August 2024 - Linux-stable-mirror

[PATCH v2] scsi: fix the return value of scsi_logical_block_count

by Chaotian Jing

scsi_logical_block_count() should return the block count of scsi device, but the original code has a wrong implement. Cc: stable(a)vger.kernel.org Fixes: 6a20e21ae1e2 ("scsi: core: Add helper to return number of logical blocks in a request") Signed-off-by: Chaotian Jing <chaotian.jing(a)mediatek.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- include/scsi/scsi_cmnd.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h index 45c40d200154..8ecfb94049db 100644 --- a/include/scsi/scsi_cmnd.h +++ b/include/scsi/scsi_cmnd.h @@ -234,7 +234,7 @@ static inline sector_t scsi_get_lba(struct scsi_cmnd *scmd) static inline unsigned int scsi_logical_block_count(struct scsi_cmnd *scmd) { - unsigned int shift = ilog2(scmd->device->sector_size) - SECTOR_SHIFT; + unsigned int shift = ilog2(scmd->device->sector_size); return blk_rq_bytes(scsi_cmd_to_rq(scmd)) >> shift; } -- 2.46.0

4 months, 3 weeks

2
1
0 0

[PATCH v2 1/2] usb: dwc3: omap: add missing depopulate in probe error path

by Krzysztof Kozlowski

Depopulate device in probe error paths to fix leak of children resources. Fixes: ee249b455494 ("usb: dwc3: omap: remove IRQ_NOAUTOEN used with shared irq") Cc: stable(a)vger.kernel.org Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v2: 1. Add Ack --- drivers/usb/dwc3/dwc3-omap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/dwc3-omap.c b/drivers/usb/dwc3/dwc3-omap.c index d5c77db4daa9..2a11fc0ee84f 100644 --- a/drivers/usb/dwc3/dwc3-omap.c +++ b/drivers/usb/dwc3/dwc3-omap.c @@ -522,11 +522,13 @@ static int dwc3_omap_probe(struct platform_device *pdev) if (ret) { dev_err(dev, "failed to request IRQ #%d --> %d\n", omap->irq, ret); - goto err1; + goto err2; } dwc3_omap_enable_irqs(omap); return 0; +err2: + of_platform_depopulate(dev); err1: pm_runtime_put_sync(dev); pm_runtime_disable(dev); -- 2.43.0

4 months, 3 weeks

2
2
0 0

+ kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug=y.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y has been added to the -mm mm-hotfixes-unstable branch. Its filename is kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug=y.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Petr Tesarik <ptesarik(a)suse.com> Subject: kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y Date: Mon, 5 Aug 2024 17:07:50 +0200 Fix the condition to exclude the elfcorehdr segment from the SHA digest calculation. The j iterator is an index into the output sha_regions[] array, not into the input image->segment[] array. Once it reaches image->elfcorehdr_index, all subsequent segments are excluded. Besides, if the purgatory segment precedes the elfcorehdr segment, the elfcorehdr may be wrongly included in the calculation. Link: https://lkml.kernel.org/r/20240805150750.170739-1-petr.tesarik@suse.com Fixes: f7cc804a9fd4 ("kexec: exclude elfcorehdr from the segment digest") Signed-off-by: Petr Tesarik <ptesarik(a)suse.com> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Eric Biederman <ebiederm(a)xmission.com> Cc: Hari Bathini <hbathini(a)linux.ibm.com> Cc: Sourabh Jain <sourabhjain(a)linux.ibm.com> Cc: Eric DeVolder <eric_devolder(a)yahoo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kexec_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/kexec_file.c~kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug=y +++ a/kernel/kexec_file.c @@ -752,7 +752,7 @@ static int kexec_calculate_store_digests #ifdef CONFIG_CRASH_HOTPLUG /* Exclude elfcorehdr segment to allow future changes via hotplug */ - if (j == image->elfcorehdr_index) + if (i == image->elfcorehdr_index) continue; #endif _ Patches currently in -mm which might be from ptesarik(a)suse.com are kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug=y.patch

