(a)intel.com> cxl/region: Convert cxl_pmem_region_alloc to scope-based resource management FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: make poweroff(8) work on Radxa ROCK 5A FUKAUMI Naoki <naoki(a)radxa.com> Revert "arm64: dts: rockchip: remove redundant cd-gpios from rk3588 sdmmc nodes" Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch on rk3399-gru Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set correct pwm0 pinctrl on rk3588-tiger Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Fix error message to not describe the previous error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Fix calculation of prescaler yangge <yangge1116(a)126.com> mm/page_alloc: Separate THP PCP into movable and non-movable categories Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "net: sfp: enhance quirk for Fibrestore 2.5G copper SFP module" Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: btree_gc can now handle unknown btrees Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix setting of downgrade recovery passes/errors Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix bch2_sb_downgrade_update() Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix sb-downgrade validation Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix sb_field_downgrade validation Arnd Bergmann <arnd(a)arndb.de> syscalls: fix sys_fanotify_mark prototype Arnd Bergmann <arnd(a)arndb.de> syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Add ATA_HORKAGE_NOLPM for all Crucial BX SSD1 models Niklas Cassel <cassel(a)kernel.org> ata: ahci: Clean up sysfs file on error Vitor Soares <vitor.soares(a)toradex.com> can: mcp251xfd: fix infinite loop when xmit fails Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Jens Axboe <axboe(a)kernel.dk> io_uring: signal SQPOLL task_work with TWA_SIGNAL_NO_IPI Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: fix parsing of vram_info Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix potential UAF by revoke of fence registers Julia Zhang <julia.zhang(a)amd.com> drm/amdgpu: avoid using null object of framebuffer Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Only set smem_start is enable per module option Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Jann Horn <jannh(a)google.com> drm/drm_file: Fix pid refcounting race Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix initial free space detection Arnd Bergmann <arnd(a)arndb.de> sh: rework sync_file_range ABI Dragan Simic <dsimic(a)manjaro.org> kbuild: Install dtb files as 0644 in Makefile.dtbinst Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongson-liointc: Set different ISRs for different cores Yuntao Wang <ytcoode(a)gmail.com> cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Huacai Chen <chenhuacai(a)kernel.org> cpu: Fix broken cmdline "nosmp" and "maxcpus=0" Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing Nathan Chancellor <nathan(a)kernel.org> nvmet-fc: Remove __counted_by from nvmet_fc_tgt_queue.fod[] Mostafa Saleh <smostafa(a)google.com> PCI/MSI: Fix UAF in msi_capability_init Oleksij Rempel <o.rempel(a)pengutronix.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <o.rempel(a)pengutronix.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Nathan Chancellor <nathan(a)kernel.org> tty: mxser: Remove __counted_by from mxser_board.ports[] Dirk Su <dirk.su(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665 G11. Jonas Gorski <jonas.gorski(a)gmail.com> serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited() Jonas Gorski <jonas.gorski(a)gmail.com> serial: core: introduce uart_port_tx_limited_flags() Stefan Eichenberger <stefan.eichenberger(a)toradex.com> serial: imx: set receiver level before starting uart Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Implementation of Errata i2310 Crescent Hsieh <crescentcy.hsieh(a)moxa.com> tty: serial: 8250: Fix port count mismatch with the device Doug Brown <doug(a)schmorgal.com> Revert "serial: core: only stop transmit when HW fifo is empty" Jos Wang <joswang(a)lenovo.com> usb: dwc3: core: Workaround for CSR read timeout Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: ucsi: stm32: fix command completion handling Ferry Toth <ftoth(a)exalondelft.nl> Revert "usb: gadget: u_ether: Replace netif_stop_queue with netif_device_detach" Ferry Toth <ftoth(a)exalondelft.nl> Revert "usb: gadget: u_ether: Re-attach netif device to mirror detachment" Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: ucsi: glink: fix child node release in probe function Jeremy Kerr <jk(a)codeconstruct.com.au> usb: gadget: aspeed_udc: fix device address configuration Meng Li <Meng.Li(a)windriver.com> usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: fix races against disable Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Alexander Sverdlin <alexander.sverdlin(a)siemens.com> iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug Dimitri Fedrau <dima.fedrau(a)gmail.com> iio: humidity: hdc3020: fix hysteresis representation Niklas Cassel <cassel(a)kernel.org> ata,scsi: libata-core: Do not leak memory for ata_port struct members Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: discard write requests while old command is running Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: don't erase registers after STOP Masahiro Yamada <masahiroy(a)kernel.org> kbuild: rpm-pkg: fix build error with CONFIG_MODULES=n Thayne Harbaugh <thayne(a)mastodonlabs.com> kbuild: Fix build target deb-pkg: ln: failed to create hard link Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates David Lechner <dlechner(a)baylibre.com> counter: ti-eqep: enable clock at probe Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix backchannel reply, again Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci-o2micro: Convert PCIBIOS_* return codes to errnos Linus Walleij <linus.walleij(a)linaro.org> Revert "mmc: moxart-mmc: Use sg_miter for PIO" Andrew Bresticker <abrestic(a)rivosinc.com> mm/memory: don't require head page for do_set_pmd() Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: fix incorrect vbq reference in purge_fragmented_block Andrey Konovalov <andreyknvl(a)gmail.com> kasan: fix bad call to unpoison_slab_object Christoph Hellwig <hch(a)lst.de> nfs: drop the incorrect assertion in nfs_swap_rw() Jan Kara <jack(a)suse.cz> ocfs2: fix DIO failure due to insufficient transaction credits Johan Hovold <johan+linaro(a)kernel.org> pinctrl: qcom: spmi-gpio: drop broken pm8008 support Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Revert "MIPS: pci: lantiq: restore reset gpio polarity" Arnd Bergmann <arnd(a)arndb.de> parisc: use generic sys_fanotify_mark implementation Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Kees Cook <kees(a)kernel.org> randomize_kstack: Remove non-functional per-arch entropy filtering David Arcari <darcari(a)redhat.com> tools/power turbostat: option '-n' is ambiguous Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Ignore reconfiguration without direction Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Fix GT feature enablement again Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Invalidate cache before removing device from domain list Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Introduce per device DTE update function Andy Chiu <andy.chiu(a)sifive.com> riscv: stacktrace: convert arch_stack_walk() to noinstr Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix pci state save during mode-1 reset Jesse Taube <jesse(a)rivosinc.com> RISC-V: fix vector insn load/store width mask NeilBrown <neilb(a)suse.de> nfsd: initialise nfsd_info.mutex early. Zenghui Yu <yuzenghui(a)huawei.com> arm64: Clear the initial ID map correctly before remapping Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Liu Ying <victor.liu(a)nxp.com> drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Hannes Reinecke <hare(a)kernel.org> nvmet: make 'tsas' attribute idempotent for RDMA Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Hannes Reinecke <hare(a)kernel.org> nvmet: do not return 'reserved' for empty TSAS values Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Check pat.ops before dumping PAT settings Erick Archer <erick.archer(a)outlook.com> drm/radeon/radeon_display: Decrease the size of allocated memory Stefan Berger <stefanb(a)linux.ibm.com> evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix NULL pointer dereference in gfs2_log_flush Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Do not allow a SVA domain to be set on the wrong PASID Tiezhu Yang <yangtiezhu(a)loongson.cn> irqchip/loongson: Select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP for IRQ_LOONGARCH_CPU Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Joachim Vandersmissen <git(a)jvdsn.com> crypto: ecdh - explicitly zeroize private_key Chia-Yuan Li <leo.li(a)realtek.com> wifi: rtw89: download firmware with five times retry Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Wenchao Hao <haowenchao2(a)huawei.com> RDMA/restrack: Fix potential invalid address access Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/xe_devcoredump: Check NULL before assignments Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode Anton Protopopov <aspsk(a)isovalent.com> bpf: Add a check for struct bpf_fib_lookup size Muhammad Ahmed <ahmed.ahmed(a)amd.com> drm/amd/display: Skip pipe if the pipe idx not set properly Johannes Berg <johannes.berg(a)intel.com> wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Sherry Wang <Yao.Wang1(a)amd.com> drm/amd/display: correct hostvm flag Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init Uros Bizjak <ubizjak(a)gmail.com> x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: Temporarily fail if control queue feature requested Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: validate block features only with block devices Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Fix potential integer overflow in page size calculation Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Christophe Leroy <christophe.leroy(a)csgroup.eu> bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() Christophe Leroy <christophe.leroy(a)csgroup.eu> bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() Ma Ke <make24(a)iscas.ac.cn> net: mana: Fix possible double free in error handling path Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix wrong ioctl(SIOCATMARK) when consumed OOB skb is at the head. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't stop recv() at consumed ex-OOB skb. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't stop recv(MSG_DONTWAIT) if consumed OOB skb is at the head. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Stop recv(MSG_PEEK) at consumed OOB skb. Yunseong Kim <yskelg(a)gmail.com> tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix missing MSB in MIDI2 SPP conversion Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO Shannon Nelson <shannon.nelson(a)amd.com> ionic: use dev_consume_skb_any outside of napi Arnd Bergmann <arnd(a)arndb.de> powerpc: restore some missing spu syscalls Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix wrong register write when masking interrupt Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages luoxuanqiang <luoxuanqiang(a)kylinos.cn> Fix race for duplicate reqsk on identical SYN Filipe Manana <fdmanana(a)suse.com> btrfs: use NOFS context when getting inodes during logging and log replay Jianguo Wu <wujianguo(a)chinatelecom.cn> netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n Chen-Yu Tsai <wenst(a)chromium.org> ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link Daniil Dulov <d.dulov(a)aladdin.ru> xdp: Remove WARN() from __xdp_reg_mem_model() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix may_goto with negative offset. Jan Sokolowski <jan.sokolowski(a)intel.com> ice: Rebuild TC queues on VSI queue reconfiguration Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: dsa: microchip: use collision based back pressure mode Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Free any outstanding tx skbs during scrq reset Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_xmit_one(). Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overrunning reservations in ringbuf Alexei Starovoitov <ast(a)kernel.org> bpf: Fix the corner case with may_goto and jump to the 1st insn. Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems Ido Schimmel <idosch(a)nvidia.com> mlxsw: pci: Fix driver initialization with Spectrum-4 Taehee Yoo <ap420073(a)gmail.com> ionic: fix kernel panic due to multi-buffer handling Hangbin Liu <liuhangbin(a)gmail.com> bonding: fix incorrect software timestamping report Xin Long <lucien.xin(a)gmail.com> openvswitch: get related ct labels from its master if it is not confirmed Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: move chip->flag variable assignment Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: add a null check for chip_pdev structure Alexei Starovoitov <ast(a)kernel.org> bpf: Fix remap of arena. Halil Pasic <pasic(a)linux.ibm.com> s390/virtio_ccw: Fix config change notifications Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Add missing virt_to_phys() for directed DIBV Yonghong Song <yonghong.song(a)linux.dev> bpf: Add missed var_off setting in coerce_subreg_to_size_sx() Yonghong Song <yonghong.song(a)linux.dev> bpf: Add missed var_off setting in set_sext32_default_val() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-lpass-dai: close graph on prepare errors Wenchao Hao <haowenchao22(a)gmail.com> workqueue: Increase worker desc's length to 32 Andrei Simion <andrei.simion(a)microchip.com> ASoC: atmel: atmel-classd: Re-add dai_link->platform to fix card init Hsin-Te Yuan <yuanhsinte(a)chromium.org> ASoC: mediatek: mt8183-da7219-max98357: Fix kcontrol name collision Alibek Omarov <a1ba.omarov(a)gmail.com> ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs42l43: Increase default type detect time and button delay Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: stm32: Calculate prescaler with a division instead of a loop Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: stm32: Fix for settings using period > UINT32_MAX Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: stm32: Improve precision of calculation in .apply() Martin Schiller <ms(a)dev.tdt.de> MIPS: pci: lantiq: restore reset gpio polarity Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: use dedicated pinctrl type for RK3328 Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER John Keeping <jkeeping(a)inmusicbrands.com> Input: ili210x - fix ili251x_read_touch_data() return value Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Use spin_{lock,unlock}_irq{save,restore} Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Ack also failed Get Error commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Never send a lone connector change ack ------------- Diffstat: Documentation/kbuild/modules.rst | 8 +- Makefile | 4 +- arch/arm/boot/dts/rockchip/rk3066a.dtsi | 1 + arch/arm/net/bpf_jit_32.c | 25 +- arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 18 +- arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 2 +- .../boot/dts/rockchip/rk3588-orangepi-5-plus.dts | 1 + .../arm64/boot/dts/rockchip/rk3588-quartzpro64.dts | 1 + arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 1 + arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 5 + arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 2 + arch/arm64/include/asm/unistd32.h | 2 +- arch/arm64/kernel/pi/map_kernel.c | 2 +- arch/arm64/kernel/syscall.c | 16 +- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/loongarch/net/bpf_jit.c | 22 +- arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/mips/net/bpf_jit_comp.c | 3 +- arch/parisc/Kconfig | 1 + arch/parisc/kernel/sys_parisc32.c | 9 - arch/parisc/kernel/syscalls/syscall.tbl | 6 +- arch/parisc/net/bpf_jit_core.c | 8 +- arch/powerpc/kernel/syscalls/syscall.tbl | 6 +- arch/riscv/include/asm/insn.h | 2 +- arch/riscv/kernel/stacktrace.c | 2 +- arch/s390/include/asm/entry-common.h | 2 +- arch/s390/kernel/syscalls/syscall.tbl | 2 +- arch/s390/net/bpf_jit_comp.c | 6 +- arch/s390/pci/pci_irq.c | 2 +- arch/sh/kernel/sys_sh32.c | 11 + arch/sh/kernel/syscalls/syscall.tbl | 3 +- arch/sparc/kernel/sys32.S | 221 -------------- arch/sparc/kernel/syscalls/syscall.tbl | 8 +- arch/sparc/net/bpf_jit_comp_64.c | 6 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/include/asm/entry-common.h | 15 +- arch/x86/kernel/fpu/core.c | 4 +- arch/x86/kernel/time.c | 20 +- arch/x86/net/bpf_jit_comp32.c | 3 +- crypto/ecdh.c | 2 + drivers/ata/ahci.c | 17 +- drivers/ata/libata-core.c | 32 +- drivers/counter/ti-eqep.c | 6 + drivers/cpufreq/intel_pstate.c | 13 +- drivers/cxl/core/core.h | 7 + drivers/cxl/core/hdm.c | 13 + drivers/cxl/core/memdev.c | 44 --- drivers/cxl/core/pmem.c | 16 +- drivers/cxl/core/region.c | 182 ++++++++++-- drivers/cxl/cxl.h | 6 +- drivers/cxl/cxlmem.h | 10 + drivers/cxl/mem.c | 17 +- drivers/gpio/gpio-davinci.c | 5 + drivers/gpio/gpiolib-cdev.c | 28 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c | 5 + .../display/dc/link/protocols/link_dp_capability.c | 10 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 2 +- drivers/gpu/drm/amd/display/include/dpcd_defs.h | 5 + drivers/gpu/drm/drm_fb_helper.c | 6 +- drivers/gpu/drm/drm_fbdev_dma.c | 5 +- drivers/gpu/drm/drm_file.c | 8 +- drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 + drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/panel/panel-simple.c | 1 + drivers/gpu/drm/radeon/radeon.h | 1 - drivers/gpu/drm/radeon/radeon_display.c | 8 +- drivers/gpu/drm/xe/xe_devcoredump.c | 10 +- drivers/gpu/drm/xe/xe_pat.c | 2 +- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 5 + drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 2 +- drivers/i2c/i2c-slave-testunit.c | 5 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad7266.c | 2 + drivers/iio/adc/xilinx-ams.c | 8 +- drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 +++- drivers/iio/humidity/hdc3020.c | 323 ++++++++++++++++----- drivers/infiniband/core/restrack.c | 51 +--- drivers/input/touchscreen/ili210x.c | 4 +- drivers/iommu/amd/amd_iommu.h | 1 + drivers/iommu/amd/init.c | 1 + drivers/iommu/amd/iommu.c | 34 ++- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 3 + drivers/irqchip/Kconfig | 2 +- drivers/irqchip/irq-loongson-eiointc.c | 5 +- drivers/irqchip/irq-loongson-liointc.c | 4 +- drivers/media/dvb-core/dvbdev.c | 2 +- drivers/mmc/host/moxart-mmc.c | 78 ++--- drivers/mmc/host/sdhci-brcmstb.c | 4 + drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci-pci-o2micro.c | 41 +-- drivers/mmc/host/sdhci.c | 25 +- drivers/mtd/parsers/redboot.c | 2 +- drivers/net/bonding/bond_main.c | 3 + drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 14 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 55 +++- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 + drivers/net/dsa/microchip/ksz9477.c | 10 +- drivers/net/dsa/microchip/ksz9477_reg.h | 1 + drivers/net/dsa/microchip/ksz_common.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/ibm/ibmvnic.c | 6 + drivers/net/ethernet/intel/ice/ice_main.c | 10 +- drivers/net/ethernet/mellanox/mlxsw/pci.c | 18 +- drivers/net/ethernet/mellanox/mlxsw/reg.h | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 20 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 2 + drivers/net/ethernet/pensando/ionic/ionic_dev.h | 4 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 55 ++-- drivers/net/phy/micrel.c | 1 + drivers/net/phy/sfp.c | 18 +- drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/vxlan/vxlan_core.c | 9 +- drivers/net/wireless/realtek/rtw89/fw.c | 27 +- drivers/nvme/target/configfs.c | 41 ++- drivers/nvme/target/fc.c | 2 +- drivers/pci/msi/msi.c | 10 +- drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 68 ++++- drivers/pinctrl/pinctrl-rockchip.h | 1 + drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 - drivers/pinctrl/renesas/pinctrl-rzg2l.c | 4 +- drivers/pwm/pwm-stm32.c | 62 ++-- drivers/reset/Kconfig | 1 + drivers/s390/virtio/virtio_ccw.c | 4 +- drivers/scsi/libsas/sas_ata.c | 6 +- drivers/scsi/libsas/sas_discover.c | 2 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/tty/mxser.c | 2 +- drivers/tty/serial/8250/8250_omap.c | 25 +- drivers/tty/serial/8250/8250_pci.c | 13 +- drivers/tty/serial/bcm63xx_uart.c | 7 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/mcf.c | 2 +- drivers/usb/atm/cxacru.c | 14 + drivers/usb/dwc3/core.c | 26 +- drivers/usb/gadget/function/f_printer.c | 40 ++- drivers/usb/gadget/function/u_ether.c | 4 +- drivers/usb/gadget/udc/aspeed_udc.c | 4 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/typec/ucsi/ucsi.c | 55 ++-- drivers/usb/typec/ucsi/ucsi_glink.c | 5 +- drivers/usb/typec/ucsi/ucsi_stm32g0.c | 19 +- drivers/vdpa/vdpa_user/vduse_dev.c | 14 +- fs/bcachefs/bcachefs.h | 44 +-- fs/bcachefs/btree_gc.c | 15 +- fs/bcachefs/btree_gc.h | 48 ++- fs/bcachefs/btree_gc_types.h | 29 ++ fs/bcachefs/ec.c | 2 +- fs/bcachefs/sb-downgrade.c | 17 +- fs/bcachefs/super-io.c | 12 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/tree-log.c | 43 ++- fs/gfs2/log.c | 3 +- fs/gfs2/super.c | 4 + fs/netfs/buffered_write.c | 12 +- fs/nfs/direct.c | 2 - fs/nfsd/nfsctl.c | 2 + fs/nfsd/nfssvc.c | 1 - fs/ocfs2/aops.c | 5 + fs/ocfs2/journal.c | 17 ++ fs/ocfs2/journal.h | 2 + fs/ocfs2/ocfs2_trace.h | 2 + fs/open.c | 4 +- include/linux/compat.h | 2 +- include/linux/filter.h | 10 +- include/linux/ieee80211.h | 2 +- include/linux/libata.h | 1 + include/linux/mmzone.h | 9 +- include/linux/nvme.h | 6 +- include/linux/serial_core.h | 21 +- include/linux/syscalls.h | 8 +- include/linux/workqueue.h | 2 +- include/net/inet_connection_sock.h | 2 +- include/net/netfilter/nf_tables.h | 5 + include/trace/events/qdisc.h | 2 +- include/uapi/asm-generic/unistd.h | 2 +- io_uring/io_uring.c | 4 +- kernel/bpf/arena.c | 16 +- kernel/bpf/core.c | 6 +- kernel/bpf/ringbuf.c | 31 +- kernel/bpf/verifier.c | 69 ++++- kernel/cpu.c | 11 +- kernel/sys_ni.c | 2 +- mm/kasan/common.c | 2 +- mm/memory.c | 3 +- mm/page_alloc.c | 9 +- mm/vmalloc.c | 21 +- net/batman-adv/originator.c | 27 ++ net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/filter.c | 3 + net/core/xdp.c | 4 +- net/dccp/ipv4.c | 7 +- net/dccp/ipv6.c | 7 +- net/ipv4/inet_connection_sock.c | 17 +- net/ipv4/tcp_input.c | 45 ++- net/iucv/iucv.c | 26 +- net/netfilter/nf_hooks_lwtunnel.c | 3 + net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_lookup.c | 3 +- net/openvswitch/conntrack.c | 7 +- net/sunrpc/svc.c | 5 +- net/unix/af_unix.c | 37 ++- scripts/Makefile.dtbinst | 2 +- scripts/Makefile.package | 2 +- scripts/package/kernel.spec | 8 +- security/integrity/evm/evm_main.c | 12 +- sound/core/seq/seq_ump_convert.c | 10 +- sound/pci/hda/patch_realtek.c | 3 + sound/soc/amd/acp/acp-i2s.c | 8 - sound/soc/amd/acp/acp-pci.c | 12 +- sound/soc/atmel/atmel-classd.c | 7 +- sound/soc/codecs/cs42l43-jack.c | 4 +- sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/mediatek/mt8183/mt8183-da7219-max98357.c | 10 +- sound/soc/mediatek/mt8195/mt8195-mt6359.c | 1 + sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 32 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 13 +- sound/synth/emux/soundfont.c | 17 +- tools/power/x86/turbostat/turbostat.c | 2 +- tools/testing/cxl/test/cxl.c | 4 + 234 files changed, 2103 insertions(+), 1184 deletions(-)

