July 2024 - Linux-stable-mirror

[PATCH 5.15 000/145] 5.15.163-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.163 release. There are 145 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Jul 2024 06:37:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.163-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.163-rc2 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Make ld-version.sh more robust against version string changes Alexandre Chartre <alexandre.chartre(a)oracle.com> x86/bhi: Avoid warning in #DB handler due to BHI mitigation Brian Gerst <brgerst(a)gmail.com> x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: avoid re-issued work after read message Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Geert Uytterhoeven <geert+renesas(a)glider.be> i2c: rcar: Add R-Car Gen4 support Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eduard Zingerman <eddyz87(a)gmail.com> bpf: Allow reads from uninit stack Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Audra Mitchell <audra(a)redhat.com> Fix userfaultfd_api to return EINVAL as expected Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Michał Kopeć <michal.kopec(a)3mdeb.com> ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: only change name to fram for current attribute Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks Joy Chakraborty <joychakr(a)google.com> nvmem: rmem: Fix return value of rmem_read() He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Satheesh Paul <psatheesh(a)marvell.com> octeontx2-af: fix issue with IPv4 match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: fix issue with IPv6 ext match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: extend RSS supported offload types Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Srujana Challa <schalla(a)marvell.com> octeontx2-af: fix a issue with cpt_lf_alloc mailbox Srujana Challa <schalla(a)marvell.com> octeontx2-af: update cpt lf alloc mailbox Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: replace cpt slot with lf id on reg write Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <linux(a)rempel-privat.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Jian Hui Lee <jianhui.lee(a)canonical.com> net: ethernet: mtk-star-emac: set mac_managed_pm when probing Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Michal Kubiak <michal.kubiak(a)intel.com> i40e: Fix XDP program unloading while removing the driver Hugh Dickins <hughd(a)google.com> net: fix rc7's __skb_datagram_iter() Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Geliang Tang <tanggeliang(a)kylinos.cn> skmsg: Skip zero length skb in sk_msg_recvmsg Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Damien Le Moal <dlemoal(a)kernel.org> null_blk: Do not allow runt zone with zone capacity smaller then zone size Edward Adam Davis <eadavis(a)qq.com> nfc/nci: Add the inconsistency check between the input data length and count Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Jim Wylder <jwylder(a)google.com> regmap-i2c: Subtract reg size from max_write Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Fedor Pchelkin <pchelkin(a)ispras.ru> dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Mark volume as dirty if xattr is broken Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow GUO Zihua <guozihua(a)huawei.com> ima: Avoid blocking in RCU read-side critical section Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Val Packett <val(a)packett.cool> mtd: rawnand: rockchip: ensure NVDDR timings are rejected Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure ECC configuration is propagated to upper layers Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: fix adding block group to a reclaim list and the unused list during reclaim Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Sasha Neftin <sasha.neftin(a)intel.com> Revert "igc: fix a log entry using uninitialized netdev" Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: add polarity quirk for TSC2005 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: add a quirk for reset line polarity for Himax LCDs Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: factor out code overriding gpio line polarity Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: unconditionally flush pending work before notifier Song Shuai <songshuaishuai(a)tinylab.org> riscv: kexec: Avoid deadlock in kexec crash path Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Sagi Grimberg <sagi(a)grimberg.me> net: allow skb_datagram_iter to be called from any context Dima Ruinskiy <dima.ruinskiy(a)intel.com> e1000e: Fix S0ix residency on corporate systems Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: fix LPSWEY handling Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Len Brown <len.brown(a)intel.com> tools/power turbostat: Remember global max_die_id Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Corinna Vinschen <vinschen(a)redhat.com> igc: fix a log entry using uninitialized netdev Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Felix Fietkau <nbd(a)nbd.name> wifi: mt76: replace skb_put with skb_put_zero Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove George Stark <gnstark(a)salutedevices.com> locking/mutex: Introduce devm_mutex_init() Heiko Carstens <hca(a)linux.ibm.com> Compiler Attributes: Add __uninitialized macro ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- arch/riscv/kernel/machine_kexec.c | 10 +- arch/s390/include/asm/kvm_host.h | 1 + arch/s390/include/asm/processor.h | 2 +- arch/s390/kvm/kvm-s390.c | 1 + arch/s390/kvm/kvm-s390.h | 15 ++ arch/s390/kvm/priv.c | 32 ++++ arch/x86/entry/entry_64.S | 19 +- arch/x86/entry/entry_64_compat.S | 14 +- crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/base/regmap/regmap-i2c.c | 3 +- drivers/block/null_blk/zoned.c | 11 ++ drivers/bluetooth/hci_qca.c | 18 +- drivers/char/hpet.c | 34 +++- drivers/clk/qcom/gcc-sm6350.c | 10 +- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpio/gpiolib-of.c | 92 +++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 +---- drivers/i2c/busses/i2c-rcar.c | 66 ++++--- drivers/i2c/i2c-core-base.c | 1 + drivers/i2c/i2c-slave-testunit.c | 7 + drivers/infiniband/core/user_mad.c | 21 +- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 +- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++----- drivers/media/usb/s2255/s2255drv.c | 20 +- drivers/mtd/nand/raw/nand_base.c | 66 ++++--- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 +- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 132 ++++++------- drivers/net/ethernet/intel/i40e/i40e_main.c | 9 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 10 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 33 +++- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 67 ++++++- drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 + drivers/net/ethernet/micrel/ks8851_common.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/nfc/virtual_ncidev.c | 4 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 + drivers/nvmem/core.c | 5 +- drivers/nvmem/meson-efuse.c | 14 +- drivers/nvmem/rmem.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/qedf/qedf_io.c | 6 +- drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/mos7840.c | 45 +++++ drivers/usb/serial/option.c | 38 ++++ fs/btrfs/block-group.c | 13 +- fs/dcache.c | 12 +- fs/jffs2/super.c | 1 + fs/locks.c | 2 +- fs/nilfs2/alloc.c | 18 +- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/ntfs3/xattr.c | 5 +- fs/orangefs/super.c | 3 +- fs/userfaultfd.c | 7 +- include/linux/compiler_attributes.h | 12 ++ include/linux/fsnotify.h | 8 +- include/linux/lsm_hook_defs.h | 2 +- include/linux/mmzone.h | 3 +- include/linux/mutex.h | 27 +++ include/linux/security.h | 5 +- kernel/auditfilter.c | 5 +- kernel/bpf/verifier.c | 11 +- kernel/dma/map_benchmark.c | 3 + kernel/exit.c | 2 + kernel/locking/mutex-debug.c | 12 ++ lib/kunit/try-catch.c | 3 +- mm/page-writeback.c | 32 +++- net/ceph/mon_client.c | 14 +- net/core/datagram.c | 20 +- net/core/skmsg.c | 3 +- net/ethtool/linkstate.c | 41 ++-- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 13 +- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/ipv6/addrconf.c | 9 +- net/ipv6/ip6_input.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/netfilter/nf_tables_api.c | 3 +- net/sched/act_ct.c | 8 + net/sctp/socket.c | 7 +- scripts/ld-version.sh | 8 +- scripts/link-vmlinux.sh | 2 +- security/apparmor/audit.c | 6 +- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 +- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 5 +- security/smack/smack_lsm.c | 4 +- sound/pci/hda/patch_realtek.c | 13 ++ tools/lib/bpf/bpf_core_read.h | 1 + tools/power/x86/turbostat/turbostat.c | 10 +- .../selftests/bpf/progs/test_global_func10.c | 9 +- tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../selftests/bpf/verifier/helper_access_var_len.c | 104 ++++++---- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- tools/testing/selftests/bpf/verifier/spill_fill.c | 211 +++++++++++++++++++++ tools/testing/selftests/bpf/verifier/var_off.c | 52 ----- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 146 files changed, 1585 insertions(+), 616 deletions(-)