4 months, 3 weeks

1
0
0 0

[PATCH 6.1 00/38] 6.1.106-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.106 release. There are 38 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 17 Aug 2024 13:18:17 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.106-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.106-rc1 Will Deacon <will(a)kernel.org> KVM: arm64: Don't pass a TLBI level hint when zapping table entries Eric Dumazet <edumazet(a)google.com> wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values Waiman Long <longman(a)redhat.com> cgroup: Move rcu_head up near the top of cgroup_root Kees Cook <kees(a)kernel.org> binfmt_flat: Fix corruption when not offsetting data start Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gem: Adjust vma offset for framebuffer mmap offset Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915: Fix a NULL vs IS_ERR() bug Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Add a function to mmap framebuffer obj Yafang Shao <laoar.shao(a)gmail.com> cgroup: Make operations on the cgroup root_list RCU safe Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fully established after ADD_ADDR echo on MPJ WangYuli <wangyuli(a)uniontech.com> nvme/pci: Add APST quirk for Lenovo N60z laptop Josef Bacik <josef(a)toxicpanda.com> nfsd: make svc_stat per-network namespace instead of global Josef Bacik <josef(a)toxicpanda.com> nfsd: remove nfsd_stats, make th_cnt a global counter Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Josef Bacik <josef(a)toxicpanda.com> sunrpc: use the struct net as the svc proc private Josef Bacik <josef(a)toxicpanda.com> sunrpc: remove ->pg_stats from svc_program Josef Bacik <josef(a)toxicpanda.com> sunrpc: pass in the sv_stats struct through svc_create_pooled Josef Bacik <josef(a)toxicpanda.com> nfsd: stop setting ->pg_stats for unused stats Josef Bacik <josef(a)toxicpanda.com> sunrpc: don't change ->sv_stats if it doesn't exist Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix frame size warning in svc_export_parse() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rewrite synopsis of nfsd_percpu_counters_init() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor the duplicate reply cache shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace nfsd_prune_bucket() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename nfsd_reply_cache_alloc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_reply_cache_free_locked() Jeff Layton <jlayton(a)kernel.org> nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Jeff Layton <jlayton(a)kernel.org> nfsd: move reply cache initialization into nfsd startup Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h Kees Cook <kees(a)kernel.org> exec: Fix ToCToU between perm check and set-uid/gid usage Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Fix route memory corruption Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Clean up route loading Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: test both signal & subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: don't try to create sf if alloc failed Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reduce indentation blocks Geliang Tang <geliang.tang(a)suse.com> mptcp: pass addr to mptcp_pm_alloc_anno_list ------------- Diffstat: Makefile | 4 +- arch/arm64/kvm/hyp/pgtable.c | 10 +- arch/loongarch/include/uapi/asm/unistd.h | 1 + drivers/gpu/drm/i915/gem/i915_gem_mman.c | 192 ++++++++++++++++------ drivers/gpu/drm/i915/gem/i915_gem_mman.h | 2 +- drivers/nvme/host/pci.c | 7 + fs/binfmt_flat.c | 4 +- fs/exec.c | 8 +- fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfsd/export.c | 32 ++-- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfscache.c | 201 ++++++++++++++---------- fs/nfsd/nfsctl.c | 24 ++- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 24 +-- fs/nfsd/stats.c | 52 +++--- fs/nfsd/stats.h | 83 ++++------ fs/nfsd/trace.h | 22 +++ fs/nfsd/vfs.c | 6 +- include/linux/cgroup-defs.h | 7 +- include/linux/sunrpc/svc.h | 5 +- kernel/cgroup/cgroup-internal.h | 3 +- kernel/cgroup/cgroup.c | 23 ++- net/mptcp/options.c | 3 +- net/mptcp/pm_netlink.c | 49 +++--- net/mptcp/pm_userspace.c | 2 +- net/mptcp/protocol.h | 2 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 36 +++-- net/wireless/nl80211.c | 6 +- sound/soc/soc-topology.c | 32 +--- tools/testing/selftests/net/mptcp/mptcp_join.sh | 14 ++ 36 files changed, 555 insertions(+), 346 deletions(-)