5 months, 3 weeks

15
238
0 0

[GIT PULL] Kselftest fixes for v6.10

by Mickaël Salaün

Hi Linus, This PR fixes a few kselftests [1]. This has been in linux-next for a week and rebased to add Mark Brown's Tested-by. The race condition found while writing this fix is not new and seems specific to UML's hostfs (I also tested against ext4 and btrfs without being able to trigger this issue). Feel free to take this PR if you see fit. Regards, Mickaël [1] https://lore.kernel.org/r/9341d4db-5e21-418c-bf9e-9ae2da7877e1@sirena.org.uk -- The following changes since commit f2661062f16b2de5d7b6a5c42a9a5c96326b8454: Linux 6.10-rc5 (2024-06-23 17:08:54 -0400) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/kselftest-fix-2024-07-04 for you to fetch changes up to 130e42806773013e9cf32d211922c935ae2df86c: selftests/harness: Fix tests timeout and race condition (2024-06-28 16:06:03 +0200) ---------------------------------------------------------------- Fix Kselftests timeout and race condition ---------------------------------------------------------------- Mickaël Salaün (1): selftests/harness: Fix tests timeout and race condition tools/testing/selftests/kselftest_harness.h | 43 ++++++++++++++++------------- 1 file changed, 24 insertions(+), 19 deletions(-)