5 months, 3 weeks

8
7
0 0

[PATCH v4 1/4] drm/vmwgfx: Fix a deadlock in dma buf fence polling

by Zack Rusin

Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 2298e804e96e ("drm/vmwgfx: rework to new fence interface, v2") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.2+ --- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 5efc6a766f64..588d50ababf6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -32,7 +32,6 @@ #define VMW_FENCE_WRAP (1 << 31) struct vmw_fence_manager { - int num_fence_objects; struct vmw_private *dev_priv; spinlock_t lock; struct list_head fence_list; @@ -124,13 +123,13 @@ static void vmw_fence_obj_destroy(struct dma_fence *f) { struct vmw_fence_obj *fence = container_of(f, struct vmw_fence_obj, base); - struct vmw_fence_manager *fman = fman_from_fence(fence); - spin_lock(&fman->lock); - list_del_init(&fence->head); - --fman->num_fence_objects; - spin_unlock(&fman->lock); + if (!list_empty(&fence->head)) { + spin_lock(&fman->lock); + list_del_init(&fence->head); + spin_unlock(&fman->lock); + } fence->destroy(fence); } @@ -257,7 +256,6 @@ static const struct dma_fence_ops vmw_fence_ops = { .release = vmw_fence_obj_destroy, }; - /* * Execute signal actions on fences recently signaled. * This is done from a workqueue so we don't have to execute @@ -355,7 +353,6 @@ static int vmw_fence_obj_init(struct vmw_fence_manager *fman, goto out_unlock; } list_add_tail(&fence->head, &fman->fence_list); - ++fman->num_fence_objects; out_unlock: spin_unlock(&fman->lock); @@ -403,7 +400,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, u32 passed_seqno) { u32 goal_seqno; - struct vmw_fence_obj *fence; + struct vmw_fence_obj *fence, *next_fence; if (likely(!fman->seqno_valid)) return false; @@ -413,7 +410,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, return false; fman->seqno_valid = false; - list_for_each_entry(fence, &fman->fence_list, head) { + list_for_each_entry_safe(fence, next_fence, &fman->fence_list, head) { if (!list_empty(&fence->seq_passed_actions)) { fman->seqno_valid = true; vmw_fence_goal_write(fman->dev_priv, -- 2.43.0

5 months, 3 weeks

1
0
0 0

[PATCH v2] drm/amd/amdgpu: Fix uninitialized variable warnings

by Ma Ke

Return 0 to avoid returning an uninitialized variable r. Cc: stable(a)vger.kernel.org Fixes: 230dd6bb6117 ("drm/amd/amdgpu: implement mode2 reset on smu_v13_0_10") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line. --- drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c b/drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c index 04c797d54511..0af648931df5 100644 --- a/drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c +++ b/drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c @@ -91,7 +91,7 @@ static int smu_v13_0_10_mode2_suspend_ip(struct amdgpu_device *adev) adev->ip_blocks[i].status.hw = false; } - return r; + return 0; } static int -- 2.25.1

5 months, 3 weeks

2
1
0 0

[PATCH v3] drm/amdgpu: fix a possible null pointer dereference

by Ma Ke

In amdgpu_connector_add_common_modes(), the return value of drm_cvt_mode() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_cvt_mode(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added Cc stable line. Changes in v2: - modified the patch according to suggestions; - added Fixes line. --- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c index 9caba10315a8..25b51b600f6f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c @@ -458,6 +458,9 @@ static void amdgpu_connector_add_common_modes(struct drm_encoder *encoder, continue; mode = drm_cvt_mode(dev, common_modes[i].w, common_modes[i].h, 60, false, false, false); + if (!mode) + return; + drm_mode_probed_add(connector, mode); } } -- 2.25.1