4 months, 3 weeks

8
45
0 0

[PATCH 6.6 00/67] 6.6.47-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.47 release. There are 67 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 17 Aug 2024 13:18:17 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.47-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.47-rc1 Will Deacon <will(a)kernel.org> KVM: arm64: Don't pass a TLBI level hint when zapping table entries Will Deacon <will(a)kernel.org> KVM: arm64: Don't defer TLB invalidation when zapping table entries Waiman Long <longman(a)redhat.com> cgroup: Move rcu_head up near the top of cgroup_root Peter Xu <peterx(a)redhat.com> mm/debug_vm_pgtable: drop RANDOM_ORVALUE trick Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Revert "Input: bcm5974 - check endpoint type before starting traffic" Dave Kleikamp <dave.kleikamp(a)oracle.com> Revert "jfs: fix shift-out-of-bounds in dbJoin" Kees Cook <kees(a)kernel.org> binfmt_flat: Fix corruption when not offsetting data start Takashi Iwai <tiwai(a)suse.de> ALSA: usb: Fix UBSAN warning in parse_audio_unit() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do copy_to_user out of run_lock Pei Li <peili.dev(a)gmail.com> jfs: Fix shift-out-of-bounds in dbDiscardAG Edward Adam Davis <eadavis(a)qq.com> jfs: fix null ptr deref in dtInsertEntry Willem de Bruijn <willemb(a)google.com> fou: remove warn in gue_gro_receive on unsupported protocol Chao Yu <chao(a)kernel.org> f2fs: fix to cover read extent cache access with lock Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC yunshui <jiangyunshui(a)kylinos.cn> bpf, net: Use DEV_STAT_INC() Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: sanity check for NULL pointer after ext4_force_shutdown Matthew Wilcox (Oracle) <willy(a)infradead.org> ext4: convert ext4_da_do_write_end() to take a folio Eric Dumazet <edumazet(a)google.com> wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values Peter Xu <peterx(a)redhat.com> mm/page_table_check: support userfault wr-protect entries Jan Kara <jack(a)suse.cz> ext4: do not create EA inode under buffer lock Jan Kara <jack(a)suse.cz> ext4: fold quota accounting into ext4_xattr_inode_lookup_create() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: Fix not validating setsockopt user input Eric Dumazet <edumazet(a)google.com> nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Dumazet <edumazet(a)google.com> net: add copy_safe_from_sockptr() helper Eric Dumazet <edumazet(a)google.com> mISDN: fix MISDN_TIME_STAMP handling Gustavo A. R. Silva <gustavoars(a)kernel.org> fs: Annotate struct file_handle with __counted_by() and use struct_size() Alexei Starovoitov <ast(a)kernel.org> bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie. Kees Cook <keescook(a)chromium.org> bpf: Replace bpf_lpm_trie_key 0-length array with flexible array Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> pppoe: Fix memory leak in pppoe_sendmsg() Dmitry Antipov <dmantipov(a)yandex.ru> net: sctp: fix skb leak in sctp_inq_free() Allison Henderson <allison.henderson(a)oracle.com> net:rds: Fix possible deadlock in rds_message_put Jan Kara <jack(a)suse.cz> quota: Detect loops in quota tree Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Input: bcm5974 - check endpoint type before starting traffic John Fastabend <john.fastabend(a)gmail.com> net: tls, add test to capture error on large splice Gao Xiang <xiang(a)kernel.org> erofs: avoid debugging output for (de)compressed data Edward Adam Davis <eadavis(a)qq.com> reiserfs: fix uninit-value in comp_keys Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix variable overflow triggered by sysbot Lizhi Xu <lizhi.xu(a)windriver.com> squashfs: squashfs_read_data need to check if the length is 0 Manas Ghandat <ghandatmanas(a)gmail.com> jfs: fix shift-out-of-bounds in dbJoin Jakub Kicinski <kuba(a)kernel.org> net: don't dump stack on queue timeout Lizhi Xu <lizhi.xu(a)windriver.com> jfs: fix log->bdev_handle null ptr deref in lbmStartIO Jan Kara <jack(a)suse.cz> jfs: Convert to bdev_open_by_dev() Jan Kara <jack(a)suse.cz> fs: Convert to bdev_open_by_dev() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix change_address deadlock during unregister Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: take wiphy lock for MAC addr change Eric