5 months, 3 weeks

2
1
0 0

[PATCH v4 3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_hmac_session*(). Thus, address !chip->auth in tpm_buf_hmac_session*() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> # ppc Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v4: * Address: https://lore.kernel.org/linux-integrity/CAHk-=wiM=Cyw-07EkbAH66pE50VzJiT3bV… * Added tested-by from Michael Ellerman. v3: * Address: https://lore.kernel.org/linux-integrity/922603265d61011dbb23f18a04525ae973b… v2: * Use auth in place of chip->auth. --- drivers/char/tpm/tpm2-sessions.c | 186 ++++++++++++++++++------------- include/linux/tpm.h | 68 ++++------- 2 files changed, 130 insertions(+), 124 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index b3ed35e7ec00..2281d55df545 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -272,6 +272,110 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, } EXPORT_SYMBOL_GPL(tpm_buf_append_name); +/** + * tpm_buf_append_hmac_session() - Append a TPM session element + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @attributes: The session attributes + * @passphrase: The session authority (NULL if none) + * @passphrase_len: The length of the session authority (0 if none) + * + * This fills in a session structure in the TPM command buffer, except + * for the HMAC which cannot be computed until the command buffer is + * complete. The type of session is controlled by the @attributes, + * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the + * session won't terminate after tpm_buf_check_hmac_response(), + * TPM2_SA_DECRYPT which means this buffers first parameter should be + * encrypted with a session key and TPM2_SA_ENCRYPT, which means the + * response buffer's first parameter needs to be decrypted (confusing, + * but the defines are written from the point of view of the TPM). + * + * Any session appended by this command must be finalized by calling + * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect + * and the TPM will reject the command. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, + u8 attributes, u8 *passphrase, + int passphrase_len) +{ +#ifdef CONFIG_TCG_TPM2_HMAC + u8 nonce[SHA256_DIGEST_SIZE]; + struct tpm2_auth *auth; + u32 len; +#endif + + if (!tpm2_chip_auth(chip)) { + /* offset tells us where the sessions area begins */ + int offset = buf->handles * 4 + TPM_HEADER_SIZE; + u32 len = 9 + passphrase_len; + + if (tpm_buf_length(buf) != offset) { + /* not the first session so update the existing length */ + len += get_unaligned_be32(&buf->data[offset]); + put_unaligned_be32(len, &buf->data[offset]); + } else { + tpm_buf_append_u32(buf, len); + } + /* auth handle */ + tpm_buf_append_u32(buf, TPM2_RS_PW); + /* nonce */ + tpm_buf_append_u16(buf, 0); + /* attributes */ + tpm_buf_append_u8(buf, 0); + /* passphrase */ + tpm_buf_append_u16(buf, passphrase_len); + tpm_buf_append(buf, passphrase, passphrase_len); + return; + } + +#ifdef CONFIG_TCG_TPM2_HMAC + /* + * The Architecture Guide requires us to strip trailing zeros + * before computing the HMAC + */ + while (passphrase && passphrase_len > 0 && passphrase[passphrase_len - 1] == '\0') + passphrase_len--; + + auth = chip->auth; + auth->attrs = attributes; + auth->passphrase_len = passphrase_len; + if (passphrase_len) + memcpy(auth->passphrase, passphrase, passphrase_len); + + if (auth->session != tpm_buf_length(buf)) { + /* we're not the first session */ + len = get_unaligned_be32(&buf->data[auth->session]); + if (4 + len + auth->session != tpm_buf_length(buf)) { + WARN(1, "session length mismatch, cannot append"); + return; + } + + /* add our new session */ + len += 9 + 2 * SHA256_DIGEST_SIZE; + put_unaligned_be32(len, &buf->data[auth->session]); + } else { + tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); + } + + /* random number for our nonce */ + get_random_bytes(nonce, sizeof(nonce)); + memcpy(auth->our_nonce, nonce, sizeof(nonce)); + tpm_buf_append_u32(buf, auth->handle); + /* our new nonce */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); + tpm_buf_append_u8(buf, auth->attrs); + /* and put a placeholder for the hmac */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); +#endif +} +EXPORT_SYMBOL_GPL(tpm_buf_append_hmac_session); + #ifdef CONFIG_TCG_TPM2_HMAC static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, @@ -457,82 +561,6 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) crypto_free_kpp(kpp); } -/** - * tpm_buf_append_hmac_session() - Append a TPM session element - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @attributes: The session attributes - * @passphrase: The session authority (NULL if none) - * @passphrase_len: The length of the session authority (0 if none) - * - * This fills in a session structure in the TPM command buffer, except - * for the HMAC which cannot be computed until the command buffer is - * complete. The type of session is controlled by the @attributes, - * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the - * session won't terminate after tpm_buf_check_hmac_response(), - * TPM2_SA_DECRYPT which means this buffers first parameter should be - * encrypted with a session key and TPM2_SA_ENCRYPT, which means the - * response buffer's first parameter needs to be decrypted (confusing, - * but the defines are written from the point of view of the TPM). - * - * Any session appended by this command must be finalized by calling - * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect - * and the TPM will reject the command. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphrase_len) -{ - u8 nonce[SHA256_DIGEST_SIZE]; - u32 len; - struct tpm2_auth *auth = chip->auth; - - /* - * The Architecture Guide requires us to strip trailing zeros - * before computing the HMAC - */ - while (passphrase && passphrase_len > 0 - && passphrase[passphrase_len - 1] == '\0') - passphrase_len--; - - auth->attrs = attributes; - auth->passphrase_len = passphrase_len; - if (passphrase_len) - memcpy(auth->passphrase, passphrase, passphrase_len); - - if (auth->session != tpm_buf_length(buf)) { - /* we're not the first session */ - len = get_unaligned_be32(&buf->data[auth->session]); - if (4 + len + auth->session != tpm_buf_length(buf)) { - WARN(1, "session length mismatch, cannot append"); - return; - } - - /* add our new session */ - len += 9 + 2 * SHA256_DIGEST_SIZE; - put_unaligned_be32(len, &buf->data[auth->session]); - } else { - tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); - } - - /* random number for our nonce */ - get_random_bytes(nonce, sizeof(nonce)); - memcpy(auth->our_nonce, nonce, sizeof(nonce)); - tpm_buf_append_u32(buf, auth->handle); - /* our new nonce */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); - tpm_buf_append_u8(buf, auth->attrs); - /* and put a placeholder for the hmac */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); -} -EXPORT_SYMBOL(tpm_buf_append_hmac_session); - /** * tpm_buf_fill_hmac_session() - finalize the session HMAC * @chip: the TPM chip structure @@ -563,6 +591,9 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u8 cphash[SHA256_DIGEST_SIZE]; struct sha256_state sctx; + if (!auth) + return; + /* save the command code in BE format */ auth->ordinal = head->ordinal; @@ -721,6 +752,9 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, u32 cc = be32_to_cpu(auth->ordinal); int parm_len, len, i, handles; + if (!auth) + return rc; + if (auth->session >= TPM_HEADER_SIZE) { WARN(1, "tpm session not filled correctly\n"); goto out; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 4d3071e885a0..e93ee8d936a9 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -502,10 +502,6 @@ static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip) void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); - -#ifdef CONFIG_TCG_TPM2_HMAC - -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -515,9 +511,27 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, u8 *passphrase, int passphraselen) { - tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, - passphraselen); + struct tpm_header *head; + int offset; + + if (tpm2_chip_auth(chip)) { + tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen); + } else { + offset = buf->handles * 4 + TPM_HEADER_SIZE; + head = (struct tpm_header *)buf->data; + + /* + * If the only sessions are optional, the command tag must change to + * TPM2_ST_NO_SESSIONS. + */ + if (tpm_buf_length(buf) == offset) + head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); + } } + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc); @@ -532,48 +546,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphraselen) -{ - /* offset tells us where the sessions area begins */ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - u32 len = 9 + passphraselen; - - if (tpm_buf_length(buf) != offset) { - /* not the first session so update the existing length */ - len += get_unaligned_be32(&buf->data[offset]); - put_unaligned_be32(len, &buf->data[offset]); - } else { - tpm_buf_append_u32(buf, len); - } - /* auth handle */ - tpm_buf_append_u32(buf, TPM2_RS_PW); - /* nonce */ - tpm_buf_append_u16(buf, 0); - /* attributes */ - tpm_buf_append_u8(buf, 0); - /* passphrase */ - tpm_buf_append_u16(buf, passphraselen); - tpm_buf_append(buf, passphrase, passphraselen); -} -static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, - u8 *passphrase, - int passphraselen) -{ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - struct tpm_header *head = (struct tpm_header *) buf->data; - - /* - * if the only sessions are optional, the command tag - * must change to TPM2_ST_NO_SESSIONS - */ - if (tpm_buf_length(buf) == offset) - head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); -} static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) { -- 2.45.2