5 months, 3 weeks

2
1
0 0

[PATCH v3] EDAC/versal: Fix possible null pointer dereference in emif_get_id()

by Ma Ke

In emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: 6f15b178cd63 ("EDAC/versal: Add a Xilinx Versal memory controller driver") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added Cc stable line. Changes in v2: - fixed the typo according to suggestions. --- drivers/edac/versal_edac.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/edac/versal_edac.c b/drivers/edac/versal_edac.c index a556d23e8261..7aa9468acd53 100644 --- a/drivers/edac/versal_edac.c +++ b/drivers/edac/versal_edac.c @@ -1053,6 +1053,9 @@ static u32 emif_get_id(struct device_node *node) const __be32 *addrp; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, xlnx_edac_match) { -- 2.25.1

5 months, 3 weeks

2
1
0 0

[PATCH v2] drm/radeon: fix null pointer dereference in radeon_add_common_modes

by Ma Ke

In radeon_add_common_modes(), the return value of drm_cvt_mode() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_cvt_mode(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: d50ba256b5f1 ("drm/kms: start adding command line interface using fb.") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added a blank line; - added Cc line. --- drivers/gpu/drm/radeon/radeon_connectors.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c index b84b58926106..37c56c16af8d 100644 --- a/drivers/gpu/drm/radeon/radeon_connectors.c +++ b/drivers/gpu/drm/radeon/radeon_connectors.c @@ -520,6 +520,9 @@ static void radeon_add_common_modes(struct drm_encoder *encoder, struct drm_conn continue; mode = drm_cvt_mode(dev, common_modes[i].w, common_modes[i].h, 60, false, false, false); + if (!mode) + continue; + drm_mode_probed_add(connector, mode); } } -- 2.25.1

5 months, 3 weeks

2
1
0 0

[PATCH v2] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..6f3da8d99eab 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,6 +207,9 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, ti_edac_of_match) { @@ -214,6 +217,9 @@ static int _emif_get_id(struct device_node *node) continue; addrp = of_get_address(np, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + addr = (u32)of_translate_address(np, addrp); edac_printk(KERN_INFO, EDAC_MOD_NAME, -- 2.25.1

5 months, 3 weeks

1
0
0 0

[PATCH RESEND] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..d6bf0eebeb41 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (!sdram_addr) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

5 months, 3 weeks

1
0
0 0

[PATCH v2] drm/qxl: fix null pointer dereference in qxl_add_mode

by Ma Ke

In qxl_add_mode(), the return value of drm_cvt_mode() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_cvt_mode(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 1b043677d4be ("drm/qxl: add qxl_add_mode helper function") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added a blank line; - added Cc line. --- drivers/gpu/drm/qxl/qxl_display.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c index c6d35c33d5d6..c371ee59ab07 100644 --- a/drivers/gpu/drm/qxl/qxl_display.c +++ b/drivers/gpu/drm/qxl/qxl_display.c @@ -236,6 +236,9 @@ static int qxl_add_mode(struct drm_connector *connector, return 0; mode = drm_cvt_mode(dev, width, height, 60, false, false, false); + if (!mode) + return -ENOMEM; + if (preferred) mode->type |= DRM_MODE_TYPE_PREFERRED; mode->hdisplay = width; -- 2.25.1

5 months, 3 weeks

1
0
0 0

[PATCH v2 RESEND] drm/client: fix null pointer dereference in drm_client_modeset_probe

by Ma Ke

In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added the recipient's email address, due to the prolonged absence of a response from the recipients. - added Cc stable. --- drivers/gpu/drm/drm_client_modeset.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 31af5cf37a09..cca37b225385 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -880,6 +880,9 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, kfree(modeset->mode); modeset->mode = drm_mode_duplicate(dev, mode); + if (!modeset->mode) + continue; + drm_connector_get(connector); modeset->connectors[modeset->num_connectors++] = connector; modeset->x = offset->x; -- 2.25.1

5 months, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2024