Dumazet <edumazet(a)google.com> tcp_metrics: optimize tcp_metrics_flush_all() Yafang Shao <laoar.shao(a)gmail.com> cgroup: Make operations on the cgroup root_list RCU safe Dongli Zhang <dongli.zhang(a)oracle.com> genirq/cpuhotplug: Retry with cpu_online_mask when migration fails David Stevens <stevensd(a)chromium.org> genirq/cpuhotplug: Skip suspended interrupts when restoring affinity WangYuli <wangyuli(a)uniontech.com> nvme/pci: Add APST quirk for Lenovo N60z laptop Yang Shi <yang(a)os.amperecomputing.com> mm: gup: stop abusing try_grab_folio Josef Bacik <josef(a)toxicpanda.com> nfsd: make svc_stat per-network namespace instead of global Josef Bacik <josef(a)toxicpanda.com> nfsd: remove nfsd_stats, make th_cnt a global counter Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Josef Bacik <josef(a)toxicpanda.com> sunrpc: use the struct net as the svc proc private Josef Bacik <josef(a)toxicpanda.com> sunrpc: remove ->pg_stats from svc_program Josef Bacik <josef(a)toxicpanda.com> sunrpc: pass in the sv_stats struct through svc_create_pooled Josef Bacik <josef(a)toxicpanda.com> nfsd: stop setting ->pg_stats for unused stats Josef Bacik <josef(a)toxicpanda.com> sunrpc: don't change ->sv_stats if it doesn't exist Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix frame size warning in svc_export_parse() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rewrite synopsis of nfsd_percpu_counters_init() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Fix route memory corruption Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Clean up route loading Kees Cook <kees(a)kernel.org> exec: Fix ToCToU between perm check and set-uid/gid usage ------------- Diffstat: Documentation/bpf/map_lpm_trie.rst | 2 +- Documentation/mm/page_table_check.rst | 9 +- Makefile | 4 +- arch/arm64/kvm/hyp/pgtable.c | 12 +- arch/loongarch/include/uapi/asm/unistd.h | 1 + arch/x86/include/asm/pgtable.h | 18 +- drivers/isdn/mISDN/socket.c | 10 +- drivers/net/ppp/pppoe.c | 23 +-- drivers/nvme/host/pci.c | 7 + fs/binfmt_flat.c | 4 +- fs/buffer.c | 2 + fs/cramfs/inode.c | 2 +- fs/erofs/decompressor.c | 8 +- fs/exec.c | 8 +- fs/ext4/inode.c | 24 ++- fs/ext4/xattr.c | 155 +++++++------- fs/f2fs/extent_cache.c | 50 ++--- fs/f2fs/f2fs.h | 2 +- fs/f2fs/gc.c | 10 + fs/f2fs/inode.c | 10 +- fs/fhandle.c | 6 +- fs/jfs/jfs_dmap.c | 2 + fs/jfs/jfs_dtree.c | 2 + fs/jfs/jfs_logmgr.c | 33 +-- fs/jfs/jfs_logmgr.h | 2 +- fs/jfs/jfs_mount.c | 3 +- fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfsd/cache.h | 2 - fs/nfsd/export.c | 32 ++- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfs4state.c | 3 +- fs/nfsd/nfscache.c | 40 +--- fs/nfsd/nfsctl.c | 16 +- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 14 +- fs/nfsd/stats.c | 54 ++--- fs/nfsd/stats.h | 88 +++----- fs/nfsd/vfs.c | 6 +- fs/ntfs3/frecord.c | 75 ++++++- fs/quota/quota_tree.c | 128 +++++++++--- fs/quota/quota_v2.c | 15 +- fs/reiserfs/stree.c | 2 +- fs/romfs/super.c | 2 +- fs/squashfs/block.c | 2 +- fs/squashfs/file.c | 3 +- fs/squashfs/file_direct.c | 6 +- fs/super.c | 15 +- include/linux/cgroup-defs.h | 7 +- include/linux/fs.h | 3 +- include/linux/sockptr.h | 25 +++ include/linux/sunrpc/svc.h | 5 +- include/uapi/linux/bpf.h | 19 +- kernel/bpf/lpm_trie.c | 33 +-- kernel/cgroup/cgroup-internal.h | 3 +- kernel/cgroup/cgroup.c | 23 ++- kernel/irq/cpuhotplug.c | 27 ++- kernel/irq/manage.c | 12 +- mm/debug_vm_pgtable.c | 31 +-- mm/gup.c | 251 ++++++++++++----------- mm/huge_memory.c | 6 +- mm/hugetlb.c | 2 +- mm/internal.h | 4 +- mm/page_table_check.c | 30 +++ net/bluetooth/rfcomm/sock.c | 14 +- net/core/filter.c | 8 +- net/ipv4/fou_core.c | 2 +- net/ipv4/tcp_metrics.c | 7 +- net/mac80211/iface.c | 27 ++- net/nfc/llcp_sock.c | 12 +- net/rds/recv.c | 13 +- net/sched/sch_generic.c | 5 +- net/sctp/inqueue.c | 14 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 39 ++-- net/wireless/nl80211.c | 6 +- samples/bpf/map_perf_test_user.c | 2 +- samples/bpf/xdp_router_ipv4_user.c | 2 +- sound/soc/soc-topology.c | 32 +-- sound/usb/mixer.c | 7 + tools/include/uapi/linux/bpf.h | 19 +- tools/testing/selftests/bpf/progs/map_ptr_kern.c | 2 +- tools/testing/selftests/bpf/test_lpm_map.c | 18 +- tools/testing/selftests/net/tls.c | 14 ++ 87 files changed, 987 insertions(+), 696 deletions(-)