5 months, 3 weeks

1
0
0 0

[PATCH v4 2/3] tpm: Address !chip->auth in tpm_buf_append_name()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_append_name(). Thus, address !chip->auth in tpm_buf_append_name() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.10+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: d0a25bb961e6 ("tpm: Add HMAC session name/handle append") Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> # ppc Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v4: * Address: https://lore.kernel.org/linux-integrity/CAHk-=wiM=Cyw-07EkbAH66pE50VzJiT3bV… * Added tested-by from Michael Ellerman. v3: * Address: https://lore.kernel.org/linux-integrity/922603265d61011dbb23f18a04525ae973b… v2: * N/A --- drivers/char/tpm/Makefile | 2 +- drivers/char/tpm/tpm2-sessions.c | 219 +++++++++++++++++-------------- include/linux/tpm.h | 21 +-- 3 files changed, 131 insertions(+), 111 deletions(-) diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile index 4c695b0388f3..9bb142c75243 100644 --- a/drivers/char/tpm/Makefile +++ b/drivers/char/tpm/Makefile @@ -16,8 +16,8 @@ tpm-y += eventlog/common.o tpm-y += eventlog/tpm1.o tpm-y += eventlog/tpm2.o tpm-y += tpm-buf.o +tpm-y += tpm2-sessions.o -tpm-$(CONFIG_TCG_TPM2_HMAC) += tpm2-sessions.o tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o tpm-$(CONFIG_EFI) += eventlog/efi.o tpm-$(CONFIG_OF) += eventlog/of.o diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 2f1d96a5a5a7..b3ed35e7ec00 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -83,9 +83,6 @@ #define AES_KEY_BYTES AES_KEYSIZE_128 #define AES_KEY_BITS (AES_KEY_BYTES*8) -static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, - u32 *handle, u8 *name); - /* * This is the structure that carries all the auth information (like * session handle, nonces, session key and auth) from use to use it is @@ -148,6 +145,7 @@ struct tpm2_auth { u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; }; +#ifdef CONFIG_TCG_TPM2_HMAC /* * Name Size based on TPM algorithm (assumes no hash bigger than 255) */ @@ -163,6 +161,122 @@ static u8 name_size(const u8 *name) return size_map[alg] + 2; } +static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + off_t offset = TPM_HEADER_SIZE; + u32 tot_len = be32_to_cpu(head->length); + u32 val; + + /* we're starting after the header so adjust the length */ + tot_len -= TPM_HEADER_SIZE; + + /* skip public */ + val = tpm_buf_read_u16(buf, &offset); + if (val > tot_len) + return -EINVAL; + offset += val; + /* name */ + val = tpm_buf_read_u16(buf, &offset); + if (val != name_size(&buf->data[offset])) + return -EINVAL; + memcpy(name, &buf->data[offset], val); + /* forget the rest */ + return 0; +} + +static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) +{ + struct tpm_buf buf; + int rc; + + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); + if (rc) + return rc; + + tpm_buf_append_u32(&buf, handle); + rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); + if (rc == TPM2_RC_SUCCESS) + rc = tpm2_parse_read_public(name, &buf); + + tpm_buf_destroy(&buf); + + return rc; +} +#endif /* CONFIG_TCG_TPM2_HMAC */ + +/** + * tpm_buf_append_name() - add a handle area to the buffer + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @handle: The handle to be appended + * @name: The name of the handle (may be NULL) + * + * In order to compute session HMACs, we need to know the names of the + * objects pointed to by the handles. For most objects, this is simply + * the actual 4 byte handle or an empty buf (in these cases @name + * should be NULL) but for volatile objects, permanent objects and NV + * areas, the name is defined as the hash (according to the name + * algorithm which should be set to sha256) of the public area to + * which the two byte algorithm id has been appended. For these + * objects, the @name pointer should point to this. If a name is + * required but @name is NULL, then TPM2_ReadPublic() will be called + * on the handle to obtain the name. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, + u32 handle, u8 *name) +{ +#ifdef CONFIG_TCG_TPM2_HMAC + enum tpm2_mso_type mso = tpm2_handle_mso(handle); + struct tpm2_auth *auth; + int slot; +#endif + + if (!tpm2_chip_auth(chip)) { + tpm_buf_append_u32(buf, handle); + /* count the number of handles in the upper bits of flags */ + buf->handles++; + return; + } + +#ifdef CONFIG_TCG_TPM2_HMAC + slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; + if (slot >= AUTH_MAX_NAMES) { + dev_err(&chip->dev, "TPM: too many handles\n"); + return; + } + auth = chip->auth; + WARN(auth->session != tpm_buf_length(buf), + "name added in wrong place\n"); + tpm_buf_append_u32(buf, handle); + auth->session += 4; + + if (mso == TPM2_MSO_PERSISTENT || + mso == TPM2_MSO_VOLATILE || + mso == TPM2_MSO_NVRAM) { + if (!name) + tpm2_read_public(chip, handle, auth->name[slot]); + } else { + if (name) + dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); + } + + auth->name_h[slot] = handle; + if (name) + memcpy(auth->name[slot], name, name_size(name)); +#endif +} +EXPORT_SYMBOL_GPL(tpm_buf_append_name); + +#ifdef CONFIG_TCG_TPM2_HMAC + +static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, + u32 *handle, u8 *name); + /* * It turns out the crypto hmac(sha256) is hard for us to consume * because it assumes a fixed key and the TPM seems to change the key @@ -567,104 +681,6 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) } EXPORT_SYMBOL(tpm_buf_fill_hmac_session); -static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - off_t offset = TPM_HEADER_SIZE; - u32 tot_len = be32_to_cpu(head->length); - u32 val; - - /* we're starting after the header so adjust the length */ - tot_len -= TPM_HEADER_SIZE; - - /* skip public */ - val = tpm_buf_read_u16(buf, &offset); - if (val > tot_len) - return -EINVAL; - offset += val; - /* name */ - val = tpm_buf_read_u16(buf, &offset); - if (val != name_size(&buf->data[offset])) - return -EINVAL; - memcpy(name, &buf->data[offset], val); - /* forget the rest */ - return 0; -} - -static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) -{ - struct tpm_buf buf; - int rc; - - rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); - if (rc) - return rc; - - tpm_buf_append_u32(&buf, handle); - rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); - if (rc == TPM2_RC_SUCCESS) - rc = tpm2_parse_read_public(name, &buf); - - tpm_buf_destroy(&buf); - - return rc; -} - -/** - * tpm_buf_append_name() - add a handle area to the buffer - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @handle: The handle to be appended - * @name: The name of the handle (may be NULL) - * - * In order to compute session HMACs, we need to know the names of the - * objects pointed to by the handles. For most objects, this is simply - * the actual 4 byte handle or an empty buf (in these cases @name - * should be NULL) but for volatile objects, permanent objects and NV - * areas, the name is defined as the hash (according to the name - * algorithm which should be set to sha256) of the public area to - * which the two byte algorithm id has been appended. For these - * objects, the @name pointer should point to this. If a name is - * required but @name is NULL, then TPM2_ReadPublic() will be called - * on the handle to obtain the name. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name) -{ - enum tpm2_mso_type mso = tpm2_handle_mso(handle); - struct tpm2_auth *auth = chip->auth; - int slot; - - slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE)/4; - if (slot >= AUTH_MAX_NAMES) { - dev_err(&chip->dev, "TPM: too many handles\n"); - return; - } - WARN(auth->session != tpm_buf_length(buf), - "name added in wrong place\n"); - tpm_buf_append_u32(buf, handle); - auth->session += 4; - - if (mso == TPM2_MSO_PERSISTENT || - mso == TPM2_MSO_VOLATILE || - mso == TPM2_MSO_NVRAM) { - if (!name) - tpm2_read_public(chip, handle, auth->name[slot]); - } else { - if (name) - dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); - } - - auth->name_h[slot] = handle; - if (name) - memcpy(auth->name[slot], name, name_size(name)); -} -EXPORT_SYMBOL(tpm_buf_append_name); - /** * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness * @chip: the TPM chip structure @@ -1311,3 +1327,4 @@ int tpm2_sessions_init(struct tpm_chip *chip) return rc; } +#endif /* CONFIG_TCG_TPM2_HMAC */ diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 21a67dc9efe8..4d3071e885a0 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -490,11 +490,22 @@ static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) { } #endif + +static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip) +{ #ifdef CONFIG_TCG_TPM2_HMAC + return chip->auth; +#else + return NULL; +#endif +} -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -521,14 +532,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_name(struct tpm_chip *chip, - struct tpm_buf *buf, - u32 handle, u8 *name) -{ - tpm_buf_append_u32(buf, handle); - /* count the number of handles in the upper bits of flags */ - buf->handles++; -} static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, -- 2.45.2