4 months, 3 weeks

10
78
0 0

[PATCH v2 09/13] csky, hexagon: fix broken sys_sync_file_range

by Arnd Bergmann

From: Arnd Bergmann <arnd(a)arndb.de> Both of these architectures require u64 function arguments to be passed in even/odd pairs of registers or stack slots, which in case of sync_file_range would result in a seven-argument system call that is not currently possible. The system call is therefore incompatible with all existing binaries. While it would be possible to implement support for seven arguments like on mips, it seems better to use a six-argument version, either with the normal argument order but misaligned as on most architectures or with the reordered sync_file_range2() calling conventions as on arm and powerpc. Cc: stable(a)vger.kernel.org Acked-by: Guo Ren <guoren(a)kernel.org> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/uapi/asm/unistd.h | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/csky/include/uapi/asm/unistd.h b/arch/csky/include/uapi/asm/unistd.h index 7ff6a2466af1..e0594b6370a6 100644 --- a/arch/csky/include/uapi/asm/unistd.h +++ b/arch/csky/include/uapi/asm/unistd.h @@ -6,6 +6,7 @@ #define __ARCH_WANT_SYS_CLONE3 #define __ARCH_WANT_SET_GET_RLIMIT #define __ARCH_WANT_TIME32_SYSCALLS +#define __ARCH_WANT_SYNC_FILE_RANGE2 #include <asm-generic/unistd.h> #define __NR_set_thread_area (__NR_arch_specific_syscall + 0) diff --git a/arch/hexagon/include/uapi/asm/unistd.h b/arch/hexagon/include/uapi/asm/unistd.h index 432c4db1b623..21ae22306b5d 100644 --- a/arch/hexagon/include/uapi/asm/unistd.h +++ b/arch/hexagon/include/uapi/asm/unistd.h @@ -36,5 +36,6 @@ #define __ARCH_WANT_SYS_VFORK #define __ARCH_WANT_SYS_FORK #define __ARCH_WANT_TIME32_SYSCALLS +#define __ARCH_WANT_SYNC_FILE_RANGE2 #include <asm-generic/unistd.h> -- 2.39.2

4 months, 3 weeks

2
1
0 0

[PATCH v5 5.10/5.15] ata: libata-scsi: check cdb length for VARIABLE_LENGTH_CMD commands

by Artem Sadovnikov

No upstream commit exists for this commit. Fuzzing of 5.10 stable branch reports a slab-out-of-bounds error in ata_scsi_pass_thru. The error is fixed in 5.18 by commit ce70fd9a551a ("scsi: core: Remove the cmd field from struct scsi_request") upstream. Backporting this commit would require significant changes to the code so it is better to use a simple fix for that particular error. The problem is that the length of the received SCSI command is not validated if scsi_op == VARIABLE_LENGTH_CMD. It can lead to out-of-bounds reading if the user sends a request with SCSI command of length less than 32. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Acked-by: Damien Le Moal <dlemoal(a)kernel.org> Co-developed-by: Mikhail Ivanov <iwanov-23(a)bk.ru> Signed-off-by: Mikhail Ivanov <iwanov-23(a)bk.ru> Co-developed-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru> Signed-off-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru> Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> --- Link: https://lore.kernel.org/lkml/20240711151546.341491-1-ancowi69@gmail.com/T/#u unfortunately, stable(a)vger.kernel.org wasn't initially mentioned. drivers/ata/libata-scsi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 36f32fa052df..4397986db053 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -3949,6 +3949,9 @@ static unsigned int ata_scsi_var_len_cdb_xlat(struct ata_queued_cmd *qc) const u8 *cdb = scmd->cmnd; const u16 sa = get_unaligned_be16(&cdb[8]); + if (scmd->cmd_len != 32) + return 1; + /* * if service action represents a ata pass-thru(32) command, * then pass it to ata_scsi_pass_thru handler. -- 2.34.1

4 months, 3 weeks

1
0
0 0

[PATCH] btrfs: only enable extent map shrinker for DEBUG builds

by Qu Wenruo

Although there are several patches improving the extent map shrinker, there are still reports of too frequent shrinker behavior, taking too much CPU for the kswapd process. So let's only enable extent shrinker for now, until we got more comprehensive understanding and a better solution. Link: https://lore.kernel.org/linux-btrfs/3df4acd616a07ef4d2dc6bad668701504b412ff… Link: https://lore.kernel.org/linux-btrfs/c30fd6b3-ca7a-4759-8a53-d42878bf84f7@gm… Fixes: 956a17d9d050 ("btrfs: add a shrinker for extent maps") CC: stable(a)vger.kernel.org # 6.10+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- I also checked how XFS (the only other fs implemented the free_cached_objects callback) implemented the callback. They did two things: - Make sure there is only one queued reclaim Currently we only do the reclaim for kswapd, but for multi-node systems, we can still have multiple kswapd processes. But I do not think that's the root cause. - With an extra delay of 60% of xfs_syncd_centiseccs The default value for xfs_syncd_centiseccs is 3000 centiseconds (30s), with a minimal 100 centiseconds (1s). This results the reclaim work only to be executed at most every 18 seconds by default (or 0.6s for the minimal interval). I believe this is the root cause, we have no extra delay and that makes btrfs to shrink extent maps too frequently. --- fs/btrfs/super.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 11044e9e2cb1..98fa0f382480 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2402,7 +2402,13 @@ static long btrfs_nr_cached_objects(struct super_block *sb, struct shrink_contro trace_btrfs_extent_map_shrinker_count(fs_info, nr); - return nr; + /* + * Only report the real number for DEBUG builds, as there are reports of + * serious performance degradation caused by too frequent shrinks. + */ + if (IS_ENABLED(CONFIG_BTRFS_DEBUG)) + return nr; + return 0; } static long btrfs_free_cached_objects(struct super_block *sb, struct shrink_control *sc) -- 2.46.0

4 months, 3 weeks

2
1
0 0

[PATCH v3 1/2] dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA

by Mrinmay Sarkar

The current logic is enabling both STOP_INT_MASK and ABORT_INT_MASK bit. This is apparently masking those particular interrupts rather than unmasking the same. If the interrupts are masked, they would never get triggered. So fix the issue by unmasking the STOP and ABORT interrupts properly. Fixes: e74c39573d35 ("dmaengine: dw-edma: Add support for native HDMA") cc: stable(a)vger.kernel.org Signed-off-by: Mrinmay Sarkar <quic_msarkar(a)quicinc.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/dma/dw-edma/dw-hdma-v0-core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/dma/dw-edma/dw-hdma-v0-core.c b/drivers/dma/dw-edma/dw-hdma-v0-core.c index 10e8f07..a0aabdd 100644 --- a/drivers/dma/dw-edma/dw-hdma-v0-core.c +++ b/drivers/dma/dw-edma/dw-hdma-v0-core.c @@ -247,10 +247,11 @@ static void dw_hdma_v0_core_start(struct dw_edma_chunk *chunk, bool first) if (first) { /* Enable engine */ SET_CH_32(dw, chan->dir, chan->id, ch_en, BIT(0)); - /* Interrupt enable&unmask - done, abort */ - tmp = GET_CH_32(dw, chan->dir, chan->id, int_setup) | - HDMA_V0_STOP_INT_MASK | HDMA_V0_ABORT_INT_MASK | - HDMA_V0_LOCAL_STOP_INT_EN | HDMA_V0_LOCAL_ABORT_INT_EN; + /* Interrupt unmask - stop, abort */ + tmp = GET_CH_32(dw, chan->dir, chan->id, int_setup) & + ~HDMA_V0_STOP_INT_MASK & ~HDMA_V0_ABORT_INT_MASK; + /* Interrupt enable - stop, abort */ + tmp |= HDMA_V0_LOCAL_STOP_INT_EN | HDMA_V0_LOCAL_ABORT_INT_EN; if (!(dw->chip->flags & DW_EDMA_CHIP_LOCAL)) tmp |= HDMA_V0_REMOTE_STOP_INT_EN | HDMA_V0_REMOTE_ABORT_INT_EN; SET_CH_32(dw, chan->dir, chan->id, int_setup, tmp); -- 2.7.4