5 months, 3 weeks

1
0
0 0

[PATCH v4 1/3] tpm: Address !chip->auth in tpm2_*_auth_session()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm2_*_auth_session(). Thus, address !chip->auth in tpm2_*_auth_session(). Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> # ppc Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v4: * Added tested-by from Michael Ellerman. v3: * No changes. v2: * Use dev_warn_once() instead of pr_warn_once(). --- drivers/char/tpm/tpm2-sessions.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 907ac9956a78..2f1d96a5a5a7 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -824,8 +824,13 @@ EXPORT_SYMBOL(tpm_buf_check_hmac_response); */ void tpm2_end_auth_session(struct tpm_chip *chip) { - tpm2_flush_context(chip, chip->auth->handle); - memzero_explicit(chip->auth, sizeof(*chip->auth)); + struct tpm2_auth *auth = chip->auth; + + if (!auth) + return; + + tpm2_flush_context(chip, auth->handle); + memzero_explicit(auth, sizeof(*auth)); } EXPORT_SYMBOL(tpm2_end_auth_session); @@ -907,6 +912,11 @@ int tpm2_start_auth_session(struct tpm_chip *chip) int rc; u32 null_key; + if (!auth) { + dev_warn_once(&chip->dev, "auth session is not active\n"); + return 0; + } + rc = tpm2_load_null(chip, &null_key); if (rc) goto out; -- 2.45.2

5 months, 3 weeks

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2024