4 months, 3 weeks

2
1
0 0

[PATCH 2/3] drm/vmwgfx: Fix prime with external buffers

by Zack Rusin

Make sure that for external buffers mapping goes through the dma_buf interface instead of trying to access pages directly. External buffers might not provide direct access to readable/writable pages so to make sure the bo's created from external dma_bufs can be read dma_buf interface has to be used. Fixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't trigger this due to the fact that virtual machines will not have multiple GPUs but it enables better test coverage in IGT. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: b32233acceff ("drm/vmwgfx: Fix prime import/export") Cc: <stable(a)vger.kernel.org> # v6.6+ Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ --- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 114 ++++++++++++++++++++++++++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 12 +-- 3 files changed, 118 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c index 717d624e9a05..890a66a2361f 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c @@ -27,6 +27,8 @@ **************************************************************************/ #include "vmwgfx_drv.h" + +#include "vmwgfx_bo.h" #include <linux/highmem.h> /* @@ -420,13 +422,105 @@ static int vmw_bo_cpu_blit_line(struct vmw_bo_blit_line_data *d, return 0; } +static void *map_external(struct vmw_bo *bo, struct iosys_map *map) +{ + struct vmw_private *vmw = + container_of(bo->tbo.bdev, struct vmw_private, bdev); + void *ptr = NULL; + int ret; + + if (bo->tbo.base.import_attach) { + ret = dma_buf_vmap(bo->tbo.base.dma_buf, map); + if (ret) { + drm_dbg_driver(&vmw->drm, + "Wasn't able to map external bo!\n"); + goto out; + } + ptr = map->vaddr; + } else { + ptr = vmw_bo_map_and_cache(bo); + } + +out: + return ptr; +} + +static void unmap_external(struct vmw_bo *bo, struct iosys_map *map) +{ + if (bo->tbo.base.import_attach) + dma_buf_vunmap(bo->tbo.base.dma_buf, map); + else + vmw_bo_unmap(bo); +} + +static int vmw_external_bo_copy(struct vmw_bo *dst, u32 dst_offset, + u32 dst_stride, struct vmw_bo *src, + u32 src_offset, u32 src_stride, + u32 width_in_bytes, u32 height, + struct vmw_diff_cpy *diff) +{ + struct vmw_private *vmw = + container_of(dst->tbo.bdev, struct vmw_private, bdev); + size_t dst_size = dst->tbo.resource->size; + size_t src_size = src->tbo.resource->size; + struct iosys_map dst_map = {0}; + struct iosys_map src_map = {0}; + int ret, i; + int x_in_bytes; + u8 *vsrc; + u8 *vdst; + + vsrc = map_external(src, &src_map); + if (!vsrc) { + drm_dbg_driver(&vmw->drm, "Wasn't able to map src\n"); + ret = -ENOMEM; + goto out; + } + + vdst = map_external(dst, &dst_map); + if (!vdst) { + drm_dbg_driver(&vmw->drm, "Wasn't able to map dst\n"); + ret = -ENOMEM; + goto out; + } + + vsrc += src_offset; + vdst += dst_offset; + if (src_stride == dst_stride) { + dst_size -= dst_offset; + src_size -= src_offset; + memcpy(vdst, vsrc, + min(dst_stride * height, min(dst_size, src_size))); + } else { + WARN_ON(dst_stride < width_in_bytes); + for (i = 0; i < height; ++i) { + memcpy(vdst, vsrc, width_in_bytes); + vsrc += src_stride; + vdst += dst_stride; + } + } + + x_in_bytes = (dst_offset % dst_stride); + diff->rect.x1 = x_in_bytes / diff->cpp; + diff->rect.y1 = ((dst_offset - x_in_bytes) / dst_stride); + diff->rect.x2 = diff->rect.x1 + width_in_bytes / diff->cpp; + diff->rect.y2 = diff->rect.y1 + height; + + ret = 0; +out: + unmap_external(src, &src_map); + unmap_external(dst, &dst_map); + + return ret; +} + /** * vmw_bo_cpu_blit - in-kernel cpu blit. * - * @dst: Destination buffer object. + * @vmw_dst: Destination buffer object. * @dst_offset: Destination offset of blit start in bytes. * @dst_stride: Destination stride in bytes. - * @src: Source buffer object. + * @vmw_src: Source buffer object. * @src_offset: Source offset of blit start in bytes. * @src_stride: Source stride in bytes. * @w: Width of blit. @@ -444,13 +538,15 @@ static int vmw_bo_cpu_blit_line(struct vmw_bo_blit_line_data *d, * Neither of the buffer objects may be placed in PCI memory * (Fixed memory in TTM terminology) when using this function. */ -int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, +int vmw_bo_cpu_blit(struct vmw_bo *vmw_dst, u32 dst_offset, u32 dst_stride, - struct ttm_buffer_object *src, + struct vmw_bo *vmw_src, u32 src_offset, u32 src_stride, u32 w, u32 h, struct vmw_diff_cpy *diff) { + struct ttm_buffer_object *src = &vmw_src->tbo; + struct ttm_buffer_object *dst = &vmw_dst->tbo; struct ttm_operation_ctx ctx = { .interruptible = false, .no_wait_gpu = false @@ -460,6 +556,11 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, int ret = 0; struct page **dst_pages = NULL; struct page **src_pages = NULL; + bool src_external = (src->ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; + bool dst_external = (dst->ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; + + if (WARN_ON(dst == src)) + return -EINVAL; /* Buffer objects need to be either pinned or reserved: */ if (!(dst->pin_count)) @@ -479,6 +580,11 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, return ret; } + if (src_external || dst_external) + return vmw_external_bo_copy(vmw_dst, dst_offset, dst_stride, + vmw_src, src_offset, src_stride, + w, h, diff); + if (!src->ttm->pages && src->ttm->sg) { src_pages = kvmalloc_array(src->ttm->num_pages, sizeof(struct page *), GFP_KERNEL); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index 32f50e595809..3f4719b3c268 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1353,9 +1353,9 @@ void vmw_diff_memcpy(struct vmw_diff_cpy *diff, u8 *dest, const u8 *src, void vmw_memcpy(struct vmw_diff_cpy *diff, u8 *dest, const u8 *src, size_t n); -int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, +int vmw_bo_cpu_blit(struct vmw_bo *dst, u32 dst_offset, u32 dst_stride, - struct ttm_buffer_object *src, + struct vmw_bo *src, u32 src_offset, u32 src_stride, u32 w, u32 h, struct vmw_diff_cpy *diff); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c index 5106413c14b7..3cc664384b66 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c @@ -502,7 +502,7 @@ static void vmw_stdu_bo_cpu_commit(struct vmw_kms_dirty *dirty) container_of(dirty->unit, typeof(*stdu), base); s32 width, height; s32 src_pitch, dst_pitch; - struct ttm_buffer_object *src_bo, *dst_bo; + struct vmw_bo *src_bo, *dst_bo; u32 src_offset, dst_offset; struct vmw_diff_cpy diff = VMW_CPU_BLIT_DIFF_INITIALIZER(stdu->cpp); @@ -517,11 +517,11 @@ static void vmw_stdu_bo_cpu_commit(struct vmw_kms_dirty *dirty) /* Assume we are blitting from Guest (bo) to Host (display_srf) */ src_pitch = stdu->display_srf->metadata.base_size.width * stdu->cpp; - src_bo = &stdu->display_srf->res.guest_memory_bo->tbo; + src_bo = stdu->display_srf->res.guest_memory_bo; src_offset = ddirty->top * src_pitch + ddirty->left * stdu->cpp; dst_pitch = ddirty->pitch; - dst_bo = &ddirty->buf->tbo; + dst_bo = ddirty->buf; dst_offset = ddirty->fb_top * dst_pitch + ddirty->fb_left * stdu->cpp; (void) vmw_bo_cpu_blit(dst_bo, dst_offset, dst_pitch, @@ -1143,7 +1143,7 @@ vmw_stdu_bo_populate_update_cpu(struct vmw_du_update_plane *update, void *cmd, struct vmw_diff_cpy diff = VMW_CPU_BLIT_DIFF_INITIALIZER(0); struct vmw_stdu_update_gb_image *cmd_img = cmd; struct vmw_stdu_update *cmd_update; - struct ttm_buffer_object *src_bo, *dst_bo; + struct vmw_bo *src_bo, *dst_bo; u32 src_offset, dst_offset; s32 src_pitch, dst_pitch; s32 width, height; @@ -1157,11 +1157,11 @@ vmw_stdu_bo_populate_update_cpu(struct vmw_du_update_plane *update, void *cmd, diff.cpp = stdu->cpp; - dst_bo = &stdu->display_srf->res.guest_memory_bo->tbo; + dst_bo = stdu->display_srf->res.guest_memory_bo; dst_pitch = stdu->display_srf->metadata.base_size.width * stdu->cpp; dst_offset = bb->y1 * dst_pitch + bb->x1 * stdu->cpp; - src_bo = &vfbbo->buffer->tbo; + src_bo = vfbbo->buffer; src_pitch = update->vfb->base.pitches[0]; src_offset = bo_update->fb_top * src_pitch + bo_update->fb_left * stdu->cpp; -- 2.43.0

4 months, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2024